Does the end of support on 2024-02-15 mean the end of security updates or not?

I have searched the forum for answers to this but not found anything concrete. Because we still have this page https://confluence.atlassian.com/support/atlassian-support-end-of-life-policy-201851003.html which often gets asked about.

Atlassian supports feature versions for two years after the first major iteration of that version was released (for example, we support Jira Core 7.2.x for 2 years after Jira 7.2.0 was released).
For critical security bugs, please see our Security Bugfix Policy on which versions we will backport critical security fixes.

https://www.atlassian.com/trust/security/bug-fix-policy

When a Critical security vulnerability is discovered by Atlassian or reported by a third party, Atlassian will do all of the following:
Issue a new, fixed release for the current version of the affected product as soon as possible.
Issue a new maintenance release for a previous version as follows:
PRODUCT
Jira Software Server and Data Center
Jira Core Server and Data Center
Jira Service Management Server and Data Center (previously known as Jira Service Desk)
Confluence Server and Data Center
Bitbucket Server and Data Center
Bamboo Server and Data Center
BACK PORT POLICY
Issue new bug fix releases for:
Any versions designated an 'Long Term Support release' that have not reached end of life.
All feature versions released within 6 months of the date the fix is released.

The migration page and its FAQ contradicts what the end of life policy states.

https://www.atlassian.com/migration/assess/journey-to-cloud

After the end of support date, Atlassian and Marketplace Partners will no longer provide technical support for any issues, security updates, or bug fixes for critical vulnerabilities. Regular security updates help protect your business from threats and vulnerabilities, so we recommend moving to our Cloud or Data Center products before the end of support date.

Whenever this question get asked Atlassian employees answer that the end of life date applies only to Server products but Datacenter products will continue to be supported.

If that is the case why does every other policy and documentation still state that the server versions still receive bug fixes as long as the running version is supported as per the Atlassian Support End of Life Policy?

3 answers

Suggest an answer

2 votes

Hi @Elvar Böðvarsson,

I understand if this can be confusing, but each link you cited is accurate.

Your ability to install updates in server and/or data center editions of our products is dependent upon the date your license expires.

In order for you to be able to install an updated version, your license has to have not expired on or before the date that exact version was released by Atlassian. We do create new version releases for up to 2 years for LTS (long term support) editions as you mentioned above. However, just because we release new versions, does not mean everyone is always entitled to them. As such, even if there is a critical security vulnerability found in a server product after the EOL of server products, Jira Admins won't be able to install that update with that expired license applied.

There is an important difference between server and data center in the terms of their licensing.

Server licenses are perpetual in nature, meaning when they expire, you can still continue to use the product, but you cannot update it to any version released by Atlassian beyond the expiration date of your license.
Data center products don't use perpetual licensing. When their licenses expire, the product stops working.

That said, we don't recommend running expired server versions, especially if exposed on the internet. Just because the terms of the license say you can keep using it after expiration, you won't have support for that product, and you can't upgrade it with that license applied. Should there be a critical security update for a server product found after the EOL date, you won't be able to install it while on the server license. This is why it's very important to either migrate to Cloud or upgrade to Data Center.

I hope this helps to clarify things.

Regards,

Andy

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

So what does that mean for those instances running on lets say the latest LTS version of Confluence Server 8.5 with the EOL date 2025-08-22

So what happens after 2024-02-15?

Will Atlassian release security updates for Confluence Server 8.5 until the EOL date?
Will those running Confluence Server 8.5 be able to install patches until the EOL date?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

They won't be able to install any update released after their license has expired. Ignore the EOL date of the product version. It's not directly correlated here since Atlassian is continuing to support Data Center editions of these products in those versions. The focus is on the license. All server licenses are expiring on 2024-02-15.

https://www.atlassian.com/migration/assess/journey-to-cloud

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • Henri Seymour _Easy Agile_ likes this

2 votes

My interpretation of all this is that while new LTS Security Patches will be released, you will not be able to install them if your license has expired.

That is the case right now, if you let your maintenance expire in the past, you were still able to use the product, but you would be capped at the last version released before your maintenance expiry.

The End Of Server date simply means that no one will be able to have a maintenance license that goes beyond that date. Just now, we've renewed all of ours, but all of them expire on Feb 15 2024.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

@Elvar Böðvarsson I can't reply on the other thread, but

DC and Server are the same product from a code perspective. It's all about the license. There are no separate releases for DC and for Server.

So what happens after 2024-02-15?

Will Atlassian release security updates for Confluence Server 8.5 until the EOL date?

Will those running Confluence Server 8.5 be able to install patches until the EOL date?

So:

1) Yes, new security updates for Confluence 8.5 will be released until 2025-08-22

2) No, if you have a server license, you will not be able to install a Confluence version released after 2024-02-15