My Release Notes

by Tiny Tools

/astral-sh/uv/0.11.25
0.11.25
0.11.25
View on GitHubView PackagePublished: Jun 27, 2026

Release Notes

Release Notes

Released on 2026-06-26.

Security

This release updates our tar library, astral-tokio-tar, to v0.6.3, which includes over 20 changes that harden our tar handling against parser differentials. uv may reject source distributions with malformed or ambiguous content that were previously accepted.

See the upstream commits for a full list of changes.

Enhancements

  • Add a full "lockfile" to tool receipts (#18937)
  • Allow scoped overrides to add dependencies (#19974)
  • Avoid writing redundant lockfile markers with tool.uv.environments (#19933)
  • Factor supported environments out of lockfile markers (#19969)
  • Recommend our own build backend in the build frontend (#19994)
  • Reject wheels with multiple .dist-info directories (#19986)
  • Simplify dependency markers under parent reachability (#19971)
  • Support scoped dependency exclusions (#19977)
  • Support scoped dependency overrides (#19970)
  • Explain why files are skipped in registry index parsing (#19983)

Preview features

  • Add uv workspace list --scripts (#20009)
  • Support centralised environments in uv venv (#19912)
  • Use locked ty versions in uv check (#19884)
  • Add centralized storage of project environments (#18214)
  • Verify lockfile hashes before reusing a cached ty in uv check (#19995)
  • Use locked dependency selection for uv check --script (#19989)

Bug fixes

  • Preserve standalone markers in workspace metadata (#20011)
  • Reject uv build if the cache dir is enclosed (#19991)

Install uv 0.11.25

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.25/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.25/uv-installer.ps1 | iex"

Download uv 0.11.25

File Platform Checksum
uv-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
uv-x86_64-apple-darwin.tar.gz Intel macOS checksum
uv-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
uv-i686-pc-windows-msvc.zip x86 Windows checksum
uv-x86_64-pc-windows-msvc.zip x64 Windows checksum
uv-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
uv-i686-unknown-linux-gnu.tar.gz x86 Linux checksum
uv-powerpc64le-unknown-linux-gnu.tar.gz PPC64LE Linux checksum
uv-riscv64gc-unknown-linux-gnu.tar.gz RISCV Linux checksum
uv-s390x-unknown-linux-gnu.tar.gz S390x Linux checksum
uv-x86_64-unknown-linux-gnu.tar.gz x64 Linux checksum
uv-armv7-unknown-linux-gnueabihf.tar.gz ARMv7 Linux checksum
uv-aarch64-unknown-linux-musl.tar.gz ARM64 MUSL Linux checksum
uv-i686-unknown-linux-musl.tar.gz x86 MUSL Linux checksum
uv-riscv64gc-unknown-linux-musl.tar.gz RISCV MUSL Linux checksum
uv-x86_64-unknown-linux-musl.tar.gz x64 MUSL Linux checksum
uv-arm-unknown-linux-musleabihf.tar.gz ARMv6 MUSL Linux (Hardfloat) checksum
uv-armv7-unknown-linux-musleabihf.tar.gz ARMv7 MUSL Linux checksum

Verifying GitHub Artifact Attestations

The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:

gh attestation verify <file-path of downloaded artifact> --repo astral-sh/uv

You can also download the attestation from GitHub and verify against that directly:

gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>