HeartBleed vulnerability and ActivePython


Is my Community/Business/Enterprise Edition version of ActivePython vulnerable to HeartBleed?


No Enterprise versions of ActivePython are vulnerable.

No Community/Business Edition versions of ActivePython 2.x and no Community/Business Edition versions of ActivePython 3.0, 3.1, and 3.2 are vulnerable to HeartBleed.

Only Community/Business Edition ActivePython and are vulnerable.
An updated 3.3 release will be needed to address the vulnerability.

ActivePython and CVE-2015-1793


Are ActivePython releases affected by CVE-2015-1793?


No ActivePython releases, in any product line, are affected by CVE-2015-1793.

ActivePython CVE-2012-5379 Insecure File Permissions Vulnerability


We have read the Security alert for CVE-2012-5379, and would like more information.


This is not a new issue, and it's not really an ActivePython issue. This vulnerability is a member of a class of vulnerabilities that apply to any software which needs to have a user-writable directory on $PATH. It has been a security concern on Windows for as long as software has been avoiding dll conflicts by using custom library paths.

It is already possible to mitigate the vulnerability by choosing to override the default install path and install to one of the various protected program files silos that newer versions of Windows offer. We don't do this as the default because ActivePython has a long legacy of scripts and modules which do not handle spaces in the pathname.

It is also possible to migate the vulnerability on an inplace install. This powershell script will copy the permissions to the Python directory (replace with your directory name, as installed):

powershell -command "(Get-Item 'C:\Program Files').GetAccessControl('Access') | set-acl 'C:\Python'"

Be advised that protecting Python from this vulnerability *will* result in reduced functionality. With altered acls, PyPM will be unable to manage modules unless it is run with elevated priviledges. If you are using virtualenv, you will not be fully protected from this vulnerability unless you protect your virtualenv directory as well.

Powershell is included in Windows 7. With older versions, you may be able to download.

How do I revert to MacPython from ActivePython?


I had MacPython installed, then the ActivePython installer had me move it out of the way. I want to go back to MacPython. How do I do that?


There are three popular Python distributions for Mac OS X.

There is the pre-installed distribution that ships as /usr/bin/python and has its frameworks in /System/Library/Frameworks.

There is also MacPython, the Python distribution from the guys (and
pointed to by This is a 3rd-party Python distro. This installs as
/usr/local/bin/python with its frameworks in /Library/Frameworks.

Then there is ActivePython, our distribution. This also installs as /usr/local/bin/python with its frameworks in /Library/Frameworks -- the same location as MacPython. When ActivePython is being installed the installer will look for MacPython and prompt to move it out of the way, rather than overwrite it. Because of the way Mac OS X works you can only have one of MacPython or ActivePython as the "current" python at a time.

The ActivePython install notes show how to uninstall ActivePython:

Note that this will not restore the MacPython install (it is still
there, just moved to the side). That same "" script used to
uninstall also has the ability to restore the MacPython install, but it
is a little bit of a chicken and egg problem because uninstall
ActivePython will uninstall "".


- copy to a safe place (say ~/tmp), then run this to
uninstall ActivePython

sudo /usr/bin/python activepython_uninstall 2.4

- then this to restore MacPython
sudo /usr/bin/python macpython_restore 2.4

That should work, but isn't too heavily tested.


Just re-install MacPython from its original installer package.

What version of ActivePython will work with my Mac with an Intel processor?


What version of ActivePython will work with my Mac with an Intel processor?


The first version of ActivePython to be built natively for Intel Macs was ActivePython Versions before this version were built specifically for PowerPC-based Macs. It may be possible to run the PowerPC version on the Intel Macs, taking advantage of the PowerPC emulation layer in OS X; however, this tends to be quite slow. Therefore, we recommend only using the Intel-specific builds of ActivePython or higher on an Intel Mac.

For each build of ActivePython and higher there are two files. One file specifies macosx-powerpc, and is of course the build for PowerPC-based Mac OS X systems. The other file specifies macosx-x86, and is the correct package to install on your Intel Mac.

Where can I get past versions of ActivePython?


Where can I get past versions of ActivePython? Is there an ftp server for ActivePython?


Recent past versions of ActiveState Community Edition products are available from our downloads repository via the web at:

Version of ActiveState Products which have aged out of Community Edition are still available, but now require a Business Edition license. If you have a Business Edition license, the products to which your license applies become available from your "My Account" page on our site.

There is no ftp server.

What is the ECCN for ActivePython?


What is the Export Control Classification Number for ActivePython?


The Export Control Classification Number for ActivePython is EAR99 (self-classified). For a brief description of EAR99 and information on the difference between EAR99 and NLR (No License Required), see:

Why don't ActivePython 2.4 and earlier support SSL?


ActivePython 2.4 and earlier do not include SSL support. Why is this, and how can I add it?


*Note*: As of ActivePython 2.5 full SSL support is included.

Here is an answer on python-list while discussing the differences between ActivePython and's Python:

As Neil pointed out, ActivePython does not currently have SSL
bindings (the _ssl module) that's Python builds do. We
are currently going through the legal hurdles so that we can
include those. I expect that by or before the Python 2.5
timeframe we'll have _ssl in ActivePython.

In the meantime just plopping in the _ssl.pyd or from either's build or from your own build into ActivePython's lib-dynload directory will work to get ActivePython talking SSL.

Why doesn't ActivePython use GNU readline?


Why doesn't ActivePython use GNU readline? Why doesn't my up-arrow key recall past commands?


If you've used a build of Python before starting to use ActivePython, you may have grown fond of the command history and editing provided by the use of libreadline. Where Python gives you the last line you entered when you hit up-arrow, ActivePython gives you ^[[A.

ActivePython includes a package manager called PyPM using which you may install readline to make the arrow keys work:

$ pypm install readline

We do not include readline by default in the ActivePython distribution due to licensing restrictions.

What compilers are used to compile ActivePython?


What compilers are used to compile ActivePython? Why?


We base our compiler choice on the lead set by the distributions for the language. That way we keep binary compatibility with extensions for the distribution. Our choice of build environment will continue to follow the lead of the community to ensure this compatibility remains.

On Windows, we use:
Visual Studio 6 for Python 2.3
Visual Studio 7 for Python 2.4
Visual Studio .NET 2003 (7.1) for Python 2.5
and Visual Studio 9.0 for Python 2.6 and higher

There was a thread on the Python-Dev mailing list about switching build environments to VS2005. After some back-and-forth, this message told at least part of the story why changes only happen at major version boundaries.

For Pythons on Linux, we use:
gcc 4.0.2

For Pythons on OS X, we use:
gcc 4.2.1