Complete end-of-life dates, support windows, and security status for all Apache Nifi versions. Data sourced from endoflife.date and official vendor documentation. Updated at every deploy.
| Version | Latest Release | Release Date | EOL Date | Days | Status |
|---|---|---|---|---|---|
| 1.19 | 1.19.1 | Nov 28, 2022 | Feb 9, 2023 | 1185 days past EOL | EOL |
| 1.20 | 1.20.0 | Feb 9, 2023 | Apr 7, 2023 | 1128 days past EOL | EOL |
| 1.21 | 1.21.0 | Apr 7, 2023 | Jun 11, 2023 | 1063 days past EOL | EOL |
| 1.22 | 1.22.0 | Jun 11, 2023 | Jul 25, 2023 | 1019 days past EOL | EOL |
| 1.23 | 1.23.2 | Jul 25, 2023 | Nov 27, 2023 | 894 days past EOL | EOL |
| 1.24 | 1.24.0 | Nov 27, 2023 | Jan 29, 2024 | 831 days past EOL | EOL |
| 1.25 | 1.25.0 | Jan 29, 2024 | May 6, 2024 | 733 days past EOL | EOL |
| 1.26 | 1.26.0 | May 6, 2024 | Jul 7, 2024 | 671 days past EOL | EOL |
| 1.27 | 1.27.0 | Jul 7, 2024 | Oct 26, 2024 | 560 days past EOL | EOL |
| 1.28 | 1.28.1 | Oct 26, 2024 | Dec 8, 2024 | 517 days past EOL | EOL |
| 2.0 | 2.0.0 | Nov 1, 2024 | Dec 23, 2024 | 502 days past EOL | EOL |
| 2.1 | 2.1.0 | Dec 23, 2024 | Jan 27, 2025 | 467 days past EOL | EOL |
| 2.2 | 2.2.0 | Jan 27, 2025 | Mar 11, 2025 | 424 days past EOL | EOL |
| 2.3 | 2.3.0 | Mar 11, 2025 | May 1, 2025 | 373 days past EOL | EOL |
| 2.4 | 2.4.0 | May 1, 2025 | Jul 22, 2025 | 291 days past EOL | EOL |
| 2.5 | 2.5.0 | Jul 22, 2025 | Sep 21, 2025 | 230 days past EOL | EOL |
| 2.6 | 2.6.0 | Sep 21, 2025 | Dec 9, 2025 | 151 days past EOL | EOL |
| 2.7 | 2.7.2 | Dec 9, 2025 | Feb 13, 2026 | 85 days past EOL | EOL |
| 2.8 | 2.8.0 | Feb 13, 2026 | Apr 10, 2026 | 29 days past EOL | EOL |
| 2.9 | 2.9.0 | Apr 10, 2026 | Already EOL | Supported | Active |
When a Apache Nifi version reaches end of life, the maintainers stop issuing security patches. Vulnerabilities discovered after this date are publicly disclosed on the National Vulnerability Database, exploit code appears on GitHub, and your systems remain permanently exposed.
The CVE blind spot: Most vulnerability scanners check for known CVEs but do not flag the accumulation of unpatched vulnerabilities in EOL software. With a zero-day, nobody knows about the vulnerability. With EOL software, the vulnerability is public — listed, rated, and often weaponized — but no patch will ever exist. This is the most dangerous gap in enterprise security posture.
Organizations running EOL Apache Nifi should treat it as a vulnerability class in their risk register, apply compensating controls (network segmentation, enhanced monitoring, access restriction), and prioritize migration to a supported version.
Upload requirements.txt, package.json, or Gemfile — full EOL report instantly.
Open Stack Scanner →