Upgrade default QGIS python from 3.9 to latest stable version #54491
Comments
|
What is the issue with 3.9? |
|
There's big performance optimisations in 3.10+11, for one 👍 |
jef-n
added
Windows
|
@jef-n |
|
I would be more than happy to try a python update on qgis-dev if this is feasible. |
|
@nicogodet, the latest MingW64 Windows 64bit builds use Python 3.11.4. The only issue I've seen till now is that the MetaSearch Plugin crashes. |
QGIS is not tied to a specific python version. Most - if not all - linux builds use 3.10 and above - and conda obviously. For OSGeo4W updating to 3.11 would mean that not only the python package has to be updated, but also all of the python c extensions would have to be rebuild, because they use binary dependencies from OSGeo4W. For the lighter dependencies that happens more often (on updates of GDAL, GEOS, PROJ, PDAL, SQLite etc.) anyway, but not for the heaviest one (Qt / PyQt5). But that may be become necessary soon as we're still using OpenSSL 1.1.1 in Python 3.9 and Qt and that's going to be EOL shortly. So that might become one big update. Hm, and Python 3.12 is expected to be released on October 2nd. |
|
Thanks for raising this ticket. Is there a repository where we can find the Python version when packaging QGIS ? (like the one for QGIS 3.28 which is widely used) ? @jef-n Is this file in the Osgeo4W correct for instance ? https://github.com/jef-n/OSGeo4W/blob/master/src/python3/osgeo4w/package.sh#L2 The CMakeList file in QGIS master is mentioning Python 3.7 minimum version : Line 1036 in bc6fdf7 |
|
@jef-n The current detected version for QGIS v3.28.11.1 is 3.9.5, and it has some identified vulnerabilities in its code, namely the Improper Input Validation vulnerability (see link here: https://security.snyk.io/vuln/SNYK-ROCKY9-PYTHON39-5878551) Suggestion: upgrade to Python version >3.11. Comments on this issue are appreciated. Update: As per article here: https://thesecmaster.com/how-to-fix-cve-2023-24329-url-parsing-issue-in-python/#How_to_Fix_CVE-2023-24329_%E2%80%93_URL_Parsing_Issue_in_Python |
|
Hi, Microsoft 365 Defender is now flagging QGIS 3.28.14-1 and QGIS 3.34.2-1 as Vulnerable with 15x discovered vulnerabilities due to Python 3.9.5. CVE-2022-37454 Critical I won't link to each CVE as I know you are more than capable, from my check of each CVE, Python requires an update exceeding version 3.11.5 see https://nvd.nist.gov/vuln/detail/CVE-2023-40217 MingW64 MSYS2 packages offering 3.11.7 at this time. |
This is now a requirement for CE+ otherwise organisations will fail. As the vulnerabilities are now flagged as Critical meaning any organisations following CE/ISO/NIST/SOC guidelines will fail at this time. QGIS needs to update Python shared libraries to 3.9.16 minimum to resolve this issue. |
|
+1 to this
Sadly this still affects a fresh install of QGIS LTR 3.28.14 PLEASE can QGIS and OSGEO be updated ASAP to support either a security bug fixed Python 3.9.x branch or be updated to a later Python build (I incorrectly mentioned in the OSGEO ticket 3.13 is due for release any day now - I misread the US date format, it's actually not due until October 2024) Thanks in advance for you urgent attention |
|
It apparently will also affect new installs auf LTR 3.34 - technically will have to force deinstallation of QGIS as the software poses a severe security risk. As 3.9.5 receives no regular updates since a while ago und the only updates beyond 3.9.10 have been security updates which are actually quite a few, that situation exists since quite a while - since MDE is flagging it prominently it simply becomes more transparent. |
|
Jürgen upstream on OSGeo4W has increased the Python version to 3.9.18 yesterday - Jan 14, 2024. See commit c290dc6 |
Thanks @jef-n |
|
FWIW, I have just re-tested the OSGEO4W installer as follows:
Thanks to jef from OSGEO for such a rapid turn around on this. One small cosmetic issue with QGIS either after a fresh install or after the update with the latest 3.9.18 python is the Help | About dialog still shows it has Python version 3.9.5 installed - even though I now know it is 3.9.18 I assume someone at QGIS can fix this? |
Not being a user of the software, just the admin that manages security of our infrastructure! Does this mean that we can install QGIS as separate package from within OSGEO4W or do we still need to wait for a separate install package from QGIS (with updated Python) ? Many thanks. |
I guess that it is the version of Python used when the QGIS binaries were built. |
|
@aclondon, I use the OSGEO4W installer as it is designed for IT administrators, the main benefit for us is it keeps the install in the same folder structure rather than creating a new folder structure for each QGIS release. The Install script I use to install the latest QGIS LTR version is within the OSGEO ticket I raised: I repackage the script and distribute via Intune to any clients that have QGIS installed |
|
Thank all for the follow up and comments. Regards |
|
The standalone installers are made from OSGeo4W packages - next release is on friday. See https://www.qgis.org/en/site/getinvolved/development/roadmap.html#schedule. |
You can also use the OSGeo4W-Installer to download the packages only and install them offline. |
|
Thank you for the useful information. Will investigate and provide instructions to our IT Team. Best regards |
|
A big thank you for acting on this so promptly. The version increase to 3.9.18 immediately addresses 14 of the listed CVE's. |
|
I've been having a bit of a dig into that CVE, looks like there has been a lot of back and forth with the Python developers and the person that raised the issue. |
Thanks for the script. I will have a play and see if can package a IntuneWIN file. Should be able to download the packages first and then just use the package to install them locally. |
I guess updating QGIS & OSGEO to Python 3.12.x would probably hide this vulnerability if the detection is based purely on the NIST info.
|
I have just updated to QGIS LTR 3.28.15 this morning, the Python version is now showing as 3.9.18 - Issue resolved: |
|
This original 54491 was to request an upgrade to Python for feature/performance improvements. Depending on the underlying efforts for new releases are what will determine if doing new releases for updating dependencies is a no-brainer or a heap of work for little reward. Python does offer security release versions for a period of 5 years from the initial branch release. The current use of Python 3.9 - released 3 years ago (5th October 2020) had active support end over a year and a half ago on the 17th of May 2022. As 54491 requests to increase to 3.11 and with this version ending active support / bug fixes in just over 2 months on the 1st of April. |
|
Entirely agree @readmanr |
|
Upgrading Python version to latest patched version 3.9.x sounds a good practice. Make the Python version something predictable (again, mainly for Windows package) enforces QGIS ecosystem. We could go for a relationship between QGIS LTR and Python stable versions:
And so being... |
Yes, and I think we can separate the OSgeo4W things and QGIS requirement. We should be able to open issue on OSGeo4W project ; afaik @jef-n it's “your” project.
Right! I vote to update this minimum version once OSgeo4W will update the python version. But, as a packager, I'm concerned to note update directly to 3.12. We have to be compatible with latest release, but we can't enforce it, since some systems/distributions may not have 3.12 as Python default version. So, OK for a min-version progressively. Maybe 3.10 or 3.11 for the next LTR. |
|
Thanks @lbartoletti for your PR. I would be in favor for instance to expose the minimum Python version required on the PyQGIS API documentation https://qgis.org/pyqgis/3.34/ There isn't any mention for now, I can have a look on that (maybe in Grenoble at the next QGIS code sprint) |
+1! |
Required by qgis/QGIS#56499 Fixes qgis/QGIS#54491
|
At the time of writing, Defender shows up a python 3.9.18 as vulnerable. |
To what? That vulnerability should still apply to all released python versions. Only unreleased Python 3.13 has a fix. |
According to the ongoing Python discussion about fixing this issue (python/cpython#102988 (comment)), they 'might' back port the fix from 3.13 beta 2 once it has been made available (Beta 1 is due out in May 2024, but I'm unsure of the Beta 2 schedule). |
…, refs qgis/QGIS#54491, qgis/QGIS#56499) Highlights: Switched to Visual Studio 2022 Qt6 6.6.3, PyQt6 6.6.1 Qt5 5.15.13, PyQt5 5.15.10 Python 3.12.3 OpenSSL 3.0.13 PROJ 9.4.0 GDAL 3.8.5 qgis-qt6-dev based on Qt6 next to qgis-dev based on Qt5 experimental QField based on Qt6 / qgis-qt6-dev Details: Removed: libjpeg (already replaced with libjpeg-turbo earlier) python3-clcache (replaced by ccache) python3-pyuv (dependency of python3-clcache) Updated: apache 2.4.52 -> 2.4.58 arrow-cpp 7.0.0 -> 15.0.2 boost 1.74.0 -> 1.84.0 brotli 1.0.9 -> 1.1.0 curl 8.4.0 -> 8.6.0 draco 1.5.6 -> 1.5.7 exiv2 0.27.3 -> 0.28.2 expat 2.2.10 -> 2.6.2 ffmpeg 5.1 -> 6.1.1 freetype 2.10.2 -> 2.13.2 gdal 3.8.4 -> 3.8.5 gpsbabel 1.8.0 -> 1.9.0 grass 7.8.8 -> 8.3.2 grass8 8.3.2 -> 99 (transitional; depends on grass) gsl 2.6 -> 2.7.1+ hdf4 4.2.16 -> 4.3.0 hdf5 1.14.0 -> 1.14.3 kealib 1.4.14 -> 1.5.3 lerc 3.0 -> 4.0.0 libharu 2.3.0 -> 2.4.4 libiconv 1.16 -> 1.17 libjpeg-turbo 2.0.7-esr -> 3.0.2 libjxl 0.8.1 -> 0.10.2 libmysql 8.0.21 -> 8.2.0 libosmium-devel 2.18.0 -> 2.20.0 libpng 1.6.37 -> 1.6.43 libtiff 4.5.1 -> 4.6.0 libxml2 2.9.10 -> 2.12.5 libxslt 1.1.34 -> 1.1.39 libzip 1.7.3 -> 1.10.1 lua 5.4.4 -> 5.4.6 lz4 1.9.3 -> 1.9.4 minizip-ng-devel 3.0.2 -> 4.0.4 node 16.14.0 -> 20.11.1 oci 19.11 -> 21.13 ogdi 4.1.0 -> 4.1.1 opencl 2.0.10 -> 2023.12.14 openfyba-devel 20150103 -> 20240408 openjpeg 2.4.0 -> 2.5.2 openssl 1.1.1w -> 3.0.13 osm2pgsql 1.8.1 -> 1.11.0 osmium 1.15.0 -> 1.16.0 pdal 2.6.0 -> 2.6.3 poppler 23.07.0 -> 24.04.0 proj 9.3.1 -> 9.4.0 proj-data 1.16 -> 1.17 python3 3.9.18 -> 3.12.3 protobuf-devel 3.13.0 -> 25.3 qca 2.3.1 -> 2.3.8 qscintilla 2.13.4 -> 2.14.1 qt5 5.15.3 -> 5.15.13 qtkeychain 0.13.2 -> 0.14.2 qwc2 20220311-671a6e7 -> 20240408-3d95409 qwt 6.1.6 -> 6.2.0 saga 7.8.2 -> 9.3.1 saga9 9.2.0 -> 99 (transitional; depends on saga) snappy-devel 1.1.9 -> 1.1.10 spdlog-devel 1.10.0 -> 1.13.0 sqlite3 3.41.1 -> 3.45.1 swig 4.0.2 -> 4.2.1 thrift 0.16.0 -> 0.20.0 transifex-cli 1.6.5 -> 1.6.10 utf8proc 2.7.0 -> 2.9.0 wxwidgets 3.2.1 -> 3.2.4 xerces-c 3.2.3 -> 3.2.5 xz 5.2.5 -> 5.4.5 yarnpkg 1.22.17 -> 1.22.21 zlib 1.2.12 -> 1.3.1 zstd 1.4.5 -> 1.5.5 Updated Python extensions: python3-access 1.1.1 -> 1.1.9 python3-affine 2.3.0 -> 2.4.0 python3-alabaster 0.7.12 -> 0.7.16 python3-argon2-cffi 20.1.0 -> 23.1.0 python3-atomicwrites 1.4.0 -> 1.4.1 python3-attrdict 2.0.1 -> python3-attrdict3 2.0.2 python3-attrs 20.2.0 -> 23.2.0 python3-autopep8 2.0.1 -> 2.1.0 python3-babel 2.8.0 -> 2.14.0 python3-backports.entry-points-selectable 1.1.0 -> 1.3.0 python3-beautifulsoup4 4.9.3 -> 4.12.3 python3-bleach 3.2.1 -> 6.1.0 python3-certifi 2020.6.20 -> 2024.2.2 python3-cffi 1.14.3 -> 1.16.0 python3-cftime 1.2.1 -> 1.6.3 python3-chardet 3.0.4 -> 5.2.0 python3-click 7.1.2 -> 8.1.7 python3-cligj 0.7.0 -> 0.7.2 python3-colorama 0.4.4 -> 0.4.6 python3-coverage 5.3 -> 7.4.4 python3-cycler 0.10.0 -> 0.12.1 python3-decorator 4.4.2 -> 5.1.1 python3-defusedxml 0.6.0 -> 0.7.1 python3-distlib 0.3.2 -> 0.3.8 python3-docutils 0.16 -> 0.20.1 python3-entrypoints 0.3 -> 0.4 python3-esda 2.3.1 -> 2.5.1 python3-exifread 2.3.2 -> 3.0.0 python3-filelock 3.0.12 -> 3.13.3 python3-fiona 1.9.5 -> 1.9.6 python3-fonttools 4.28.5 -> 4.51.0 python3-future 0.18.2 -> 1.0.0 python3-gdal 3.8.4 -> 3.8.5 python3-geoalchemy2 0.12.5 -> 0.14.7 python3-geographiclib 1.50 -> 2.0 python3-geopandas 0.14.1 -> 0.14.3 python3-giddy 2.3.3 -> 2.3.5 python3-greenlet 1.1.1 -> 3.0.3 python3-h5py 3.8.0 -> 3.10.0 python3-httplib2 0.18.1 -> 0.22.0 python3-idna 2.10 -> 3.6 python3-imagesize 1.2.0 -> 1.4.1 python3-importlib-metadata 2.0.0 -> 7.1.0 python3-inequality 1.0.0 -> 1.0.1 python3-iniconfig 1.1.1 -> 2.0.0 python3-ipykernel 5.3.4 -> 6.29.4 python3-ipython 7.18.1 -> 8.23.0 python3-ipywidgets 7.5.1 -> 8.1.2 python3-isort 5.12.0 -> 5.13.2 python3-jedi 0.17.2 -> 0.19.1 python3-jinja2 3.1.2 -> 3.1.3 python3-joblib 0.17.0 -> 1.3.2 python3-jsonschema 3.2.0 -> 4.21.1 python3-jupyter-client 6.1.7 -> 8.6.1 python3-jupyter-console 6.2.0 -> 6.6.3 python3-jupyter-core 4.6.3 -> 5.7.2 python3-jupyterlab-pygments 0.1.2 -> 0.3.0 python3-kiwisolver 1.2.0 -> 1.4.5 python3-libpysal 4.3.0 -> 4.10 python3-llvmlite 0.34.0 -> 0.42.0 python3-lxml 4.6.2 -> 5.2.1 python3-mapclassify 2.3.0 -> 2.6.1 python3-markupsafe 1.1.1 -> 2.1.5 python3-matplotlib 3.5.1 -> 3.8.4 python3-mgwr 2.1.2 -> 2.2.1 python3-mistune 0.8.4 -> 3.0.2 python3-mock 4.0.2 -> 5.1.0 python3-mod-wsgi 4.9.0 -> 5.0.0 python3-mpmath 1.1.0 -> 1.3.0 python3-munch 2.5.0 -> 4.0.0 python3-nbclient 0.5.1 -> 0.10.0 python3-nbconvert 6.0.7 -> 7.16.3 python3-nbformat 5.0.8 -> 5.10.4 python3-nest-asyncio 1.4.2 -> 1.6.0 python3-netcdf4 1.6.3 -> 1.6.5 python3-networkx 2.5 -> 3.3 python3-nltk 3.5 -> 3.8.1 python3-nose2 0.9.2 -> 0.14.1 python3-notebook 6.1.4 -> 7.1.2 python3-numba 0.51.2 -> 0.59.0 python3-numpy 1.24.1 -> 1.26.4 python3-openpyxl 3.0.9 -> 3.1.2 python3-osmium 3.4.1 -> 3.7.0 python3-owslib 0.29.2 -> 0.30.0 python3-packaging 20.4 -> 24.0 python3-pandas 2.0.2 -> 2.2.1 python3-pandocfilters 1.4.3 -> 1.5.1 python3-parso 0.8.0 -> 0.8.4 python3-patsy 0.5.1 -> 0.5.6 python3-pbr 5.5.1 -> 6.0.0 python3-pdal-plugins 1.2.1 -> 1.3.0 python3-pillow 10.0.1 -> 10.3.0 python3-pirogue 1.2.5 -> 1.4.2 python3-platformdirs 2.0.2 -> 4.2.0 python3-plotly 4.12.0 -> 5.20.0 python3-pluggy 0.13.1 -> 1.4.0 python3-pointpats 2.2.0 -> 2.4.0 python3-prometheus-client 0.8.0 -> 0.20.0 python3-prompt-toolkit 3.0.8 -> 3.0.43 python3-psycopg 3.1.9 -> 3.1.18 python3-psycopg2-binary 2.9.3 -> 2.9.9 python3-pum 0.9.12 -> 0.10.0 python3-py 1.9.0 -> 1.11.0 python3-pybind11 2.6.2 -> 2.12.0 python3-pycparser 2.20 -> 2.22 python3-pygments 2.7.2 -> 2.17.2 python3-pymemcache 3.4.0 -> 4.0.0 python3-pyodbc 4.0.30 -> 5.1.0 python3-pyopengl 3.1.5 -> 3.1.7 python3-pyparsing 2.4.7 -> 3.1.2 python3-pyqt-builder 1.10.3 -> 1.16.0 python3-pyqt5 5.15.4 -> 5.15.10 python3-pyqt5-sip 12.8.1 -> 12.13.0 python3-pyqtwebengine 5.15.5 -> 5.15.6 python3-pyrsistent 0.17.3 -> 0.20.0 python3-pysal 2.3.0 -> 24.1 python3-pytest 6.1.2 -> 8.1.1 python3-pytest-cov 2.10.1 -> 5.0.0 python3-python-dateutil 2.8.1 -> 2.9.0.post0 python3-pythonqwt 0.8.3 -> 0.12.1 python3-pytz 2023.3 -> 2024.1 python3-pywinpty 0.5.7 -> 2.0.13 python3-pyyaml 5.3.1 -> 6.0.1 python3-pyzmq 19.0.2 -> 25.1.2 python3-qscintilla 2.13.4 -> 2.14.1 python3-qtconsole 4.7.7 -> 5.5.1 python3-qtpy 1.9.0 -> 2.4.1 python3-quantecon 0.4.8 -> 0.7.2 python3-rasterstats 0.15.0 -> 0.19.0 python3-regex 2020.10.28 -> 2023.12.25 python3-reportlab 4.0.4 -> 4.1.0 python3-requests 2.24.0 -> 2.31.0 python3-retrying 1.3.3 -> 1.3.4 python3-rtree 0.9.4 -> 1.2.0 python3-scikit-learn 0.23.2 -> 1.4.1.post1 python3-scipy 1.10.1 -> 1.13.0 python3-seaborn 0.11.0 -> 0.13.2 python3-segregation 1.4.0 -> 2.5 python3-send2trash 1.5.0 -> 1.8.3 python3-setuptools 67.6.0 -> 69.2.0 python3-shapely 2.0.2 -> 2.0.3 python3-simplejson 3.17.2 -> 3.19.2 python3-sip 6.1.1 -> 6.8.3 python3-six 1.15.0 -> 1.16.0 python3-snowballstemmer 2.0.0 -> 2.2.0 python3-soupsieve 2.0.1 -> 2.5 python3-spaghetti 1.5.3 -> 1.7.5.post1 python3-spglm 1.0.8 -> 1.1.0 python3-sphinx 3.3.0 -> 7.2.6 python3-splot 1.1.3 -> 1.1.5.post1 python3-spreg 1.1.2.post1 -> 1.4.2 python3-sqlalchemy 1.4.42 -> 2.0.29 python3-statsmodels 0.14.0 -> 0.14.1 python3-sympy 1.6.2 -> 1.12 python3-terminado 0.9.1 -> 0.18.1 python3-testpath 0.4.4 -> 0.6.0 python3-threadpoolctl 2.1.0 -> 3.4.0 python3-tobler 0.4.0 -> 0.11.2 python3-toml 0.10.1 -> 0.10.2 python3-torch 2.2.1 -> 2.2.2 python3-tornado 6.0.4 -> 6.4 python3-tqdm 4.51.0 -> 4.66.2 python3-traitlets 5.0.5 -> 5.14.2 python3-typing-extensions 4.5.0 -> 4.11.0 python3-tzdata 2023.3 -> 2024.1 python3-urllib3 1.25.11 -> 2.2.1 python3-virtualenv 20.5.0 -> 20.25.1 python3-wcwidth 0.2.5 -> 0.2.13 python3-wheel 0.35.1 -> 0.43.0 python3-widgetsnbextension 3.5.1 -> 4.0.10 python3-xlrd 1.2.0 -> 2.0.1 python3-zipp 3.4.0 -> 3.18.1 Just rebuilt with VS2022: api-ms-win-core-path-HACK 0.0.1 avce00 2.0.0 base 1.0.0 bzip2-devel 1.0.8 cairo 1.17.2 entwine 3.0.0 fcgi 2.4.2 freexl 2.0.0 geos 3.12.1 gs 10.02.1 icu 67.1 imposm3 0.11.1 laszip 3.4.3 libgeotiff 1.7.1 libkml-devel 1.3.0 liblas 1.8.1 libpq 16.2 librttopo 1.1.0 libspatialindex 1.9.3 libspatialite 5.1.0 libwebp 1.3.2 mod_fcgid 2.3.10 netcdf 4.9.2 odbc-cpp-wrapper 1.1 pcraster 4.4.1 protozero-devel 1.7.1 qgis 3.36.1 qgis-ltr 3.34.5 qtwebkit 5.212.0-alpha4 qwc-services 1.3.4 setup 1.1.2 shell 99.0.0 szip 2.1.1 tiledb 2.8.2 wingetopt-devel 1.00 Repackaged/rebuilt for Python 3.12 python3-async-generator 1.10 python3-backcall 0.2.0 python3-click-plugins 1.1.1 python3-descartes 1.1.0 python3-et-xmlfile 1.1.0 python3-ipython-genutils 0.2.0 python3-jupyter 1.0.0 python3-mapproxy 2.0.2 python3-mypy-extensions 1.0.0 python3-pdal 3.2.3 python3-pickleshare 0.7.5 python3-pip 24.0 python3-ply 3.11 python3-pypdf2 3.0.1 python3-pypiwin32 223 python3-pyproj 3.6.1 python3-pypubsub 3.3.0 python3-pyserial 3.5 python3-pytoml 0.1.21 python3-pywin32 306 python3-rasterio 1.3.9 python3-remotior-sensus 0.3.5 python3-snuggs 1.4.7 python3-spint 1.0.7 python3-spvcm 0.3.0 python3-tomli 2.0.1 python3-webencodings 0.5.1 python3-wxpython 4.2.1 python3-xlwt 1.3.0 Added: grass7 99 (transitional; depends on grass(8); grass 7 doesn't support python 3.12) podofo 0.10.3 qca-qt6 2.3.8 qgis-qt6-dev (master based on Qt6) qscintilla-qt6 2.14.1 qt6 6.6.3 qtkeychain-qt6 0.14.2 qwt-qt6 6.2.0 uriparser-devel 0.9.7 saga7 7.9.1 (old saga, just in case) qfield-dev 3.2.2 (experimental; depends on very heady qgis-qt6-dev; TODO split the latter to minimize qfield dependencies) poly2tri-devel 20240411 (qfield dependency) zxing-cpp-devel 2.2.1 (qfield dependency) Added python extensions: python3-anyio 4.3.0 python3-argon2-cffi-bindings 21.2.0 python3-asttokens 2.4.1 python3-async-lru 2.0.4 python3-charset-normalizer 3.3.2 python3-comm 0.2.2 python3-contourpy 1.2.1 python3-debugpy 1.8.1 python3-deprecation 2.1.0 python3-duckdb 0.10.1 python3-executing 2.0.1 python3-fastjsonschema 2.19.1 python3-fsspec 2024.3.1 python3-h11 0.14.0 python3-httpcore 1.0.5 python3-httpx 0.27.0 python3-json5 0.9.24 python3-jsonschema-specifications 2023.12.1 python3-jupyter-events 0.10.0 python3-jupyter-lsp 2.2.5 python3-jupyter-server 2.13.0 python3-jupyter-server-terminals 0.5.3 python3-jupyterlab 4.1.5 python3-jupyterlab-server 2.26.0 python3-jupyterlab-widgets 3.0.10 python3-matplotlib-inline 0.1.6 python3-maturin 1.5.1 python3-momepy 0.7.0 python3-notebook-shim 0.2.4 python3-overrides 7.7.0 python3-pathspec 0.12.1 python3-psutil 5.9.8 python3-psycopg2 2.9.9 python3-pulp 2.8.0 python3-pure-eval 0.2.2 python3-pyarrow 15.0.2 python3-pycodestyle 2.11.1 python3-pyqt6 6.6.1 python3-pyqt6-qscintilla 2.14.1 python3-pyqt6-sip 13.6.0 python3-python-json-logger 2.0.7 python3-referencing 0.34.0 python3-rfc3339-validator 0.1.4 python3-rfc3986-validator 0.1.1 python3-rpds-py 0.18.0 python3-sniffio 1.3.1 python3-sphinxcontrib-applehelp 1.0.8 python3-sphinxcontrib-devhelp 1.0.6 python3-sphinxcontrib-htmlhelp 2.0.5 python3-sphinxcontrib-jsmath 1.0.1 python3-sphinxcontrib-qthelp 1.0.7 python3-sphinxcontrib-serializinghtml 1.1.10 python3-spopt 0.6.0 python3-stack-data 0.6.3 python3-tenacity 8.2.3 python3-tinycss2 1.2.1 python3-websocket-client 1.7.0 Other changes: * acceptable licenses updated * switch to VS2022 * add bootstrap.cmd to * invoke installation of cygwin base, * clone the repo * build everything * build process installs necessary tools if necessary * vs2022 * debug tools (for dbghelp.dll) * cmake * ninja * ccache (supports msvc now) * enables long paths on build (for Qt6 / webengine / chromium) * cleanups * PACKAGES added to package.sh to list produced packages * devenv replaced with msbuild * Update of ECWJP2SDKSetup_5.5.0.2268-Update4-Windows.zip not automatically downloadable anymore (place in src/gdal/osgeo4w/gdaldeps and src/gdal-dev/osgeo4w/gdaldeps)
|
I came across this issue as the update from 3.34.5 to 3.34.6 resulted in plugin errors because of missing libs in python 3.12. |
This was surprising to me as well, including the sudden jump from 3.9.18 to 3.12.x without anything in between for the OSgeo4W build. Bold move cotton (j/k) |
|
@prusswan there's NEVER been any promise that library versions won't change throughout the lifespan of an LTR. You need to adapt your processes accordingly. |
Still a pretty hasty transition from 3.9.5 to 3.9.18 (briefly) then to 3.12.4. It is not only the LTR affected btw. Since I can't fix everything for 3.12, I will have to request users to use the last QGIS version with Python 3.9 until further notice. As I am using OSGeo4w build, I rely on the roadmap and OSGeo instructions and changes to osgeo4w/package.sh to determine what I need. Last versions using 3.9 are (3.36.1 | 3.34.5). I went with this snapshot url (https://download.osgeo.org/osgeo4w/v2/snapshots/20240322-185340/) to install 3.36.1 |
@nyalldawson On could also argue that it is never written anywhere that a patch upgrade of an LTR might upgrade the minor or major version of a dependency. This goes against what most people think of an LTR release. That being said, I am well aware that this is difficult problem to handle. We should at least write somewhere that the major version of a dependency might change throughout the lifespan of an LTR. Where would be the best place to document it? In the longer term, I think we should only upgrade to patched version during the lifespan of an LTR as @Guts suggested in #54491 (comment) |
|
Does QGIS even have a Python upgrade policy at this time? Afaik it was on 3.9.5 for a fairly long time, sure an upgrade to 3.11 or 3.12 was due but this is just not properly communicated/managed. It should have been featured in the changelog or on the website. Many of our users are not developers and should not have to find out the "hard" way from Github. Something like this at the very least: https://developers.arcgis.com/python/latest/guide/system-requirements/ |
|
Probably it is not clear that QGIS itself doesn't ship Python or GDAL or PROJ or GEOS or other needed libraries. It needs a minimum version of such libraries in order to be correctly built and to work on a system. The actual library version that QGIS is built against and that it uses depends on the available library version on such system. On some systems (like Windows) all the needed libraries are provided by a dedicated installer created by OSGeo4W but the needed libraries can also be provided by a environment management system like Conda and they can be different from those provided by OSGeo4W. Just some examples of the different Python versions used by the same QGIS 3.34.11 on various systems currently: Windows: OSGeo4W installer 3.12.6 / Conda-forge 3.12.7 (or previous versions) |
Thanks for the explanation. Now I get that the same QGIS version can be built with/on different versions of Pythons across different OSes, making the situation rather complicated. Still, the normal user will believe QGIS comes with a working Python environment included (built-in console, or through the OSGeo4w shell), they just don't have much of a choice over the Python version unless they are capable of building QGIS including dependencies. |
Correct, and they always do.
Correct. It's not something the end user can/should be in control over if they are using the official installers. You'll just need to ensure your plugins and scripts and processes are flexible enough to handle this. |
Feature description
Dear QGIS Team,
I hope this message finds you well. I am writing to request an upgrade of the default Python version used in QGIS from 3.9 to the latest stable version, which is 3.11.4 at the time of writing.
I understand that QGIS is a complex and multifaceted open-source GIS platform, and I genuinely appreciate all the hard work that the team puts into maintaining and improving it. Python plays a critical role in extending the functionality of QGIS through plugins and scripting, and using the latest Python version can provide numerous benefits, including performance improvements and access to new features and libraries.
I attempted to build QGIS against Python 3.11 myself, but unfortunately, I encountered difficulties and could not successfully complete the process. I believe that many other users may face similar challenges, especially those who rely on QGIS as a fundamental tool in their work. As such, having the latest Python version bundled with QGIS would streamline the installation process and ensure that users have access to the most up-to-date Python environment without the need for manual configuration.
I am aware that some users choose to use QGIS with Anaconda, which allows for greater flexibility in managing Python environments. However, in our organization, we have internal policies and licensing constraints that prevent us from using QGIS with Anaconda. Therefore, having the default QGIS distribution support Python 3.11 would be immensely valuable to us and many other users who share similar restrictions.
I understand that software development and integration decisions are complex and require careful consideration. Still, I kindly request that you evaluate the feasibility of upgrading the default Python version in QGIS to 3.11 in a future release. Your efforts in this regard would be greatly appreciated by the QGIS user community.
Thank you for your time and dedication to the QGIS project. I look forward to any updates or information you can provide regarding this request.
Additional context
No response
The text was updated successfully, but these errors were encountered: