It’s time to stop using Python 3.8
Upgrading to new software versions is work, and work that doesn’t benefit your software’s users. Users care about features and bug fixes, not how up-to-date you are.
So it’s perhaps not surprising how many people still use Python 3.8. As of September 2024, about 14% of packages downloaded from PyPI were for Python 3.8. This includes automated downloads as part of CI runs, so it doesn’t mean 3.8 is used in 14% of applications, but that’s still 250 million packages installed in a single day!
Still, there is only so much time you can delay upgrading, and for Python 3.8, the time to upgrade is as soon as possible. Python 3.8 is reaching its end of life at the end of October 2024.
No more bug fixes.
No more security fixes.
Still not convinced? Let’s see why you want to upgrade.
What does end-of-life mean?
Python 3.8 was released in October 2019, five years ago at the time of writing. As you can see in PEP 569:
- Bug fix and security fix sub-releases happened every 2 months for the first two years.
- After that, releases happened as needed for security fixes only.
- Releases will stop 5 years after 3.8 was released.
Which is to say, October 2024 is the last month there will be any Python 3.8 releases. Starting October 2024, if there is a security bug, it won’t get fixed by the Python development team.
The need for security fixes is real: all releases after 3.8.10 were due to security fixes. The latest version at the time of writing, Python 3.8.20, was released on September 6, 2024, with 14 different security fixes.
“I don’t need to upgrade, I’m on long-term-support Linux!”
Some Linux distributions guarantee long-term support for a known period of time, including security bug fixes. If you’re using one of those distributions, and it includes Python 3.8, you can rely on the distribution to provide security fixes even if the Python development team won’t.
So in theory, you don’t need to upgrade quite yet. In practice, there are caveats.
Linux distributions will only do so much, and not forever
Linux distributions do not backport all security fixes, only those which are most significant. For example, some of the security fixes in Python 3.8.19 never made it into the Ubuntu package.
And of course long-term support only continues for a limited amount of time. For example, Ubuntu 20.04 (which is the version that includes Python 3.8) will end general security updates in April 2025. After that you’ll be able to get security updates for personal use, but for large-scale commercial use you will need to pay Ubuntu.
Your dependencies will stop getting updates
Third-party Python libraries and frameworks have already started dropping Python 3.8 support. And that means if those libraries have a critical bug, the fix might not be available on Python 3.8, and your Linux distribution is very much not in the business of doing backports for every single Python library in existence.
Package | Latest version supports 3.8? | Last release supporting 3.8 |
---|---|---|
NumPy | No | December 2022 |
Pandas | No | June 2023 |
Django 5.x | No | Never supported |
The time to upgrade from 3.8 is now
In the short-term, your minimal goal is to switch to a version of Python that has maintained versions of your dependencies available. If you’re relying on Pandas, for example, as we’ve seen the last 3.9-compatible release was in June 2023. So at the very minimum you want to be on Python 3.9.
Luckily, Python 3 releases are fairly backwards compatible. So what you really want to do is:
- Upgrade to 3.9.
- Fix any bugs you find.
- Upgrade to 3.10, fix any bugs.
- Repeat until you hit Python 3.12, or perhaps even 3.13.
A symptom of a bigger problem
The need to upgrade is not a one-time event, it’s an ongoing requirement:
- Ubuntu 20.04 will stop getting free security updates as of April 2025.
- Python 3.9 will stop getting security updates in October 2025.
- Django 5.2 will stop getting security updates in April 2026.
And so on and so forth.
From the opposite perspective of new releases:
- Python 3.9 was released in October 2020.
- Python 3.10 was released in October 2021.
- Python 3.11 was released in October 2022.
- Python 3.12 was released in October 2023.
If you’re still on Python 3.8 in 2024, that is a symptom you are suffering from an organizational problem, and it’s likely you have other important upgrades that you’ve been putting off. So your next step should be setting up an ongoing process to update your dependencies regularly.