Our Django version is outside security support soon, what service risks do we face if we can't upgrade before end of support?


We have an application that runs on Django 3.2, which leaves LTS security support 1 April this year.

I don’t know if our tech support provider will be able to upgrade to a later version by then.

What risks do we face if we can’t upgrade before 1 April?

Appreciate any comments or advice.


There are two main categories of risk.

Unresolved bugs and security vulnerabilities.

Any unresolved bugs are unlikely to be enountered if the application is mature and effectively static. If you’re not doing further development on that application, then this risk is minimal.

The lack of the security-related updates is also an “iffy” situation. It’s quite possible that no new vulnerabilities affecting your application will be discovered before you do get around to doing an upgrade. In that situation, you have not accepted any new or additional risk.

Additionally, if a new vulnerability is identified and an update is published, you’ll still have the option of doing your own backport of the fix, or otherwise remediating it.

But in the absence of knowing what the vulnerability is, there’s no way to quantify the risk.

That’s very interesting Ken, thank you for your feedback.