Since Python 2.7.x has been completely unsupported since 1/2020, and ArcMap 10.8.1 will receive patches and hotfixes until 2/2024, will Esri take ownership in patching any future security vulnerabilities discovered in the Python 2.7.x library?
Is there anything official from Esri indicating ownership of security patches to the library while running within a version of ArcMap that is still supported?
Solved! Go to Solution.
Yes, if a Python-related security vulnerability were to be found, Esri will work to provide guidance or a patch to mitigate the vulnerability if technically possible.
Here is a blog that I was able to find easily; How sunsetting Python 2 affects ArcGIS
You may also want to reach out technical support for other guidance.
I reviewed that before posting - it wasn't clear whether or not Esri was taking full ownership of Python 2.7 and that they'd patch security vulnerabilities in the library. It seems to suggest they are, but it wasn't explicitly worded as such. For anything security-specific, there needs to be an abundance of clarity.
Probably not what anyone wants to hear, but this needs to be taken into consideration when planning your agency's migration to Pro. How dependent are you python and how long are you going to kick the migration can down the road?
I don't know how big your organization is with respect to ArcGIS users, but here we are at Q4 2020, and 2024 is going to get here before you know it.
Even if the migration were to be completed within six months, my main concerns are, if there is a core security vulnerability revealed tomorrow, will Esri provide support and mitigation? ArcMap 10.8.1 wont even exit general availability until Q1 2022.
Kory Kramer - Is this something that you have any more insight into?
Yes, if a Python-related security vulnerability were to be found, Esri will work to provide guidance or a patch to mitigate the vulnerability if technically possible.
Is it be possible to uninstall the python 2.7 that is part of the ArcGIS Enterprise 10.8.1 and ArcMap 10.8.1 installation to resolve some of these vulnerability issues?