What is end-of-life (EOL) software? Meaning & why it's a security risk
A plain-English guide · EOL tracked across 613 products · all security terms → · updated June 2026
End-of-life (EOL) software is a release the vendor no longer supports — so it stops getting security patches. Once a version is EOL, any new vulnerability found in it stays unfixed forever. That makes running EOL software one of the most common, and most avoidable, security risks there is.
What does EOL stand for?
EOL stands for end-of-life. You'll also see end-of-support (EOS) — in practice the same thing: the date after which a version no longer receives fixes. For security, the date that matters is when security updates stop.
Why end-of-life software is dangerous
It's simple: no patches are coming. A supported product gets a fix when a flaw is found; an EOL product doesn't — so vulnerabilities pile up with no remedy, and attackers specifically hunt for unsupported software because it can't be patched. That's why security frameworks like PCI DSS, Cyber Essentials and the Essential Eight treat unsupported software as a failure to fix or remove.
End-of-life vs end-of-support
The terms are usually interchangeable. Strictly, end-of-support is when active maintenance and security updates stop; end-of-life may add a final window of limited or paid support. Either way, plan your upgrade around the date security updates end.
Track end-of-life dates & get ahead of them
Vendors publish lifecycle dates, but they're scattered and easy to miss. IsItPatched tracks EOL across hundreds of products and can warn you before a release you run reaches end-of-life.
- End-of-life calendar — upcoming EOL dates across tracked software.
- Monitor your stack — get alerted before your versions go EOL.
- Check your version — see support status and the safe version to move to.
See the end-of-life calendar →
Frequently asked questions
What is end-of-life (EOL) software?
End-of-life (EOL) software is a product or release that the vendor no longer supports. Once a version reaches EOL it stops receiving updates — including security patches — so any new vulnerability discovered in it stays unfixed forever. Running EOL software is one of the most common and avoidable security risks.
What does EOL stand for?
EOL stands for end-of-life. A related term, end-of-support (EOS), means the same thing in practice: the date after which a version no longer receives fixes.
Why is end-of-life software a security risk?
Because no patches are coming. A supported product gets a fix when a vulnerability is found; an EOL product does not, so vulnerabilities accumulate and attackers target it precisely because it cannot be patched. Many security frameworks treat unsupported software as an automatic finding.
What is the difference between end-of-life and end-of-support?
They are often used interchangeably. Strictly, end-of-support is when active maintenance and security updates stop; end-of-life can also include a final period where only limited or paid support remains. For security purposes, the date that matters is when security updates stop.
How do I know when my software reaches end-of-life?
Vendors publish lifecycle dates, but they are scattered and easy to miss. IsItPatched tracks end-of-life dates across hundreds of products and can alert you before a release you run reaches EOL, so you can upgrade in time.
IsItPatched aggregates lifecycle data from sources including endoflife.date and vendor advisories. Always confirm dates with your vendor — see our disclaimer.