Why and How to Upgrade from Python 3.7 Before Its End‑of‑Life

Upgrading to a new Python version is necessary work, but it does not always directly benefit end users, who care more about new features and bug fixes than about the developer’s upgrade schedule.

Nevertheless, a large number of developers still use Python 3.7; as of December 2022, nearly 30 % of packages downloaded from PyPI target Python 3.7, largely because CI pipelines automatically pull these versions.

The upgrade window for Python 3.7 is limited: support ends in June 2023, after which no bug or security fixes will be released.

Python 3.7 was released in June 2018. According to PEP 537, sub‑versions received bug‑fix and security releases every three months for the first two years, then only security fixes, and after five years the series is discontinued.

Thus June 2023 is the last month for any official releases; from July 2023 onward, the Python core team will no longer address security vulnerabilities.

Security fixes are real: the latest 3.7.16 release (December 6 2022) contains five distinct security patches ranging from denial‑of‑service attacks to buffer overflows.

Some Linux distributions guarantee long‑term support, including security patches, for the Python version they ship. If you use such a distro that includes Python 3.7, you can rely on its security updates even after the upstream team stops supporting it.

However, many popular distributions no longer ship Python 3.7: Red Hat and its clones never included it; Ubuntu 18.04 provides it as a “universe” component with uncertain security support (last update December 2021), while newer LTS releases (20.04, 22.04) do not include it; Debian 10 (Buster) includes it, but Debian 11 does not.

Linux distros only backport the most critical security fixes, so many patches present in Python 3.7.16 are not backported by Debian, and Ubuntu’s last security update for 3.7 was in December 2021.

Long‑term support itself is limited: Debian Buster’s security updates end in June 2024, giving roughly one more year; Ubuntu 18.04’s standard security updates end in April 2023, after which paid support is required.

Consequently, your third‑party dependencies will stop receiving updates. After June, many libraries and frameworks will drop Python 3.7 support, meaning critical bug fixes may no longer be available for that version.

Some libraries have already ceased support for Python 3.7, as shown in the table below:

Package

Latest version supports 3.7?

Last release supporting 3.7

NumPy

No

April 2022

Pandas

No

December 2021

Django 4.x

No

Never supported

Django 3.2 LTS still supports Python 3.7, but its own security updates end in April 2024.

Now is the time to upgrade from 3.7. In the short term, aim for a Python version that still receives dependency updates; for example, if you rely on Pandas, the last compatible version was released in December 2021, so you should at least move to Python 3.8.

Because Python 3 releases are largely backward‑compatible, you can follow this incremental path: upgrade to 3.8, fix any discovered bugs, then move to 3.9, and continue until you reach Python 3.10 or, around early 2023, Python 3.11.

The article also includes a promotional QR code offering free Python learning resources, including e‑books, tutorials, project templates, and source code.