Python 2.7: Extended Support Past EOL

Since Python 2 reached End of Life on January 1, 2020, it is no longer supported by the Python Software Foundation. No version of Python 2 will receive updates at this point – not even for critical security vulnerabilities. But that doesn’t mean it will disappear any time soon from organizations that have relied on it for years. 

That means risk. Security vulnerabilities and critical bugs will emerge as you continue to run your Python 2 applications on newer systems. Don’t yet have a plan in place? If so, you’re not alone as our Python 2 EOL survey results show.

Python 2 Extended Support

ActiveState provides ongoing support and security updates for Python 2.7, so you can better manage your risks. And, if you decide to migrate your old applications to Python 3, we can make the process easier.

We’ll work with you to create a custom plan that includes support for all the core libraries and 3rd-party packages in your application, backported fixes from Python 3, as well as regular patches and updates. Contact us for a free risk assessment of your Python 2 applications.

Request Free Assessment

With more than 20 years of experience supporting Python for enterprises, ActiveState can help you maintain your Python 2 code, business systems and mission-critical deployments going forward in much the same way you maintain them today.

Security Notifications:

ActiveState has assessed the following CVE’s impacting Python 2 to-date. Fixes have been issued for Python 2.7.18 as part of our Python 2 support options.

CVE-2020-36242
Impact: In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
Severity: Critical

CVE-2021-3177
Impact: Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, also present in Python 2.7.18.2 (and earlier 2.7.18 versions)
Severity: Critical

CVE-2020-11655
Package Impacted: SQLite prior to 3.31.1
Severity: High

CVE-2020-6802
Package Impacted: Bleach prior to 3.11
Severity: Medium

CVE-2020-8492
Package Impacted: urllib
Severity: Medium

CVE-2020-5310, CVE-2020-5311, CVE-2020-5312, CVE-2020-5313
Package Impacted: Pillow prior to 6.2.20
Severity: 2 Critical, 2 High

Learn more about our Python 2 security updates here.

Frequently Asked Questions

ActiveState provides Python 2 extended support with security updates for organizations that still need to run Python 2. However, Python 2 reached End of Life (EOL) in January 2020 and is no longer officially supported by the Python Software Foundation. Get a free assessment of your Python 2 applications.

ActiveState’s Python 2 support provides security patches for the core language and third-party packages. This includes backported security fixes from Python 3 to 2, as well as fixes created by ActiveState in conjunction with community contributors. Security patches are provided on a quarterly basis, with critical vulnerabilities addressed urgently. See the list of Python 2 security updates we have provided to-date.

ActiveState’s Python 2 extended support helps you address compliance requirements with standards such as PCI-DSS, ISO 27001, SOC 2 and FedRAMP. Specifically, Python 2 extended support addresses requirements around developing and maintaining secure systems and software, particularly for software no longer supported by the developers. See the list of Python 2 security updates we have provided to-date.

ActiveState’s Python 2 support is available with Enterprise tier licensing. Pricing varies based on your requirements. Python 2 support can include additional benefits such as security vulnerability (CVE) reports, open source license reports, legal indemnification, and custom builds or platform support. Contact us to discuss your Python 2 needs.