Third & GroveThird & Grove
Feb 2, 2022 - Nathaniel Catchpole

Long(er)-Term Support for Drupal 10

hands

Drupal 9 will go End Of Life in November 2023. This seems almost impossible when Drupal 10 isn’t even out yet, but the relatively short release cycle is necessary because it depends on Symfony 4, which will also go EOL in November 2023.

With Drupal 10, we’re hoping to improve this situation, with two years between major releases, and a two-and-a-half year lifetime for the LTS release.

Assuming this proposal is adopted and everything goes to plan, it will mean:

Drupal 10 (hopefully — see the remaining work) launches in June 2022.
Drupal 10.4: March 2024
Drupal 11.0: June 2024
Drupal 11.4: March 2026
Drupal 12.0: June 2026
Drupal 10.4: EOLSeptember 2026

There are numerous advantages to adopting this release cadence:

  • It provides a predictable release cycle for sites: no more wondering when the next major release is going to come out, like between Drupal 8 and Drupal 9.
  • Sites that build on early versions of a major release will have more than three years before they need to do a major update.
  • Established sites already on an LTS release  ( i.e. from Drupal 10.4 to Drupal 11.4) can update directly to the next LTS release every two years,  removing the need to keep up with minor Drupal releases every six months.

How can we do it?

This schedule will only be possible if instead of releasing Drupal 10 on Symfony 5, we skip directly from Symfony 4 to Symfony 6, which was just released in November 2021, and will be supported until November 2027. We will do this by initially releasing an alpha of Drupal 10 on Symfony 5.4, allowing automated deprecation analysis of contrib modules against the Symfony 5.4 codebase, before then updating to Symfony 6.

Releasing on Symfony 6 means following Symfony 6 minor versions until Symfony 6.4 LTS comes out. Drupal minor versions are supported for 12 months, whereas Symfony minor versions are supported for 9 months, making it impossible to sync the two minor release cycles.  However, we have reached an agreement with Symfony that adds two Drupal core committers to Symfony’s security team. They will have  the ability to backport security fixes for components we use, beyond the usual EOL date for Symfony minor versions. This fix allows Drupal to take over security support for just the components we need, for just the three months we need them to bridge the gap between our own minor releases. Once Symfony reaches its LTS release and we’ve updated to it, we will  have ongoing security support until our own EOL anyway.

There are other issues to figure out, like whether a longer support cycle means it’s likely that dependencies other than Symfony will drop support for versions of code we still depend on; whether we really want a new major release of core every two years; and whether supporting three major releases of core for six months is feasible for security releases.

If you have thoughts, please contribute to this issue