[jira] [Commented] (CASSANDRA-17450) Drop python 3.6 support

Wed, 06 Apr 2022 01:48:08 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-17450?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17517944#comment-17517944
 ] 

Bowen Song commented on CASSANDRA-17450:
----------------------------------------

[~bschoeni] RHEL & CentOS 7 will only provide critical and important security 
updates (e.g. most RCE and privilege escalation) for their packages. That means 
no bug fixes or less important security updates (e.g. most DoS and information 
disclosure). Since Python itself is just an interpreter, most of the code and 
logic are implemented in Python libraries, not the interpreter itself. It's 
nature to expect fewer security issues in the interpreter than the libraries. 
This can be proven by the CVE assigned to Python:

[https://www.cvedetails.com/product/18230/Python-Python.html?vendor_id=10210]

As you can see there has only been one new code execution vulnerabilities since 
2021, and it only leads to core dump (DoS) on RHEL/CentOS 7 because the 
compiler's stack overflow protection option was enabled.

>From Cassandra's point of view, supporting a version doesn't mean recommending 
>it. It's the user's choice to use an older version. Since there isn't any 
>material change between Python 3.6 and 3.8, and nothing in 3.6 stops 
>Cassandra's Python libraries from doing their job, I don't see any reason why 
>should Cassandra drop support for 3.6 and bump it to 3.8.

> Drop python 3.6 support
> -----------------------
>
>                 Key: CASSANDRA-17450
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17450
>             Project: Cassandra
>          Issue Type: Task
>          Components: CQL/Interpreter
>            Reporter: Brad Schoening
>            Priority: Normal
>             Fix For: 4.x
>
>
> Python 3.6 became EOL as of 12/23/21.  There will be no further releases or 
> security fixes for Python 3.6.
> https://github.com/httpie/httpie/issues/1177
> https://devguide.python.org/#status-of-python-branches



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to