Drupal 7 security support ends on 5 January 2025. This is the final extension of Drupal 7 end of life – Drupal 7 will not receive security updates after this date. But don’t worry! The Drupal Association and Drupal Security Team are providing resources, tools, and partners to empower you to migrate your Drupal 7 sites.
This date marks 14 years since Drupal 7’s original release. While we’re proud of what Drupal 7 accomplished, we are looking forward to focusing resources on modern Drupal(Drupal 10, Drupal 11 and beyond!)
What happens on 5 January 2025?
After 5 January 2025, Drupal 7 will no longer receive security or compatibility updates. If you are still running Drupal 7 beyond this date, your website will be vulnerable to security risks and may face compatibility issues. Failure to address these issues can put your website out of compliance with FedRAMP, PCI, HIPAA, SOC 2, and other compliance standards.
Still on Drupal 7? Here Are Your Options:
Migrate to the Latest Drupal Release
Migrating to the latest version of Drupal guarantees continuous support, security updates, and access to the newest features available on Drupal. The Drupal Association has identified several Certified Migration Partners who can help you perform the Drupal 7 migration. We have also organized a collection of valuable resources that may be helpful as you plan your migration efforts.
Visit our Migration Resource Center and find a Certified Migration Partner
Purchase Extended Security Support for Drupal 7
In an effort to provide the Drupal 7 community with security beyond the Drupal 7 end of life, the Drupal Association has created the Extended Security Support Provider Program. If migrating off of Drupal 7 before 5 January 2025 isn’t feasible, you can purchase extended security support for Drupal 7 from carefully vetted, certified vendors through this program.
Currently, HeroDevs, Tag1 Consulting, and DropSolid are the certified vendors in the Extended Security Support Provider Program.
View our D7 Extended Support partners.
Notify Users of Your Plan
If migrating to a newer version or using extended support isn't feasible right now, it’s essential to communicate your security strategy to your users. Make sure to inform your customers, managers, CISO, or other stakeholders about your plans for handling support and managing potential vulnerabilities. This transparency is important for maintaining trust and compliance.
DIY Resources
Migrating beyond Drupal 7 can be done your self and we have resources that might help users who choose to go with this plan.
