Vulnerability: Drupal 7 will reach end-of-life in November of 2021
Description: Drupal 7 was first released in January 2011.
In November 2021, after over a decade, Drupal 7 will reach end of life (EOL).
(More information on why this date was chosen .) Official community support for version 7 will end, along with support provided by the Drupal Association on Drupal.org. This means that automated testing services for Drupal 7 will be shut down, and there will be no more updates provided by the Drupal Security Team. When this occurs, Drupal 7 will be marked end-of-life in the update manager, which appears in the Drupal administrative interface. Updates, security fixes, and enhancements will no longer be provided by the community, but may be available on a limited basis from select commercial vendors. If you have a site that is running on Drupal 7, now is the time to start planning the upgrade.
Note that the transition from Drupal 8 to Drupal 9 will not be the significant effort that the transition from 7 to 8 was. In fact, the first release of Drupal 9 will be identical to the last release of Drupal 8, except with deprecated code removed and dependencies updated to newer versions. (See Plan for Drupal 9  for more information on Drupal 9.)
What this means for your Drupal 7 sites is, as of November 2021:
* Drupal 7 will no longer be supported by the community at large. The community at large will no longer create new projects, fix bugs in existing projects, write documentation, etc. around Drupal 7. * There will be no more core commits to Drupal 7.
* The Drupal Security Team will no longer provide support or Security Advisories for Drupal 7 core or contributed modules, themes, or other projects. Reports about Drupal 7 vulnerabilities might become public creating 0 day exploits.
* All Drupal 7 releases on all project pages will be flagged as not supported. Maintainers can change that flag if they desire to.
* On Drupal 7 sites with the update status module, Drupal Core will show up as unsupported.
* After November 2021, using Drupal 7 may be flagged as insecure in 3rd party scans as it no longer gets support.
* Best practice is to not use unsupported software, it would not be advisable to continue to build new Drupal 7 sites.
* Now is the time to start planning your migration to Drupal 8.