The UK National Cyber Security Centre (NCSC) is recommending developers to drop Python 2.x due to the imminent End-of-Life. Attackers could start targeting applications based on Python 2 on a large scale because they will not receive security updates in the future.
The end-of-life (EOL) of the Python 2 is scheduled for January 1, 2020.
“Python 2.7 will not be maintained past 2020. Originally, there was no official date. Recently, that date has been updated
Developers have to migrate to the newer 3.x branch to avoid security risks, the NCSC warns of the dangers for organizations that will not move to the new version.
“So, if you’re still using 2
“If you maintain a library that other developers depend on, you may be preventing them from updating to 3. By holding other developers back, you are
The NCSC provided a list of the latest features implemented with Python 3, also suggested some tools that could be used by developers to migrate their code.
“If migrating your code base to Python 3 is not possible, another option is to pay a commercial company to support Python 2 for you.” continues the NCSC.
“At least one company has already announced a support package for Python 2 and Python 2 third-party packages.”
The UK agency is stressing the importance of migrating to a newer version, patching is one of the most fundamental things users can do to secure their applications and infrastructure.
“By making the decision to continue using Python 2 past its end of life, you are accepting all the risks that come with using unsupported software, while knowing that a secure version is available.
Experts pointed out that many popular projects such as NumPy and Requests, will no longer support Python 2
“The longer you wait to update, the more the Python 3 versions of your dependencies will have changed, and the more difficult updating will become.”
Hurry Up! Move to Python 3!