According to the announcements on Dries Buytaert’s blog, as well as his speech at Drupal Europe 2018, we can expect Drupal 9 in 2020. This is an extremely important message for people using services based on Drupal 7 or 8, mostly because Dries has also determined the dates when these versions will stop being supported. But what does it really mean? What steps should I take, if I have a site built with Drupal 7/8? Will the site be more vulnerable to hacker attacks? The following article is the answer to these questions.
In September 2018 I had the pleasure to participate in the Drupal Europe 2018 event, where Dries Buytaert (the founder/creator of Drupal) presented some important dates during his presentation (the so-called Driesnote), that will be “milestones” in the further development of this CMS.
The first of them was the Symfony 3 end-of-life in November 2021. This means, that Symfony 3 will no longer be supported and there will not be any subsequent updates related to the performance improvement or security. Because of the fact, that Drupal 8 is dependent on Symfony 3 – Drupal 8 support is also stopped in November 2021.
In this situation, the need for releasing a new version is quite obvious, that is why Dries informed us about a new, improved version – Drupal 9. To provide site owners at least a year to migrate their CMS, “Drupal 9 release” is scheduled for 2020. According to Dries’s announcement, it will happen on June 3, 2020.
Because of the end of Drupal 8 support, previously supported Drupal 7 becomes end-of-life at the same time as 8, i.e. in November 2021.
End-of-life (EOL) means no more support for the aforementioned versions. Drupal Security Team makes every effort to improve the security of Drupal by implementing corrections related to the reported bugs, which results in “security updates”. Because of the EOL, Drupal 7 and Drupal 8 will not be included in subsequent security updates. So, will the site on Drupal 7 or 8 work after November 2021? Yes. How long? Nobody knows that :)
First of all, you should get out of your mind thoughts like:
Right after the publication of the security update information, those interested in breaking security can investigate these changes included in the update and will be able to find the way to break the security by using backwards engineering. At this point, only the ignorance of the existence of our site separates us from being targeted by the hacker – and it will be found without much effort by scanning the network to find servers and sites where the security has not been updated yet.
The answer is: migrate Drupal to a newer version as soon as possible. Let us consider two options (depending on the base version):
Code migration can be especially time-consuming because it consists of custom modules, themes and templates. The workload is much larger in this situation than in the case of migration from version 8 to 9, but it is inevitable.
If you use Drupal 7, you should consider 2 options:
If you are not a Drupal Developer, you should also take into consideration the fact, that in 2020 it may be harder to find a specialist who will take up such a challenge.
It is good to consider this decision now.
The clock is ticking.