From the upstream list, these seem applicable to our current releases: 3.7 - 3.12: gh-100001: python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server log. 3.8 - 3.12: gh-87604 : Avoid publishing list of active per-interpreter audit hooks via the gc module. The remaining are either irrelevant (because we're not using bundled Expat) or were backported already.
Thanks for reporting!
Cleanup done.
Thanks!