Extended Security Support for Joomla 3.x - giving an old friend another chance
August 17, 2023 marks an historic date for the Joomla project: after more than 10 years, the project’s support for the 3.x version comes to an end. However there are still plenty of 3.x sites in the wild, some of them unable to migrate to 4.x in the remaining time frame. Do these sites need to be switched off in a couple of weeks?
Migrations can be challenging
Even though the migration process between 3.x and 4.x is the by far smoothes and easiest migration path in the Joomla history, there still are cases where a migration is non-trivial: Maybe a crucial extension hasn’t been ported to 4.x yet, or the used template is unable to run on a 4.x site. But besides technical issues, there are other, probably more relevant issues why sites are still running 3.x: the pandemic was a big challenge for many businesses, stressing their financial situation and leaving little to no budget for a 3.x to 4.x migration. For other industries, the pandemic was a big boost, filling up their order books with plenty of work, leaving no time to do the migration. And most importantly, there are 3.x sites where the initial investment for the site creation simply hasn’t payed out yet, making it hard for service providers to convince the site owner to migrate now.
Announcing Extended Long Term Support
In order to provide site owners with a way to keep their 3.x site running, the Joomla project decided to set up an Extended Long Term Support (eLTS) program. That program will offer site owners another 18 months of security support for Joomla 3.x, extending its support period until February 17, 2025. This gives site owners another 1,5 years to finally finish their migration to the 4.x branch, without running an unsupported and potentially insecure Joomla version in the meantime.
The eLTS program will require interested site owners to buy a license for each 3.x site that is supposed to be covered in the eLTS. In order to get an easy and affordable license model, the license fee will be a fixed fee for the whole 18 months of support, regardless of the site type, the owner’s location or the point in time, where the eLTS license is bought. With a fixed fee of € 90 per site, even smaller business and hobby site owners can afford the program.
A license grants the right to use the eLTS update server in a Joomla site, providing access to the 3.11 eLTS version branch. That branch will include security patches for any upcoming security issues in 3.x in the lifetime of the eLTS program.
An experiment for the financial sustainability of the project
As the Joomla project does not want to put the burden of such a program onto the shoulders of its volunteer community, a 3rd party vendor has contracted to run the program in a RFP process started in February. The contract was won by djumla and itronic, two well established Joomla service providers run by David Jardin, Joomla Security Team Lead, and Harald Leithner, former Production Department Coordinator. So, even though the eLTS program is an official project offer, the actual execution will be performed by the mentioned vendors.
To make the program not only a success for the users and the vendor, the RFP included the requirement that a share of each license sale has to be paid to the official project, turning the eLTS program into an interesting funding source for the project. As comparable programs for Drupal and TYPO3 have shown, especially businesses are more than willing to pay for extra support, making such programs an important part of the financial sustainability of an open source project. So, the eLTS for 3.x is also a test balloon to see if such a program works in the Joomla ecosystem.
this is very positive news for a lot of Joomla users (although there might be people who think "oh well, then I have nothing to work on with my site for the next 1,5 years!" - but you will always have these kind of people).