The teams that built and still maintain these legacy Drupal installations, and the end users they serve, are important constituents of the Drupal community. Although these users should still plan their upgrade to a newer version of Drupal, if they are unable to upgrade before the currently announced end-of-life, it would not be responsible of us to leave them vulnerable.
Therefore, we are announcing that moving forward, the scheduled Drupal 7 End-of-Life date will be re-evaluated annually. As of today, we are extending the end-of-life by one year to November 1, 2023.
More than a decade after its first release, Drupal 7 is still widely used across the web. It can be found powering civic engagement in government installations; managing vast amounts of content for faculty, students, and staff in educational institutions; and providing the digital backbone for many businesses and non-profit organizations. Drupal 9 is well-maintained, secure, stable, and feature-rich, but many organizations still rely on Drupal 7.
We will announce by July 2023 whether we will extend Drupal 7 community support an additional year. Factors that we will consider are community support, Drupal 7 usage, and active Drupal 7 maintainers. Current support is made possible thanks to the many Drupal 7 maintainers and companies that are paying to support Drupal 7.
You can donate to the Drupal Security Team on our Donations page.
The Drupal project lead, Dries Buytaert, the Drupal Association, and the Drupal Security Working Group have been monitoring the Drupal 7 ecosystem since the previous end-of-life extension. As a majority of all sites in the Drupal project are still on Drupal 7, we have decided that there is a clear need to provide additional support to the members of our community still using this version. At the end of the day, we have a moral imperative to keep as many of those sites secure as we can.
For press contacts, please email security-press@drupal.org.