- WordPress Security Team released the final releases for versions between 3.7 and 4.0, which are 3.7.41, 3.8.41, 3.9.40, and 4.0.38.
- Dropping support for older versions, which are used by less than 1% of total installs, allows the team to focus on new releases.
- A notification was sent along with the final update informing users that their WordPress version won’t receive new security updates.
A few months ago, the WordPress Security Team announced that security updates for WordPress versions 3.7 through 4.0 won’t be provided as of December 1, 2022. WordPress 3.7 was released in October 2013 and it introduced automatic background updates. Websites using versions between 3.7 and 4.0 is less than 1% of total installs.
Focusing on new releases
WordPress Security Team stated that backporting security updates for old versions is a time-consuming process and the team is spending most of its time preparing backports for a minority of WordPress installations. Thus the team decided to drop support for versions older than 4.0.
On 29 November, Security Team released the final releases for these versions. The final versions will remain as, 3.7.41, 3.8.41, 3.9.40, and 4.0.38. From now on, instead of backporting security updates for older releases, the team will focus on the latest releases. With the final release, the users are notified with an upgrade notification that states that their versions won’t receive new security updates. In the announcement made in September, the WordPress Security team said,
« An out of date version of WordPress, in this case versions 4.0.* and older, will display a non-dismissible notice in the dashboard informing users an update is available. In the final updates for these WordPress versions, these notices will be made more prominent and inform the administrator their version of WordPress is no longer receiving security updates.
An additional string will be added to the code base to allow for the future dropping of security support. These strings will be committed to trunk and backported to each of the earlier versions prior to the release date. This will allow the Polyglot teams to translate them and for the strings to begin appearing in translation packages. »