On Wed, Apr 16, 2025 at 01:11:34PM -0400, Noah Meyerhans wrote: > > Do you have any upstream statement how they will handle the 2.3.y > > series after their 2.4 release? Do they plan to still backport CVE > > fixes for the 2.3 series or is it considered officially end of life? > > > > It so we might better of moving to 2.4 for the trixie lifecycle but I > > understand there are major changes impacting users. > > > > Ultimately I guess the question is how confident you are that 2.4 can > > be made ready in time now during the freeze for any potential > > fallouts, reports, bugs from users? > > > > Sorry that are not very specific questions. > > I haven't seen a public statement on 2.3.x support, but upstream has > noted on their mailing lists that it's "on life support". I've reached > out for clarification...
Per upstream, the discussion of the EOL timeline for 2.3 is in progress, and they'll announce something in the coming weeks. They'll fix CVEs for some period of time, but nothing else. The exact period of time is not yet known, but I would not expect it to be very long (certainly shorter than the standard trixie support period). 2.3 is quite old at this point and they're strongly encouraging people to move to 2.4. noah
