As of this month, Python 3.6 is dead to me.
It should be dead to you as well.
Why? Because it will no longer receive either bug or security fixes. What does that mean? It means if you’re using Python 3.6 past this month, you do so at your own risk.
Trust me when I say you do not want that. This is especially so with the recent discovery of the Log4j vulnerability. No, that doesn’t directly involve Python, but it makes a very loud and painful case for always staying up to date.
That’s a problem. Consider this: As of Dec. 16, 2021, at least 17.39% of packages that were downloaded from PyPI were based on Python 3.6. And that’s knowing this version of Python was about to reach end of life.
That’s looking for trouble.
Want to know what version of Python you’re using? Issue the command:
If you see 3.6 or earlier, by the end of December 2021, you’ll no longer receive updates or bug fixes. To resolve that, you must upgrade to the latest version of Python. Because 3.6 will have reached End of Life (EOL), it will no longer receive bug fixes, even if they are critical. You could find yourself using Python with a known CVE that has a CVSS score of 10.0 and it will not get patched.
But wait, there are pseudo loopholes for those who still refuse to realize just how important it is that they move on from Python 3.6.
Say, for instance, you’re using Ubuntu Server 20.04, which is a Long Term Release. This LTS distribution is supported until 2025. So, theoretically, you have three years of support left. Does that mean you’re exempt from updating Python? In theory, yes. When using an LTS release, you’ll receive security updates. There’s a caveat. Even though you’re receiving security updates, you won’t have access to bug fixes and you certainly won’t be included with new features.
You want new features, right?
You should also want bug fixes, right?
To make this even worse, none of your third-party frameworks and libraries will be updated. You’ll be stuck on whatever releases of those bits that still support Python 3.6.
There’s Good News
Most of the more recent releases (such as Ubuntu 20.04.3 and RHEL 8.5) all ship with Python 3.9. I currently have a Ubuntu Server 20.04 which shipped with Python 3.8. After running
sudo do-release-upgrade (to upgrade to 20.04.3), the Python package was upgraded to 3.9. But even the original 20.04 release included Python 3.8.
And yes, you could very well still be using Ubuntu 18.04, which is still supported until 2023. But Ubuntu 18.04 shipped with Python 3.6… the version about to be sent over the cliff. So even though you still have a year left with 18.04, your Python version is woefully out of date.
If you want to upgrade Python on Ubuntu 18.04, you can with the help of Anaconda. To do this, download the Anaconda installer with the command:
Run the installer with:
The script will take some time. Once it completes, log out and log back in and then upgrade Python with the command:
conda update python
After the update completes you can check the newly installed version with the command:
You should now have Python 3.9 installed.
Here’s the thing… you’re probably using all sorts of libraries, frameworks, and other bits and pieces that connect to Python 3.6. If you upgrade to Python 3.9, there’s no guarantee those external bits won’t break. What does that mean for you? It means you’re going to have to take great care with this transition. You’ll need to find out everything you use in connection with Python 3.6 to see if A) Each piece will also function with Python 3.9 or B) If there’s an upgrade available so those external libraries and frameworks can function with the latest version.
Understand, this is not going to be easy and it’s going to be time-consuming. However, the end result will be worth your effort. You do not want to leave your servers, your apps, and your services vulnerable to whatever digital ugliness befalls Python 3.6 in the coming months.
Spend the necessary time and effort to upgrade Python to 3.9 and make sure everything you use in conjunction with it can upgrade and function as expected.
You’ve been warned.