Duk masu amfani waɗanda suka zazzage fayil ɗin "Python-3.5.8.tar.xz" a cikin sa'o'i 12 na farko bayan fitowar ana shawartar su duba daidaitattun bayanan da aka sauke ta amfani da checksum (MD5 4464517ed6044bca4fc78ea9ed086c36). Ba kamar sakin ƙarshe ba, sigar samfoti ba ta haɗa ba gyara rauni CVE-2019-16935 a cikin lambar uwar garken XML-RPC. Rashin lahani ya ba da izinin allurar JavaScript (XSS) ta hanyar filin uwar garken_title saboda rashin tserewa madaidaicin kusurwa. Mai hari zai iya cimma canjin JavaScript idan aikace-aikacen ya saita sunan uwar garke bisa shigar da mai amfani (misali, "server.set_server_name('test) ’)»).