Skip to main content

End of Life (EOL)

End of life is the date after which a software version no longer receives support or security patches from its maintainer — leaving any vulnerability found afterwards permanently unpatched on that version.

End of life (EOL) is the point at which a maintainer stops supporting a software version: no more bug fixes, and — critically — no more security patches. Runtimes, frameworks, operating systems, and databases all publish support schedules; community projects like endoflife.date aggregate them into machine-readable feeds.

How It Works

Most projects run support windows per release line — long-term support (LTS) releases get years, interim releases months. After the published EOL date, a newly discovered vulnerability in that version will never receive a fix; the only remediation is upgrading to a supported line.

Why It Matters

An EOL component is standing exposure independent of any single CVE, because the patch path is gone. That is why serious drift and risk models treat EOL as a floor rather than a weight: an unsupported runtime cannot be averaged into a healthy-looking score by hundreds of current dependencies. Tracking upcoming EOL dates turns forced emergency migrations into planned upgrades.

Related Terms

EOL status floors DriftScore and sets exposure floors in RiskScore; deprecation is the warning phase that precedes it.