At the end of April this year, Ubuntu will no longer support Python 2. That’s almost exactly three years since the last official release of Python 2 (2.7.18) by the Python Software Foundation on April 20, 2000. Ubuntu’s End of Life (EOL) declaration for Python 2 means Canonical will no longer provide standard updates or security fixes going forward, not even for critical security vulnerabilities.
At this point, most organizations have either migrated their Python 2 applications to Python 3, or sunset them altogether. However, given that Ubuntu is by far the most popular Linux distribution, there are undoubtedly a number of organizations that continue to make use of Python 2, either as customer-facing applications, or else in the form of tools, scripts or services in non-production environments.
The reality is that many organizations continue to derive value from Python 2, and long ago realized that the opportunity cost of migrating or rewriting their application(s) was prohibitive. Simply put, the need to close competitive gaps with new features and/or resolve existing issues take precedence over a protracted migration process which would deliver nothing new to their customers.
Python 2, like most popular programming languages, is hard to kill off. In fact, we know from our Python 2 End Of Life Survey that two-thirds of organizations had already migrated or planned to complete their migration to Python 3 prior to January 1, 2020. In our subsequent discussions with many of the remaining one-third of companies over the past three years, we know that :
- Most of the large codebases have completed their migration.
- Others continue to maintain their Python 2 applications, typically with the help of an OS vendor.
With Canonical sunsetting their Python 2 support, Ubuntu users still gaining value from their Python 2 applications face a similar choice: either migrate or find a new support vendor.
Python 2 Support Options in 2023
While Ubuntu is ending their standard Python 2 maintenance and security updates in April 2023, organizations can still opt for Extended Security Maintenance (ESM), which provides vulnerability management for critical, high and medium Python 2 Common Vulnerabilities and Exposures (CVEs). ESM is available for the cost of an Ubuntu Advantage subscription.
Alternatively, a number of other Linux vendors continue to provide standard support options for their Long Term Support (LTS) distributions, including:
- Debian – v10 (Buster) is the last release to include Python 2.7, which will continue to be supported through June of 2024.
- Redhat – RHEL 8 was the last version to include support for Python 2, which will be retired in June 2024.
- CentOS – v8 was the last version to include support for Python 2.7, which will be EOL in May 2024.
While these are options, it’s unlikely that Ubuntu users would consider switching Linux vendors just for Python 2 support, especially since their standard support offerings only last another 14 months or so.
Instead, Ubuntu users should consider third-party commercial vendor offerings. For example, ActiveState has continuously provided support for Python 2.7.18 since it was EOL’ed by the Python Software Foundation. By maintaining and updating our own fork of Python 2.7.18, we have been able to provide our customers with a secure version of Python 2.7.18.x on which to continue safely running their applications.
ActiveState Python 2 Extended Support
ActiveState’s extended Python 2 support subscription provides:
- Python 2 Support
- Security Patches
- Updates to 3rd-Party Packages
- Supply Chain Security
- Enterprise Service Level Agreements
- Python 2 to 3 Migration Consultation
To date, our customers have received a number of 2.7.18.x updates that resolve vulnerabilities discovered in newer versions of Python which have been found to affect Python 2.7, as well.
To see if your Python 2 application is a good fit for ActiveState’s extended support, you may want to download our base ActivePython 2.7.18 (valid for all Linux distributions, including Ubuntu) and test it out.
You can also complete our Python 2 Assessment Form and we’ll work with you to create a plan that addresses compatibility and security for your Python 2 applications.
Read Similar Stories
Webinar: The Python 2 Time Bomb – Securing Your Python Supply Chain
Learn how Python 2 poses an increasing security risk two years after End of Life in non-production environments.
Python 2 Security Vulnerability (CVE) Updates
CVEs impacting Python 2.7 since Python 2 EOL, including vulnerabilities to both the core language and third-party packages.
Datasheet: Python 2 Extended Support
Learn how ActiveState can generate a signed attestation for your open source components, helping you establish customer trust.