The statistics around cyber security are alarming. Around 30,000 websites are hacked globally on a daily basis. As many as 64% of the companies across the world have faced one or more kinds of cyber attack.
Given that Drupal core version 8 series reached end of life on November 2, 2021, does that mean that you’re really left in the midst of the ocean without an anchor to secure you? What happens to contributed projects after Drupal 8’s end of life? In this blog, we discuss such concerns that you may have.
What is Drupal 8 End of life?
Drupal core version 8 was released on November 19, 2015. It’s shelf life ended on November 2, 2021, which is also known as “Drupal 8 end of life”. This means that the Drupal official community will not provide security support for any of the earlier releases of Drupal 8 core or contributed project releases that are compatible with only Drupal 8. So, there will neither be any further Drupal 8 releases nor any updates to previous releases or security patches even to critical threats. The dedicated security team from the Drupal community shall not actively test or review the contributed modules for Drupal 8.
Why End of Life Now?
There are three-fold reasons why Drupal 8 end of life happened. Firstly, Drupal uses multiple third-party dependencies, such as Symfony, Twig, PHPUnit, and CKEditor 4, among other components. Drupal 8 uses Symfony 3, which reached its EOL in November 2021. Security support for CK Editor 4 also ended around the same time. So, Drupal cannot support backward compatibility, and had to move on with newer versions for Drupal 9, letting go of Drupal 8.
Secondly, the Drupal community wanted to introduce more features through Drupal 9, maintaining what Drupal is known for- its uniqueness. Forking Symfony 3 and maintaining it with Drupal could’ve been an option had Drupal wanted duplication of that effort. However, the Drupal community wanted more autonomy and innovation. Also, effort duplication does not come across as an ideal practice.
Thirdly, the Drupal 9 upgrade is not as significant an architectural change as Drupal 7 to Drupal 8. And that’s the reason why the Drupal 9 adoption has been fastest among any previous versions. It took only one month for 60000 Drupal sites to migrate to Drupal 9, compared to seven months for migration to Drupal 7. In such a situation, continuing with Drupal 8 doesn't sound logical for users as well.
Switch anchor to avoid sailing solo
Do you feel you are sailing solo post Drupal 8 end of life? Well, yes and no! The real answer to this is that while you still have time to upgrade to the higher version, i.e., Drupal 9, you’re not entirely sailing solo in the rough patch. It just means that the anchor, Drupal 8, which supported your ship is no longer there. So you may still be hanging in there, but if the high tide topples your ship, there isn’t a life boat that’s coming to save you.
In business terms, it means that your site may be open to malicious attacks without security support from Drupal. With the alarming rise in web attacks, migrating to Drupal 9 or Drupal 10 just ensures a permanent security net for you.
Whether you have earlier contributed projects in Drupal 8 or are using them for your site, knowing the compatibility status of the contributed modules helps you in many ways. You can check the same from the Drupal 9 deprecation dashboard. In fact, about 88% of the top 1000 contributed modules are also compatible with Drupal 9, which means that they have usability in both Drupal 8 and 9.
Moreover, 50% of all Drupal 8 contributed modules are also compatible with the newer Drupal version, while 20% of these only require upgrade of info.yml file or/and composer.json file for them to be Drupal 9 compatible.
If your contributed project such as module or theme is compatible with Drupal 7 or 9, and has already opted for the security coverage, you shall continue to receive security advisories. Drupal 7 end of life or shelf life is until November 2022, while Drupal 9 end of life will happen in November 2023.
Upgrade is more than just security fix
Migrating to Drupal 9 helps you get enticing features of this version. Features such as richer media management, accessibility of powerful visual designing, front end facilities, intuitive designs, and improvement in further migration, can help you or your clients reap several benefits in the long run.
With such innovative features of newer Drupal versions, and ease of upgrade from Drupal 8, migrating to these higher Drupal versions is more than just a security fix. Keeping future roadmap plans in mind as an immediate action step, a thorough compatibility assessment, and Drupal 9 readiness audit for your site and contributed projects should be done.