Drupal 7's end of life is January 5, 2025
On February 23, 2022, we announced that we would be extending the End-of-Life for Drupal 7 until at least November 1, 2023.
Today, we are officially announcing that Drupal 7 will reach its end of life on January 5, 2025.
With this final extension, the Drupal Security Team is also adjusting the level of support provided.
This will be the final extension.
Reduced support for moderately critical Drupal 7 issues
Effective August 1, 2023, the Drupal Security Team may choose to publicly post moderately critical and less critical issues affecting Drupal 7 in the public issue queue for resolution, as long as they are not mass-exploitable. (Security risk levels defined.)
Drupal 9 and above are not affected by this change. When a security issue affects both Drupal 7 and Drupal 10, for example, the Drupal 10 security advisory may be released without a corresponding Drupal 7 fix, and the Drupal 7 issue made public at that point.
Drupal 7 branches of unsupported modules are no longer eligible for new maintainership
Community support for contributed modules will continue as it has to date. However, beginning August 1, 2023, once the Drupal 7 branch of a contributed module is marked unsupported it will not be eligible for new maintainership and will not be marked supported again. This will be true if an existing maintainer marks the module unsupported, or if the security team marks it unsupported for lack of response. If there are Drupal 7 modules that you or your clients rely on, then we strongly encourage you to adopt these modules proactively.
The Drupal security team will not issue security advisories for any unsupported libraries that Drupal 7 contributed modules rely on, such as CKEditor 4.
PHP 5.5 and below will no longer be supported on Drupal 7
Effective August 1, 2023, we will no longer support PHP versions lower than 5.6 for Drupal 7. We may issue further PSAs increasing the minimum PHP requirement any time before Drupal 7's end of life.
Security fixes will no longer be provided for Drupal 7 Windows-only issues
Effective August 1, 2023, we will no longer provide Drupal 7 security fixes for Windows-only issues. If you are running a Drupal 7 site on Windows, you should look into migrating to another operating system for hosting your site.
Drupal.org will no longer package Drupal 7 distributions
Effective August 1, 2023, Drupal.org will no longer create Drupal 7 distribution packages with Drush make files. If you need a distribution built, you can use drush make locally.
This is the final extension of Drupal 7 community support
Current support is made possible thanks to the Drupal core maintainers, the Drupal Security Team, and organizations and volunteers who contribute to Drupal 7 issues.
You can donate to support the work of the Drupal Security Team on our Security Team Donations page.
To learn more about sponsoring Drupal core maintainers and contributors, read xjm's blog post: Why sponsor a core committer?
What the Drupal 7 End of Life means for you
Once Drupal 7 reaches End of Life, this means:
- The Drupal Security Team will no longer provide support or Security Advisories for Drupal 7 core and contributed modules.
- Security issues for Drupal 7 may be disclosed in public, and zero-days (i.e, security vulnerabilities being exploited in the wild without advance warning) may occur.
- Drupal.org will no longer support tasks related to Drupal 7 including documentation navigation, automated testing, packaging, etc.
- All Drupal 7-compatible releases on project pages will be flagged as not supported.
- Some Drush functionality for Drupal 7 will stop working as the underlying Drupal.org infrastructure will be removed.
- Drupal.org file archive packaging (tar and zip files) for Drupal 7 will be shut off.
The archives may be removed. - There will be no more core commits on Drupal core 7.x.
- Package tarballs may no longer be downloadable.
- External vulnerability scans will flag Drupal 7 as insecure.
If you are still maintaining a Drupal 7 site, we recommend migrating to Drupal 10 before the end of life date.
Announcing the Drupal Association migration partners program
The Drupal Association is working to certify migration partners to help Drupal 7 site owners.
Certified Migration Partners will be promoted on Drupal.org, alongside a migration resource library, to any end users looking for help.
Priority will be given to past extended support vendors and top contributors.
To learn more about the Drupal 7 Certified Migration Partners visit the Drupal 7 EOL landing page.
Coordinated By:The project lead, members of the Security team, and core committers contributed to this document.