Bootstrap End of Life —
EOL Dates & the jQuery Problem

Bootstrap is one of the most widely deployed front-end frameworks on the web — and most of that deployment is on versions that are end of life. Bootstrap 5 is the only maintained line (EOL Risk Score™ 20, Low). Bootstrap 4 reached end of life on December 31, 2022, Bootstrap 3 back in July 2019, and Bootstrap 2 over a decade ago — yet millions of production sites still run 3 and 4.

And Bootstrap carries a risk most CSS frameworks don't: Bootstrap 3 and 4 depend on jQuery, so running them also means running a second end-of-life dependency. This page lays out every Bootstrap version's EOL date and EOL Risk Score™, the real (and sometimes overstated) security exposure, and the path to Bootstrap 5.

Bootstrap Version EOL Schedule

Only Bootstrap 5 is actively maintained. Every earlier major is end of life and receives no fixes — including security fixes. Scores below are live EOL Risk Scores™ — click any for the full breakdown.

The Real Risk of EOL Bootstrap

Bootstrap is mostly CSS, so it's fair to ask how dangerous an EOL version really is. The honest answer: less acutely dangerous than an EOL database or runtime, but not zero — and the risk is concentrated in three specific places.

The JavaScript components. Bootstrap's interactive pieces — tooltips, popovers, modals, the data-attribute API — process input and write to the DOM. Older Bootstrap had real XSS vulnerabilities in exactly these components (the data-* sanitizer in particular), patched in later 3.x and 4.x point releases. If you're pinned to an old minor, you may be missing those fixes, and no further ones are coming.

The frozen ecosystem. An EOL Bootstrap locks you to a generation of themes, plugins, and build tooling that are themselves no longer maintained — and, for 3 and 4, to a specific old jQuery (see below). The dependency rot compounds.

Browser drift. Bootstrap 3/4 target browser behaviours and prefixes from their era. As browsers evolve, layout and behaviour bugs accumulate that will never be fixed upstream.

The jQuery Problem in Bootstrap 3 & 4

This is the hidden cost of staying on Bootstrap 4. Upgrading to Bootstrap 5 isn't only a CSS modernisation — it removes the jQuery dependency altogether (Bootstrap 5's JavaScript is vanilla), eliminating an entire class of EOL exposure in one move. See our jQuery EOL guide for exactly which jQuery versions are dangerous and why.

Bootstrap 5 — The Maintained Line

Migrating to Bootstrap 5

A Bootstrap 4 → 5 migration is mostly mechanical class renames plus removing jQuery-dependent code. It's very doable incrementally.

• 01
  Confirm which Bootstrap (and jQuery) you ship Check your bundle, not your package.json intentions — old Bootstrap hides in vendored CSS and CMS themes. Note whether jQuery is present; if you're on 3 or 4, it almost certainly is, and that's part of what you're removing.
• 02
  Update the markup class names Bootstrap 5 renamed many utilities: directional spacing (ml-*/mr-* → ms-*/me-*), .no-gutters → .g-0, .form-row changes, .custom-* form classes folded into .form-*, and the data-* attributes gained a bs- prefix (data-bs-toggle). Work through these systematically — most are find-and-replace.
• 03
  Remove jQuery-dependent JavaScript Bootstrap 5's components are initialised with vanilla JS, not jQuery plugins. Replace $('...').modal()-style calls with the Bootstrap 5 JavaScript API, and audit your own code for other jQuery usage so you can drop the dependency entirely.
• 04
  Re-test interactive components and responsive layouts Modals, dropdowns, tooltips, the grid, and any custom theme are where breakage shows up. Test across your supported browsers — Bootstrap 5 dropped Internet Explorer support, which is usually a benefit but matters if you still have IE requirements.
• 05
  Adopt the new layers as you go Once on 5, lean on CSS custom properties and the expanded utility API to retire bespoke overrides. This isn't required for the upgrade, but it's where Bootstrap 5 pays you back in maintainability.