release: bump version to 2.3.4 by radoering · Pull Request #10838 · python-poetry/poetry

radoering · 2026-04-12T15:02:57Z

Fix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 (#10821).
Fix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory (#10837).

sourcery-ai

Hey - I've reviewed your changes and they look great!

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

release: bump version to 2.3.4

9c11e17

sourcery-ai bot reviewed Apr 12, 2026

View reviewed changes

radoering merged commit 7c7af71 into python-poetry:2.3 Apr 12, 2026
54 checks passed

Provide feedback