Vulnerability: Drupal 7 will reach end-of-life in November of 2021
Drupal 7 was first released in January 2011. In November 2021, after over a
decade, Drupal 7 will reach end of life (EOL). (More information on why this
date was chosen .) Official community support for version 7 will end,
along with support provided by the Drupal Association on Drupal.org. This
means that automated testing services for Drupal 7 will be shut down, and
there will be no more updates provided by the Drupal Security Team.
When this occurs, Drupal 7 will be marked end-of-life in the update manager,
which appears in the Drupal administrative interface. Updates, security
fixes, and enhancements will no longer be provided by the community, but may
be available on a limited basis from select commercial vendors.
If you have a site that is running on Drupal 7, now is the time to start
planning the upgrade. Note that the transition from Drupal 8 to Drupal 9
will not be the significant effort that the transition from 7 to 8 was. In
fact, the first release of Drupal 9 will be identical to the last release of
Drupal 8, except with deprecated code removed and dependencies updated to
newer versions. (See Plan for Drupal 9  for more information on Drupal 9.)
What this means for your Drupal 7 sites is, as of November 2021:
* Drupal 7 will no longer be supported by the community at large. The
community at large will no longer create new projects, fix bugs in
existing projects, write documentation, etc. around Drupal 7.
* There will be no more core commits to Drupal 7.
* The Drupal Security Team will no longer provide support or Security
Advisories for Drupal 7 core or contributed modules, themes, or other
projects. Reports about Drupal 7 vulnerabilities might become public
creating 0 day exploits.
* All Drupal 7 releases on all project pages will be flagged as not
supported. Maintainers can change that flag if they desire to.
* On Drupal 7 sites with the update status module, Drupal Core will show up
* After November 2021, using Drupal 7 may be flagged as insecure in 3rd
party scans as it no longer gets support.
* Best practice is to not use unsupported software, it would not be
advisable to continue to build new Drupal 7 sites.
* Now is the time to start planning your migration to Drupal 8.