British security officials have warned that the retirement of Python 2 will expose millions of systems which still depend on the programming language.
Patching for Python 2 will cease by the end of the year, leaving developers unable to fix security flaws and users vulnerable to attacks. The National Cyber Security Centre (NCSC) is urging organisations to port their code to Python 3 before it’s too late.
In a security advisory issued on 22 August, the centre said: “If you continue to use unsupported modules, you are risking the security of your organisation and data, as vulnerabilities will sooner or later appear which nobody is fixing.”
Developers behind a number of popular Python projects, including TensorFlow, Requests and Apache Spark, have agreed to retire support for their modules in Python 2 as the foundation behind the language attempts to accelerate uptake of Python 3.
As NCSC noted, the latest iteration of Python comes with a number of new features, including tools that make unicode easier to handle, statements easier to read and the print function more flexible.
“The longer you wait to update, the more the Python 3 versions of your dependencies will have changed, and the more difficult updating will become,” said NCSC. “If you maintain a library that other developers depend on, you may be preventing them from updating to 3. By holding other developers back, you are indirectly and likely unintentionally increasing the security risks of others.”
Despite concerns over security, an analysis revealed that developers downloaded millions of Python packages in June which will have been retired by the end of the year. “Even if only a portion of these downloads are being used in live projects, the Python 2 [End of Life] could potentially affect the security of millions of systems,” said NCSC.
In the next four years, Python, known for its usability, is predicted to overtake C and Java as the world’s most popular programming language.