The NumPy 1.16.3 release fixes bugs reported against the 1.16.2 release, and also backports several enhancements from master that seem appropriate for a release series that is the last to support Python 2.7. The wheels on PyPI are linked with OpenBLAS v0.3.4+, which should fix the known threading issues found in previous OpenBLAS versions.
Downstream developers building this release should use Cython >= 0.29.2 and, if using OpenBLAS, OpenBLAS > v0.3.4.
The most noticeable change in this release is that unpickling object arrays when loading *.npy or *.npz files now requires an explicit opt-in. This backwards incompatible change was made in response to CVE-2019-6446.
*.npy
*.npz
The functions np.load, and np.lib.format.read_array take an allow_pickle keyword which now defaults to False in response to CVE-2019-6446.
np.load
np.lib.format.read_array
False
This should make the tolerance used when checking the singular values of the covariance matrix more meaningful.
__array_interface__
The interface may use an offset value that was previously mistakenly ignored.
offset