Release Notes

Released on 2026-06-23.

Python

• Add CPython 3.15.0b3 (#19964)

Preview features

• Make project environments relocatable under preview (#19965)

Performance

• Use a compact index for lazy version maps (#19959)

Bug fixes

• Allow disabling exclude-newer (#19934)
• Avoid archive id collisions (#19949)
• Reapply "Fix transparent Python upgrades in project environments" (#19928)
• Clean up partial tool entrypoint installs (#19966)
• Fix relocatable activate.fish and broaden Fish version support (#19856)

Install uv 0.11.24

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-installer.ps1 | iex"

Download uv 0.11.24

Verifying GitHub Artifact Attestations

The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:

gh attestation verify <file-path of downloaded artifact> --repo astral-sh/uv

You can also download the attestation from GitHub and verify against that directly:

gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>

Release Notes

Released on 2026-06-19.

Bug fixes

• Revert "Fix transparent Python upgrades in project environments" to mitigate unintended breakage in pre-commit-uv (#19925)
• Restore old behavior where workspace members "hidden" by an intermediate pyproject.toml would be treated as standalone projects (#19926)

Install uv 0.11.23

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-installer.ps1 | iex"

Download uv 0.11.23

Verifying GitHub Artifact Attestations

The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:

gh attestation verify <file-path of downloaded artifact> --repo astral-sh/uv

You can also download the attestation from GitHub and verify against that directly:

gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>

Release Notes

Released on 2026-06-18.

Enhancements

• Publish wheels before sdists in uv publish (#19831)
• Add TY and RUFF env vars for providing paths for binaries used by uv format and uv check (#19821)

Preview features

• Allow configuring preview features in uv.toml and pyproject.toml (#18437)
• Update the lockfile during uv check --no-sync (#19909)
• Add --script to uv check and uv metadata (#19860)
• Report workspace-exclusive dependency groups in workspace metadata (#19862)
• Support SARIF as a uv audit output (#19872)

Performance

• Use a more deadlock-resistant concurrent hashmap in the resolver (#19532)

Bug fixes

• Update string marker ordering semantics to match upstream clarified rules (#19808)
• Reject extras that have the same normalized name (#19871)
• Reject dependency group include-group entries that have additional fields (#19866)
• Reject invalid UTF-8 URL credentials (#19814)
• Validate that PEP 517 backend-paths exist when building sdists (#19834)
• Validate that pylock.toml files do not have an unsupported a lock-version (#19869)
• Validate that the environment satisfies the packages.requires-python of a pylock.toml (#19868)
• Allow uv to be recursively invoked by PEP 517 build hooks (#19879)
• Allow empty credentials.toml files (#19815)
• Fix transparent Python upgrades in project environments (#19890)
• Handle non-file editable URLs in uv pip list (#19867)
• Fix incorrect output from uv tree --invert (#19910)
• Fix environment locking of uv venv in a project (#19837)
• Fix handling of workspace-exclusive dependency groups in uv tree (#19905)

Documentation

• Archive the 0.10.x changelog (#19813)

Other changes

• Mark more tests as requiring network for vendors that need to run tests offline (#19819)

Install uv 0.11.22

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.22/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.22/uv-installer.ps1 | iex"

Download uv 0.11.22

Verifying GitHub Artifact Attestations

The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:

gh attestation verify <file-path of downloaded artifact> --repo astral-sh/uv

You can also download the attestation from GitHub and verify against that directly:

gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>

Release Notes

Released on 2026-06-11.

Python

• Add CPython 3.13.14 and 3.14.6 (#19787)

Preview features

• Add environment.root to uv workspace metadata --sync (#19760)
• Allow uv upgrade to update a single dependency constraint (#19738)
• Compute and pass uv workspace metadata payload in ty check (#19763)
• Make packaged applications the default for uv init (#17841)

Performance

• Add parallel discovery of Python versions for uv python list (#18684)
• Avoid normalizing source distribution names twice (#19784)

Bug fixes

• Improve cache robustness and pruning behavior
  • Allow CI cache pruning without an sdist bucket (#19802)
  • Avoid overflow when reading malformed cache entries (#19799)
  • Preserve cached Python downloads during cache pruning (#19795)
  • Reject running inside the cache (#19659)
• Fix Python discovery and version request edge cases
  • Avoid panics for Unicode Python version requests (#19797)
  • Fix handling of non-critical errors in uv python list with path requests (#19774)
  • Fix stop-discovery-at regression (#19769)
• Harden parsing and validation for package metadata, requirements, markers, URLs, and conflict sets
  • Allow trailing commas in version specifiers (#19806)
  • Avoid panics for invalid UTF-8 URL credentials (#19800)
  • Avoid panics for malformed source distribution filenames (#19776)
  • Avoid panics for trailing extra separators (#19779)
  • Avoid stack overflow for recursive requirements path aliases (#19777)
  • Ignore reversed string compatible-release markers (#19782)
  • Reject duplicate entries in conflict sets (#19801)
  • Reject malformed hash options in requirements files (#19783)
  • Reject source distribution filenames without a separator (#19803)
  • Use UTF-8 lengths for requirement errors (#19781)
  • Use UTF-8 lengths for trailing marker errors (#19796)
  • Use byte offsets when peeking over requirements (#19780)
  • Validate GraalPy ABI suffixes (#19805)
• Improve wheel entry-point error handling and virtual environment activation quoting
  • Propagate errors when reading wheel entry points (#19794)
  • Quote virtual environment activation paths with shell metacharacters (#19798)

Install uv 0.11.21

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.21/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.21/uv-installer.ps1 | iex"

Download uv 0.11.21

Verifying GitHub Artifact Attestations

The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:

gh attestation verify <file-path of downloaded artifact> --repo astral-sh/uv

You can also download the attestation from GitHub and verify against that directly:

gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>

Release Notes

Released on 2026-06-10.

Enhancements

• Add --emit-index-url and --emit-find-links to uv export (#18370)
• Add --find-links support for uv pip list (#16103)
• Group executable install errors during uv python install (#19691)
• Use ICF in macOS release builds to reduce binary sizes (#19615)

Preview features

• Add initial hidden uv upgrade command (#19678)
• Reject Git revisions in uv upgrade (#19742)

Configuration

• Recognize UV_NO_INSTALL_PROJECT, UV_NO_INSTALL_WORKSPACE, UV_NO_INSTALL_LOCAL (#19323)

Performance

• Speed up discovery of large workspaces (#18311)

Bug fixes

• Allow unknown preview flags with a warning again (#19669)
• Apply dependency exclusions to direct requirements (#19699)
• Avoid following external symlinks during cache clean (#19682)
• Avoid following symlinks during cache prune (#19543)
• Fix Git cache keys for worktrees and packed refs (#19706)
• Make resolver error handling iterative to avoid stack overflows (#19695)
• Pass VIRTUAL_ENV through cygpath inside fish on Windows (#19703)
• Rebuild explicit local directory tool installs (#19591)
• Validate egg top-level entries as identifiers (#19679)

Documentation

• Document --find-links caching behavior (#19585)
• Add a small section for malware checks (#19680)

Install uv 0.11.20

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.20/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.20/uv-installer.ps1 | iex"

Download uv 0.11.20

Verifying GitHub Artifact Attestations

The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:

gh attestation verify <file-path of downloaded artifact> --repo astral-sh/uv

You can also download the attestation from GitHub and verify against that directly:

gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>

Release Notes

Released on 2026-06-03.

Python

• Add CPython 3.15.0b2 (#19531)

Enhancements

• Always compute SHA256 for remote distributions (#19662)
• Add PyEmscripten platform (PEP 783) (#19629)
• Add Pyodide 2025 target triple (#19653)

Preview features

• Make preview features for commands have names that aren't ambiguous with the command (#19645)
• Respect --isolated in uv check (#19666)

Bug fixes

• Continue tool uninstall after dangling receipts (#19623)
• Skip Unix-specific installation steps when cross-installing Windows Python distributions (#19424)

Install uv 0.11.19

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-installer.ps1 | iex"

Download uv 0.11.19

Verifying GitHub Artifact Attestations

The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:

gh attestation verify <file-path of downloaded artifact> --repo astral-sh/uv

You can also download the attestation from GitHub and verify against that directly:

gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>

Release Notes

Released on 2026-06-01.

Performance

• Fix performance regression in unzip of local wheels (#19637)

Preview

• Add uv check to run ty from uv (#19605)

Bug fixes

• Update activation scripts with upstream fixes (#19628)

Other changes

• Bump MSRV to 1.94 (#19600)

Install uv 0.11.18

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.18/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.18/uv-installer.ps1 | iex"

Download uv 0.11.18

Verifying GitHub Artifact Attestations

The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:

gh attestation verify <file-path of downloaded artifact> --repo astral-sh/uv

You can also download the attestation from GitHub and verify against that directly:

gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>

Release Notes

Released on 2026-05-28.

Enhancements

• Add a diagnostic for uv add with standard library modules (#19572)
• Expose uv workspace and its list subcommand in help output (#19533)
• Improve the "403 forbidden" hint to suggest ignore-error-codes when applicable (#19521)
• Skip direct URL lock freshness checks while offline (#19596)
• Add import-names and import-namespaces support to uv-build (PEP 794) (#19380)
• Add a --no-editable-package flag to various commands (#19584)
• Infer Python version requests from source trees in uv tool invocations (#19577)

Preview features

• Add module owners to uv workspace metadata (#19122)
• Do not allow uv venv --clear to remove non-virtual environments (#19595)

Bug fixes

• Improve the performance of large entries in tool.uv.conflicts (#19538)
• Avoid modifying the parent process' env with --env-file in uv run (#19567)
• Fix script environment creation for scripts with long filenames (#19539)
• Fix transitive Git archive dependencies in lockfiles (#19589)
• Preserve Git repository URLs in direct URL metadata (#19590)
• Support redirects in --check-url (#19594)
• Accept case-insensitive HTML tags in --find-links parsing (#19537)
• Reject duplicate script metadata blocks (#19544)
• Ban names like "python3" as script entry points (#19535, #19536)
• Validate Git LFS artifacts for Git archives (#19592)
• Use a relative path when creating symlinks in cache to improve relocatability (#19033)

Documentation

• Fix malformed positional anchors in the CLI reference (#19575)

Install uv 0.11.17

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.17/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.17/uv-installer.ps1 | iex"

Download uv 0.11.17

Verifying GitHub Artifact Attestations

The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:

gh attestation verify <file-path of downloaded artifact> --repo astral-sh/uv

You can also download the attestation from GitHub and verify against that directly:

gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>

Release Notes

Released on 2026-05-21.

Enhancements

• Add support for direct archive dependencies in Git (#10072)
• Adjust hint rendering (#18090)

Preview features

• uv audit: specialize malformed OSV error (#19515)
• Reject locked malware installations (#18936)

Configuration

• Allow disabling reading the system config with UV_NO_SYSTEM_CONFIG (#19476)

Bug fixes

• Allow environment variables that take a list to be empty (#19503)
• Ensure that incompatible wheel hints do not leak secrets (#19504)
• Reject unsafe entry points in uv-build (#19495)
• Restrict delimiters in entry point parsing (#19471)
• uv-netrc: fix multi-word no-space comment lines causing parse errors (#19494)

Documentation

• Document and test relative exclude-newer support for uv pip (#19475)

Install uv 0.11.16

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.16/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.16/uv-installer.ps1 | iex"

Download uv 0.11.16

Verifying GitHub Artifact Attestations

The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:

gh attestation verify <file-path of downloaded artifact> --repo astral-sh/uv

You can also download the attestation from GitHub and verify against that directly:

gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>

Release Notes

Released on 2026-05-18.

Security

• Fix a TAR parser differential, see GHSA-3cv2-h65g-fgmm (#19463)
• Enforce that entry points cannot escape in the scripts directory, see GHSA-4gg8-gxpx-9rph (#19464)

Enhancements

• Add TOML v1.1 -> v1.0 backwards compatibility for source distributions (#18741)
• Add support for Azure request signing (#19421)
• Apply stricter validation to all wheel filename segments (#19364)
• Reject empty strings as an invalid package name (#19435)
• Use structured errors for signing authentication failures (#19422)

Preview

• uv audit: Add JSON output (#19305)

Configuration

• Respect required-environments in uv pip compile (#19378)

Performance

• Avoid parsing JSON manifest when local Python is available (#19398)
• Avoid walking nested directories in linker conflict registration (#19382)
• Optimize async wheel ZIP writing (#19383)
• Fix dead "already trimmed" fast-path in Version::only_release_trimmed (#19425)

Bug fixes

• Apply workspace-member [tool.uv.sources] credentials under uv sync --frozen (#19423)
• Skip empty directories in uv build outputs (#19437)
• Fix Git submodule handling when using relative paths (#12156)
• Fix line number reporting in netrc parsing (#19452)

Documentation

• Move Bazel auth helper setup into integration guide (#19392)

Install uv 0.11.15

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.15/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.15/uv-installer.ps1 | iex"

Download uv 0.11.15

Verifying GitHub Artifact Attestations

The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:

gh attestation verify <file-path of downloaded artifact> --repo astral-sh/uv

You can also download the attestation from GitHub and verify against that directly:

gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>