Python 2.x is coming to reach End-of-Life, and the UK National Cyber Security Centre (NCSC) urges developers to move from Python 2.x to Python 3.x as soon as possible. Python 2.x will be discontinued on January 1, 2020, and bug fixes and security updates will no longer be available.
NCSC warns that if you continue to use modules developed by Python 2.x, you will be at risk because the vulnerability will always occur and the new vulnerability will not be fixed.
“If you maintain a library that other developers depend on, you may be preventing them from updating to 3,” the agency added. “By holding other developers back, you are indirectly and likely unintentionally increasing the security risks of others.”
“At the NCSC we are always stressing the importance of patching. It’s not always easy, but patching is one of the most fundamental things you can do to secure your technology,” the agency said.
“The WannaCry ransomware provides a classic example of what can happen if you run unsupported software,” it said. “By making the decision to continue using Python 2 past its end of life, you are accepting all the risks that come with using unsupported software, while knowing that a secure version is available.”