Not updating the system is usually a solution to such problems.
At best there is a nginx or an API in front that acts a reverse proxy to clean-up/normalize the incoming requests and prevent directly exposing the service.
Example: banks, airlines, hospitals, air traffic controllers, electricity companies, etc
All critical services that nobody wants to touch, as it works +/-
Guess what, all those places can just use Python 3.12 for as long as it's maintained and if they REALLY can't update, they can:
a) make the system air gapped
b) pay a Python consulting company to back port security fixes
c) hire a Python core dev to do the system, directly
OOOOR, they can just update to Python 3.13 and migrate to the equivalent Python package that's not part of the core. For sure they already use other Python packages already.
We're making a mountain out of a molehill, also on behalf of places that have plenty of money to spend if push comes to shove.
Not updating the system is usually a solution to such problems.
At best there is a nginx or an API in front that acts a reverse proxy to clean-up/normalize the incoming requests and prevent directly exposing the service.
Example: banks, airlines, hospitals, air traffic controllers, electricity companies, etc
All critical services that nobody wants to touch, as it works +/-