Drupal announced on June 24, 2020, that they are extending the end-of-life for Drupal 7 until November 28, 2022. Originally, this had been scheduled for 2021, but the community recognizes “the impact of COVID-19 on budgets and businesses,” and acknowledges the extra burden this will place on the open-source Drupal community, particularly the security team.
This gives an extra year to migrate from Drupal 7 to version 8 or 9, and it’s important to note that Drupal 8 will still be end-of-life on November 2, 2021. The Symfony framework that underlies Drupal 8 goes end-of-life on this day, so Drupal 8 must follow suit. Now that Drupal 9 is stable, it’s time to revise your website migration plan.
- If your website is still using Drupal 7, then we recommend that you change your migration plan to move directly from Drupal 7 to Drupal 9.
- For complex, highly-customized websites, this migration can be a major undertaking requiring 3 to 6 months or more.
- If your website uses Drupal 8, then you should plan the in-place upgrade from Drupal 8 to Drupal 9 as soon as you are ready.
You may be glad to have a bonus year to make the transition from Drupal 7, but be warned: there is a hidden risk if you make this choice.
The Hidden Risk
Drupal 7.0 was released in January 2011, and many of the modules developed and contributed by the Drupal community for Drupal 7 have since been abandoned by the developers. Sometimes the developer announces their intention to stop supporting the module. Sometimes they don’t. Unless they took advantage of the “Seeking new maintainer” feature on Drupal.org, there is no way to definitively tell.
Over the last year, we have seen more and more modules that have not been updated in years. What does it mean if the most recent update was in 2017?
- Is the module is just that good?
- Or has the developer even touched it?
When years go by without any updates to a module, the resulting risk to you starts at “might break something on the website without you knowing” and goes up to “unknown security vulnerability that might get your website hacked, defaced, or worse.”
Our Chief Operating Officer, John Vernon, has said,
“There is less risk using a new module that isn’t mature yet than there is using an older, abandoned module.”
This means that it can be less risky to move from Drupal 7 to Drupal 9–even if the modules you need aren’t yet mature and secure–than to stay on Drupal 7 for an extra year.
What to Look For
When you go to Drupal.org to select a module, here are the essential questions to ask.
- Is the module secure? You should see the shield indicating that the module is covered by Drupal’s security advisory policy.
- Is the module under active development? Modules should be fairly recently updated, with issues being addressed quickly.
- Who is working on the module? Contributors should be maintaining the module. You don’t want to see the module seeking new maintainers or no longer in development.
- Does the module work? Tests of the module should pass, though a repair may be in progress.
Your website is important. It’s the front porch for your business, ….. and it needs to look nice, not be broken, and not jeopardize your customers, employees, or stakeholders.
Don’t leave it too long to make the decision on how to manage Drupal 7 End-of-Life. Call us to discuss your options, and we will give you our recommendations for your specific instance. Contact us today!