HeartBleed vulnerability and ActivePython


Is my Community/Business/Enterprise Edition version of ActivePython vulnerable to HeartBleed?


No Enterprise versions of ActivePython are vulnerable.

No Community/Business Edition versions of ActivePython 2.x and no Community/Business Edition versions of ActivePython 3.0, 3.1, and 3.2 are vulnerable to HeartBleed.

Only Community/Business Edition ActivePython and are vulnerable.
An updated 3.3 release will be needed to address the vulnerability.

ActivePython and CVE-2015-1793


Are ActivePython releases affected by CVE-2015-1793?


No ActivePython releases, in any product line, are affected by CVE-2015-1793.

ActivePython CVE-2012-5379 Insecure File Permissions Vulnerability


We have read the Security alert for CVE-2012-5379, and would like more information.


This is not a new issue, and it's not really an ActivePython issue. This vulnerability is a member of a class of vulnerabilities that apply to any software which needs to have a user-writable directory on $PATH. It has been a security concern on Windows for as long as software has been avoiding dll conflicts by using custom library paths.

It is already possible to mitigate the vulnerability by choosing to override the default install path and install to one of the various protected program files silos that newer versions of Windows offer. We don't do this as the default because ActivePython has a long legacy of scripts and modules which do not handle spaces in the pathname.

It is also possible to migate the vulnerability on an inplace install. This powershell script will copy the permissions to the Python directory (replace with your directory name, as installed):

powershell -command "(Get-Item 'C:\Program Files').GetAccessControl('Access') | set-acl 'C:\Python'"

Be advised that protecting Python from this vulnerability *will* result in reduced functionality. With altered acls, PyPM will be unable to manage modules unless it is run with elevated priviledges. If you are using virtualenv, you will not be fully protected from this vulnerability unless you protect your virtualenv directory as well.

Powershell is included in Windows 7. With older versions, you may be able to download.

How do I revert to MacPython from ActivePython?


I had MacPython installed, then the ActivePython installer had me move it out of the way. I want to go back to MacPython. How do I do that?


There are three popular Python distributions for Mac OS X.

There is the pre-installed distribution that ships as /usr/bin/python and has its frameworks in /System/Library/Frameworks.

There is also MacPython, the Python distribution from the guys (and
pointed to by This is a 3rd-party Python distro. This installs as
/usr/local/bin/python with its frameworks in /Library/Frameworks.

Then there is ActivePython, our distribution. This also installs as /usr/local/bin/python with its frameworks in /Library/Frameworks -- the same location as MacPython. When ActivePython is being installed the installer will look for MacPython and prompt to move it out of the way, rather than overwrite it. Because of the way Mac OS X works you can only have one of MacPython or ActivePython as the "current" python at a time.

The ActivePython install notes show how to uninstall ActivePython:

Note that this will not restore the MacPython install (it is still
there, just moved to the side). That same "" script used to
uninstall also has the ability to restore the MacPython install, but it
is a little bit of a chicken and egg problem because uninstall
ActivePython will uninstall "".


- copy to a safe place (say ~/tmp), then run this to
uninstall ActivePython

sudo /usr/bin/python activepython_uninstall 2.4

- then this to restore MacPython
sudo /usr/bin/python macpython_restore 2.4

That should work, but isn't too heavily tested.


Just re-install MacPython from its original installer package.

Where can I get past versions of ActivePython?


Where can I get past versions of ActivePython? Is there an ftp server for ActivePython?


Recent past versions of ActiveState Community Edition products are available from our downloads repository via the web at:

Version of ActiveState Products which have aged out of Community Edition are still available, but now require a Business Edition license. If you have a Business Edition license, the products to which your license applies become available from your "My Account" page on our site.

There is no ftp server.

What is the ECCN for ActivePython?


What is the Export Control Classification Number for ActivePython?


The Export Control Classification Number for ActivePython is EAR99 (self-classified). For a brief description of EAR99 and information on the difference between EAR99 and NLR (No License Required), see:

Why doesn't ActivePython use GNU readline?


Why doesn't ActivePython use GNU readline? Why doesn't my up-arrow key recall past commands?


If you've used a build of Python before starting to use ActivePython, you may have grown fond of the command history and editing provided by the use of libreadline. Where Python gives you the last line you entered when you hit up-arrow, ActivePython gives you ^[[A.

ActivePython includes a package manager called PyPM using which you may install readline to make the arrow keys work:

$ pypm install readline

We do not include readline by default in the ActivePython distribution due to licensing restrictions.

What compilers are used to compile ActivePython?


What compilers are used to compile ActivePython? Why?


We base our compiler choice on the lead set by the distributions for the language. That way we keep binary compatibility with extensions for the distribution. Our choice of build environment will continue to follow the lead of the community to ensure this compatibility remains.

On Windows, we use:
Visual Studio 6 for Python 2.3
Visual Studio 7 for Python 2.4
Visual Studio .NET 2003 (7.1) for Python 2.5
and Visual Studio 9.0 for Python 2.6 and higher

There was a thread on the Python-Dev mailing list about switching build environments to VS2005. After some back-and-forth, this message told at least part of the story why changes only happen at major version boundaries.

For Pythons on Linux, we use:
gcc 4.0.2

For Pythons on OS X, we use:
gcc 4.2.1

ActivePython blurb

ActivePython is ActiveState's award-winning distribution of Python, available for Windows, Mac OS X, Linux, Solaris, HP-UX, and AIX. ActivePython for Windows also includes the PyWin32 extensions.

Quick links: