Why You Should Upgrade from Python 3.7 Now – End‑of‑Life Risks and Migration Guide

Upgrading to a new Python version is work, but it may not directly benefit end users, who care about features and bug fixes rather than the developer's upgrade schedule.

Consequently, many still use Python 3.7; as of December 2022, nearly 30% of packages downloaded from PyPI target Python 3.7, reflecting CI pipelines and not necessarily end‑user applications.

However, the window to delay upgrading is limited. Python 3.7 reaches end‑of‑life in June 2023, after which no bug or security fixes will be released.

Python 3.7 was released in June 2018. As described in PEP 537:

Error‑fix and security‑fix sub‑releases were issued every three months for the first two years.

After that, only needed security fixes were released.

Support ends five years after the initial release.

Thus, June 2023 is the final month for official Python 3.7 releases; from July 2023 onward, any discovered security vulnerabilities will not be patched by the Python core team.

Security fixes are real: all releases after 3.7.9 contain security patches. The latest 3.7.x version, 3.7.16 (released 6 December 2022), includes five security fixes ranging from denial‑of‑service to buffer‑overflow vulnerabilities.

Some Linux distributions provide long‑term support (including security fixes) for the Python version they ship. If you use such a distribution that includes Python 3.7, you can rely on it for security updates even after the core team stops support.

In theory you could stay on 3.7, but there are practical warnings.

Most distributions do not include Python 3.7:

Red Hat and its clones never shipped Python 3.7.

Ubuntu 18.04 offers 3.7 as an optional component in the “universe” repository, with uncertain security update cadence; the last security update was December 2021, and newer LTS releases (20.04, 22.04) do not include 3.7.

Debian 10 (“Buster”) includes 3.7, but Debian 11 does not.

Linux distributions only backport the most critical security fixes:

Even when Python maintainers release fixes, many are not backported into the Debian‑maintained 3.7.16 package.

The last Ubuntu security update for Python 3.7 was December 2021, despite later security releases upstream.

Long‑term support itself is limited:

Debian Buster’s security updates end in June 2024, giving at most one more year of coverage.

Ubuntu 18.04’s standard security updates end in April 2023; after that you must pay for extended support.

Your dependencies will stop receiving updates

When June arrives, third‑party Python libraries and frameworks will begin dropping support for Python 3.7, meaning critical bug fixes may no longer be available for that version, and your Linux distribution will not backport fixes for every existing library.

Indeed, several libraries and frameworks have already started dropping Python 3.7 support.

Now is the time to upgrade from 3.7 Your short‑term goal should be to move to a Python version that still receives compatible dependency versions. For example, the last Pandas release that supports 3.7 was published in December 2021, so you should aim for at least Python 3.8.

Fortunately, Python 3.x releases are fairly backward‑compatible, so you can proceed as follows:

Upgrade to 3.8.

Fix any errors you encounter.

Upgrade to 3.9 and resolve remaining issues.

Repeat until you reach Python 3.10, or consider moving to Python 3.11 around early 2023.