Released on 2026-03-24.
- Add missing hash verification for
riscv64gc-unknown-linux-musl(#18686) - Fallback to direct download when direct URL streaming is unsupported (#18688)
- Revert treating 'Dynamic' values as case-insensitive (#18692)
- Remove torchdata from list of packages to source from the PyTorch index (#18703)
- Special-case
==Python version request ranges (#9697)
- Cover
--python <dir>in "Using arbitrary Python environments" (#6457) - Fix version annotations for
PS_MODULE_PATHandUV_WORKING_DIR(#18691)
Released on 2026-03-23.
This release includes changes to the networking stack used by uv. While we think that breakage will be rare, it is possible that these changes will result in the rejection of certificates previously trusted by uv so we have marked the change as breaking out of an abundance of caution.
The changes are largely driven by the upgrade of reqwest, which powers uv's HTTP clients, to v0.13 which included some breaking changes to TLS certificate verification.
The following changes are included:
-
rustls-platform-verifieris used instead ofrustls-native-certsandwebpkifor certificate verificationThis change should have no effect unless you are using the
native-tlsoption to enable reading system certificates.rustls-platform-verifierdelegates to the system for certificate validation (e.g.,Security.frameworkon macOS) instead of eagerly loading certificates from the system and verifying them viawebpki. The effects of this change will vary based on the operating system. In general, uv's certificate validation should now be more consistent with browsers and other native applications. However, this is the most likely cause of breaking changes in this release. Some previously failing certificate chains may succeed, and some previously accepted certificate chains may fail. In either case, we expect the validation to be more correct and welcome reports of regressions.In particular, because more responsibility for validating the certificate is transferred to your system's security library, some features like CA constraints or revocation of certificates via OCSP and CRLs may now be used.
This change should improve performance when using system certificate on macOS, as uv no longer needs to load all certificates from the keychain at startup.
-
aws-lcis used instead ofringfor a cryptography backendThere should not be breaking changes from this change. We expect this to expand support for certificate signature algorithms.
-
--native-tlsis deprecated in favor of a new--system-certsflagThe
--native-tlsflag is still usable and has identical behavior to--system-certs.This change was made to reduce confusion about the TLS implementation uv uses. uv always uses
rustlsnotnative-tls. -
Building uv on x86-64 and i686 Windows requires NASM
NASM is required by
aws-lc. If not found on the system, a prebuilt blob provided byaws-lc-syswill be used.If you are not building uv from source, this change has no effect.
See the CONTRIBUTING guide for details.
-
Empty
SSL_CERT_FILEvalues are ignored (for consistency withSSL_CERT_DIR)
See #18550 for details.
- Enable frame pointers for improved profiling on Linux x86-64 and aarch64
See the python-build-standalone release notes for details.
- Treat 'Dynamic' values as case-insensitive (#18669)
- Use a dedicated error for invalid cache control headers (#18657)
- Enable checksum verification in the generated installer script (#18625)
- Add
--service-formatand--service-urltouv audit(#18571)
- Avoid holding flat index lock across indexes (#18659)
- Find the dynamic linker on the file system when sniffing binaries fails (#18457)
- Fix export of conflicting workspace members with dependencies (#18666)
- Respect installed settings in
uv tool list --outdated(#18586) - Treat paths originating as PEP 508 URLs which contain expanded variables as relative (#18680)
- Fix
uv exportfor workspace member packages with conflicts (#18635) - Continue to alternative authentication providers when the pyx store has no token (#18425)
- Use redacted URLs for log messages in cached client (#18599)
- Add details on Linux versions to the platform policy (#18574)
- Clarify
FLASH_ATTENTION_SKIP_CUDA_BUILDguidance forflash-attninstalls (#18473) - Split the dependency bots page into two separate pages (#18597)
- Split the alternative indexes page into separate pages (#18607)
Released on 2026-03-19.
- Include uv's target triple in version report (#18520)
- Allow comma separated values in
--no-emit-package(#18565)
- Show
uv auditin the CLI help (#18540)
- Improve reporting of managed interpreter symlinks in
uv python list(#18459) - Preserve end-of-line comments on previous entries when removing dependencies (#18557)
- Treat abi3 wheel Python version as a lower bound (#18536)
- Detect hard-float support on aarch64 kernels running armv7 userspace (#18530)
- Add Python 3.15 to supported versions (#18552)
- Adjust the PyPy note (#18548)
- Move Pyodide to Tier 2 in the Python support policy (#18561)
- Move Rust and Python version support out of the Platform support policy (#18535)
- Update Docker guide with changes from
uv-docker-example(#18558) - Update the Python version policy (#18559)
Released on 2026-03-16.
- Fetch Ruff release metadata from an Astral mirror (#18358)
- Use PEP 639 license metadata for uv itself (#16477)
- Improve distribution id performance (#18486)
- Allow
--projectto refer to apyproject.tomldirectly and reduce to a warning on other files (#18513) - Disable
SYSTEM_VERSION_COMPATwhen querying interpreters on macOS (#18452) - Enforce available distributions for supported environments (#18451)
- Fix
uv sync --activerecreating active environments whenUV_PYTHON_INSTALL_DIRis relative (#18398)
- Add missing
-o requirements.txtinuv pip compileexample (#12308) - Link to organization security policy (#18449)
- Link to the AI policy in the contributing guide (#18448)
Released on 2026-03-13.
- Add CPython 3.15.0a7 (#18403)
- Add
--outdatedflag touv tool list(#18318) - Add riscv64 musl target to build-release-binaries workflow (#18228)
- Fetch Ruff from an Astral mirror (#18286)
- Improve error handling for platform detection in Python downloads (#18453)
- Warn if
--projectdirectory does not exist (#17714) - Warn when workspace member scripts are skipped due to missing build system (#18389)
- Update build backend versions used in
uv init(#18417) - Log explicit config file path in verbose output (#18353)
- Make
uv cache clearan alias ofuv cache clean(#18420) - Reject invalid classifiers, warn on license classifiers in
uv_build(#18419)
- Add links to
uv auditoutput (#18392) - Output/report formatting for
uv audit(#18193) - Switch to batched OSV queries for
uv audit(#18394)
- Avoid sharing version metadata across indexes (#18373)
- Bump zlib-rs to 0.6.2 to fix panic on decompression of large wheels on Windows (#18362)
- Filter out unsupported environment wheels (#18445)
- Preserve absolute/relative paths in lockfiles (#18176)
- Recreate Python environments under
uv tool install --force(#18399) - Respect timestamp and other cache keys in cached environments (#18396)
- Simplify selected extra markers in
uv export(#18433) - Send pyx mint-token requests with a proper
Content-Type(#18334) - Fix Windows operating system and version reporting (#18383)
- Update the platform support policy with a tier 3 section including freebsd and 32-bit windows (#18345)
Released on 2026-03-06.
- Add
fbgemm-gpu,fbgemm-gpu-genai,torchrec, andtorchtuneto the PyTorch list (#18338) - Add torchcodec to PyTorch List (#18336)
- Log the duration we took before erroring (#18231)
- Warn when using
uv_buildsettings withoutuv_build(#15750) - Add fallback to
/usr/lib/os-releaseon Linux system lookup failure (#18349) - Use
cargo auditableto include SBOM in uv builds (#18276)
- Add an environment variable for
UV_VENV_RELOCATABLE(#18331)
- Continue on trampoline job assignment failures (#18291)
- Handle the hard link limit gracefully instead of failing (#17699)
- Respect build constraints for workspace members (#18350)
- Revalidate editables and other dependencies in scripts (#18328)
- Support Python 3.13+ on Android (#18301)
- Support
cp3-none-any(#17064) - Skip tool environments with broken links to Python on Windows (#17176)
- Add documentation for common marker values (#18327)
- Improve documentation on virtual dependencies (#18346)
Released on 2026-03-03.
- Add CPython 3.10.20
- Add CPython 3.11.15
- Add CPython 3.12.13
- Add Docker images based on Docker Hardened Images (#18247)
- Add resolver hint when
--exclude-newerfilters out all versions of a package (#18217) - Configure a real retry minimum delay of 1s (#18201)
- Expand
uv_builddirect build compatibility (#17902) - Fetch CPython from an Astral mirror by default (#18207)
- Download uv releases from an Astral mirror in installers by default (#18191)
- Add SBOM attestations to Docker images (#18252)
- Improve hint for installing meson-python when missing as build backend (#15826)
- Add
UV_INIT_BAREenvironment variable foruv init(#18210)
- Prevent
uv tool upgradefrom installing excluded dependencies (#18022) - Promote authentication policy when saving tool receipts (#18246)
- Respect exclusions in scripts (#18269)
- Retain default-branch Git SHAs in
pylock.tomlfiles (#18227) - Skip installed Python check for URL dependencies (#18211)
- Respect constraints during
--upgrade(#18226) - Fix
uv treeorphaned roots and premature deduplication (#17212)
- Mention cooldown and tweak inline script metadata in dependency bots documentation (#18230)
- Move cache prune in GitLab to
after_script(#18206)
Released on 2026-02-27.
- Fix handling of junctions in Windows Containers on Windows (#18192)
Released on 2026-02-24.
- Apply lockfile marker normalization for fork markers (#18116)
- Fix Python version selection for scripts with a
requires-pythonconflicting with.python-version(#18097) - Preserve file permissions when using reflinks on Linux (#18187)
- Remove verbose documentation from optional dependencies help text (#18180)
Released on 2026-02-23.
- Add hint when named index is found in a parent config file (#18087)
- Add warning for
uv lock --frozen(#17859) - Attempt to use reflinks by default on Linux (#18117)
- Fallback to hardlinks after reflink failure before copying (#18104)
- Filter
pylock.tomlwheels by tags andrequires-python(#18081) - Validate wheel filenames are normalized during
uv publish(#17783) - Fix message when
exclude-newerinvalidates the lock file (#18100) - Change the missing files log level to debug (#18075)
- Improve performance of repeated conflicts with an extra (#18094)
- Fix
--no-emit-workspacewith--all-packageson single-member workspaces (#18098) - Fix
UV_NO_DEFAULT_GROUPSrejecting truthy values like1(#18057) - Fix iOS detection (#17973)
- Propagate project-level conflicts to package extras (#18096)
- Use a global build concurrency semaphore (#18054)
- Update documentation heading for environment variable files (#18122)
- Fix comment about
uv exportformats (#17900) - Make it clear that Windows is supported in user- and system- level configuration docs (#18106)
Released on 2026-02-17.
- Remove duplicate references to the affected paths when showing
uv pythonerrors (#18008) - Skip discovery of workspace members that contain only git-ignored files, including in sub-directories (#18051)
- Don't panic when initialising a package at the filesystem root (e.g.
uv init / --name foo) (#17983) - Fix permissions on
wheelandsdistfiles produced by theuv_buildbuild backend (#18020) - Revert locked file change to fix locked files on NFS mounts (#18071)
Released on 2026-02-16.
- Add CPython 3.15.0a6
- Don't open file locks for writing (#17956)
- Make Windows trampoline error messages consistent with uv proper (#17969)
- Log which preview features are enabled (#17968)
- Add support for ruff version constraints and
exclude-newerinuv format(#17651) - Fix script path handling when
target-workspace-discoveryis enabled (#17965) - Use version constraints to select the default ruff version used by
uv format(#17977)
- Avoid matching managed Python versions by prefixes, e.g. don't match CPython 3.10 when
cpython-3.1is specified (#17972) - Fix handling of
--allow-existingwith minor version links on Windows (#17978) - Fix panic when encountering unmanaged workspace members (#17974)
- Improve accuracy of request timing (#18007)
- Reject
u64::MAXin version segments to prevent overflow (#17985)
- Reference Debian Trixie instead of Bookworm (#17991)
Released on 2026-02-10.
- Deprecate unexpected ZIP compression methods (#17946)
- Fix
cargo-installfailing due to missinguv-testdependency (#17954)
Released on 2026-02-10.
- Don't panic on metadata read errors (#17904)
- Skip empty workspace members instead of failing (#17901)
- Don't fail creating a read-only
sdist-vX/.gitif it already exists (#17825)
- Suggest
uv python update-shelloveruv tool update-shellin Python docs (#17941)
Since we released uv 0.9.0 in October of 2025, we've accumulated various changes that improve correctness and user experience, but could break some workflows. This release contains those changes; many have been marked as breaking out of an abundance of caution. We expect most users to be able to upgrade without making changes.
This release also includes the stabilization of preview features. Python upgrades are now stable, including the uv python upgrade command, uv python install --upgrade, and automatically upgrading Python patch versions in virtual environments when a new version is installed. The add-bounds and extra-build-dependencies settings are now stable. Finally, the uv workspace dir and uv workspace list utilities for writing scripts against workspace members are now stable.
There are no breaking changes to uv_build. If you have an upper bound in your [build-system] table, you should update it, e.g., from <0.10.0 to <0.11.0.
-
Require
--clearto remove existing virtual environments inuv venv(#17757)Previously,
uv venvwould prompt for confirmation before removing an existing virtual environment in interactive contexts, and remove it without confirmation in non-interactive contexts. Now,uv venvrequires the--clearflag to remove an existing virtual environment. A warning for this change was added in uv 0.8.You can opt out of this behavior by passing the
--clearflag or settingUV_VENV_CLEAR=1. -
Error if multiple indexes include
default = true(#17011)Previously, uv would silently accept multiple indexes with
default = trueand use the first one. Now, uv will error if multiple indexes are marked as the default.You cannot opt out of this behavior. Remove
default = truefrom all but one index. -
Error when an
explicitindex is unnamed (#17777)Explicit indexes can only be used via the
[tool.uv.sources]table, which requires referencing the index by name. Previously, uv would silently accept unnamed explicit indexes, which could never be referenced. Now, uv will error if an explicit index does not have a name.You cannot opt out of this behavior. Add a
nameto the explicit index or remove the entry. -
Install alternative Python executables using their implementation name (#17756, #17760)
Previously,
uv python installwould install PyPy, GraalPy, and Pyodide executables with names likepython3.10into the bin directory. Now, these executables will be named using their implementation name, e.g.,pypy3.10,graalpy3.10, andpyodide3.12, to avoid conflicting with CPython installations.You cannot opt out of this behavior.
-
Respect global Python version pins in
uv tool runanduv tool install(#14112)Previously,
uv tool runanduv tool installdid not respect the global Python version pin (set viauv python pin --global). Now, these commands will use the global Python version when no explicit version is requested.For
uv tool install, if the tool is already installed, the Python version will not change unless--reinstallor--pythonis provided. If the tool was previously installed with an explicit--pythonflag, the global pin will not override it.You can opt out of this behavior by providing an explicit
--pythonflag. -
Remove Debian Bookworm, Alpine 3.21, and Python 3.8 Docker images (#17755)
The Debian Bookworm and Alpine 3.21 images were replaced by Debian Trixie and Alpine 3.22 as defaults in uv 0.9. These older images are now removed. Python 3.8 images are also removed, as Python 3.8 is no longer supported in the Trixie or Alpine base images.
The following image tags are no longer published:
uv:bookworm,uv:bookworm-slimuv:alpine3.21uv:python3.8-*
Use
uv:debianoruv:trixieinstead ofuv:bookworm,uv:alpineoruv:alpine3.22instead ofuv:alpine3.21, and a newer Python version instead ofuv:python3.8-*. -
Drop PPC64 (big endian) builds (#17626)
uv no longer provides pre-built binaries for PPC64 (big endian). This platform appears to be largely unused and is only supported on a single manylinux version. PPC64LE (little endian) builds are unaffected.
Building uv from source is still supported for this platform.
-
Skip generating
activate.cshfor relocatable virtual environments (#17759)Previously,
uv venv --relocatablewould generate anactivate.cshscript that contained hardcoded paths, making it incompatible with relocation. Now, theactivate.cshscript is not generated for relocatable virtual environments.You cannot opt out of this behavior.
-
Require username when multiple credentials match a URL (#16983)
When using
uv auth loginto store credentials, you can register multiple username and password combinations for the same host. Previously, when uv needed to authenticate and multiple credentials matched the URL (e.g., when retrieving a token withuv auth token), uv would pick the first match. Now, uv will error instead.You cannot opt out of this behavior. Include the username in the request, e.g.,
uv auth token --username foo example.com. -
Avoid invalidating the lockfile versions after an
exclude-newerchange (#17721)Previously, changing the
exclude-newersetting would cause package versions to be upgraded, ignoring the lockfile entirely. Now, uv will only change package versions if they are no longer within theexclude-newerrange.You can restore the previous behavior by using
--upgradeor--upgrade-packageto opt-in to package version changes. -
Upgrade
uv formatto Ruff 0.15.0 (#17838)uv formatnow uses Ruff 0.15.0, which uses the 2026 style guide. See the blog post for details.The formatting of code is likely to change. You can opt out of this behavior by requesting an older Ruff version, e.g.,
uv format --version 0.14.14. -
Update uv crate test features to use
test-as a prefix (#17860)This change only affects redistributors of uv. The Cargo features used to gate test dependencies, e.g.,
pypi, have been renamed with atest-prefix for clarity, e.g.,test-pypi.
-
uv python upgradeanduv python install --upgrade(#17766)When installing Python versions, an intermediary directory without the patch version attached will be created, and virtual environments will be transparently upgraded to new patch versions.
See the Python version documentation for more details.
-
uv add --boundsand theadd-boundsconfiguration option (#17660)This does not come with any behavior changes. You will no longer see an experimental warning when using
uv add --boundsoradd-boundsin configuration. -
uv workspace listanduv workspace dir(#17768)This does not come with any behavior changes. You will no longer see an experimental warning when using these commands.
-
extra-build-dependencies(#17767)This does not come with any behavior changes. You will no longer see an experimental warning when using
extra-build-dependenciesin configuration.
- Improve ABI tag error message phrasing (#17878)
- Introduce a 10s connect timeout (#17733)
- Allow using
pyx.devas a target inuv authcommands despitePYX_API_URLdiffering (#17856)
- Support all CPython ABI tag suffixes properly (#17817)
- Add support for detecting PowerShell on Linux and macOS (#17870)
- Retry timeout errors for streams (#17875)
See changelogs/0.9.x
See changelogs/0.8.x
See changelogs/0.7.x
See changelogs/0.6.x
See changelogs/0.5.x
See changelogs/0.4.x
See changelogs/0.3.x
See changelogs/0.2.x
See changelogs/0.1.x