[Security-news] Drupal 8 end-of-life on November 2, 2021 (four months from now) - PSA-2021-2021-06-29
security-news at drupal.org
security-news at drupal.org
Tue Jun 29 23:22:54 UTC 2021
View online: https://www.drupal.org/psa-2021-2021-06-29
Version: 8.9.x-dev
Date: 2021-June-29
Description:
*Drupal 8 will reach its end-of-life on November 2, 2021*, before the release
of Drupal 9.3.0, due to Symfony 3's end-of-life [1]. If you are using Drupal
8, *you must upgrade to Drupal 9.2 before November to keep your site secure*.
(Drupal 9.1 security coverage ends shortly after the Drupal 8 end-of-life, so
updating to 9.2 directly is best.)
There is no vendor extended support program for Drupal 8.
Solution:
.... How do I upgrade my Drupal 8 site to Drupal 9?
The Drupal 8 to Drupal 9 upgrade process is much easier than previous
major-version upgrades. There are many automated tools available to assist
with the upgrade. Learn more about upgrading your Drupal 8 site to Drupal 9
[2].
.. What if a module I need doesn't have a Drupal 9 release?
Many modules can be upgraded automatically. Check the module's issue queue
for an issue created by "Project Update Bot".
1) If the "Project Update Bot" issue is not yet marked "Reviewed and Tested
by the Community" ("RTBC"), review and test whether the module works for
you on Drupal 9 with that patch applied to its code.
* If the issue is set to "Needs review" and your testing does not
encounter any problems, you can mark the issue RTBC, along with a
comment explaining what you tested and how.
* Otherwise, if it does not work or causes bugs that didn't happen
before, mark the issue "Needs work" explaining what did not work with
the Drupal 9 patch.
2) If the existing issue is /already/ "Reviewed & Tested by the Community",
test it yourself, and comment on the issue reporting what testing you
did. Consider using the maintainer's contact form to reach out to them
asking them to make a Drupal 9 release.
3) If you have maintained contributed projects before and the patch has
been
RTBC for at least two weeks, consider taking over maintenance of the
module [3]. Otherwise, if you work with an organization that provides
Drupal services, ask that organization to consider taking over
maintenance of the module.
If you cannot find anyone to maintain the module, try using the patch
directly with composer [4].
The Drupal Association will also be taking additional steps to help with the
creation of Drupal-9-compatible releases in the coming months.
.... What about Drupal 7?
Drupal 7 will still have community-based security coverage until November 28,
2022 [5]. The paid Drupal 7 Vendor Extended Support program [6] will continue
until November 2025.
[1] https://symfony.com/releases/3.4
[2]
https://www.drupal.org/docs/upgrading-drupal/how-to-prepare-your-drupal-7-or-8-site-for-drupal-9/upgrading-a-drupal-8-site
[3]
https://www.drupal.org/docs/develop/managing-a-drupalorg-theme-module-or-distribution-project/maintainership/taking-over
[4]
https://www.drupal.org/docs/upgrading-drupal/upgrading-from-drupal-8-to-drupal-9-or-later#s-installing-drupal-8-only-contributedmodule-with-drupal-9-patch
[5] https://www.drupal.org/psa-2020-06-24
[6] https://www.drupal.org/project/d7es
More information about the Security-news
mailing list