Ruby on Rails Lifecycle Intelligence

Ruby on Rails End of Life —
Every Version EOL Date & Upgrade Guide

Updated 2026-05-30 · endoflife.ai · 8 min read

Ruby on Rails is one of the most influential web frameworks ever built — and like all long-lived frameworks, it has accumulated a significant trail of unsupported versions running in production. Rails 5, Rails 6, and even Rails 4 applications are still serving real traffic. The Rails core team maintains a lean security policy: only the most recent minor version of the most recent two major versions receives security patches. Everything else is on its own.

This guide covers the official Rails end-of-life schedule, EOL Risk Scores for each version, and what the maintenance policy means for your application's CVE exposure.

Complete Rails EOL Schedule

The Rails project publishes an official maintenance policy that defines which versions are in full maintenance (bug fixes + security fixes), security maintenance only (security fixes only, no bug fixes), and unsupported (no fixes of any kind).

VersionReleaseEnd of LifeStatusEOL Risk Score™
Rails 4.2Dec 2014Apr 2020EOL95
Rails 5.2Apr 2018Jun 2022EOL90
Rails 6.0Aug 2019Jun 2023EOL87
Rails 6.1Dec 2020Jun 30, 2024EOL82
Rails 7.0Dec 2021Apr 1, 2025EOL76
Rails 7.1Oct 2023Oct 1, 2026Warning44
Rails 7.2Aug 2024Aug 1, 2027Supported25
Rails 8.0Nov 2024Nov 1, 2027Supported12
⚠ Rails 6.1 and earlier are EOL
Rails 6.1 reached end of life on June 30, 2024. Rails 7.0 reached end of life on April 1, 2025. If your application is running either of these versions, it is receiving no security patches — including for Critical and High severity CVEs.
Running Rails past end of life?
Extended-support vendors still ship security patches for EOL versions. We match you with the right provider for your stack — free, no obligation.
Get Rails Support Options →

Rails 6 — End of Life June 2024

Rails 6 introduced Action Mailbox, Action Text, parallel testing, and multiple database support. It was a major feature release that many teams adopted and have stayed on. Rails 6.0 reached EOL in June 2023; Rails 6.1 followed in June 2024. Both are now unsupported.

Rails 6.x applications typically run on Ruby 2.6, 2.7, or 3.0 — all of which have their own EOL status. Ruby 2.6 reached end of life in March 2022; Ruby 2.7 in March 2023; Ruby 3.0 in March 2024. A Rails 6 application running on Ruby 2.7 has two compounding EOL layers.

EOL Risk Score™
Rails 6.1 — Score: 82 Critical

Rails 7 — Partially EOL

Rails 7 introduced Hotwire (Turbo + Stimulus) as the default JavaScript approach, replacing Webpacker. Rails 7.0 reached EOL on April 1, 2025. Rails 7.1 is still in security-maintenance support until October 2026, and Rails 7.2 receives full support until August 2027.

If you are on Rails 7.0, you need to upgrade to at least 7.1 — the jump is generally straightforward as it stays within the same major version family.

EOL Risk Score™
Rails 7.2 — Score: 25 Low · Supported until Aug 2027

Rails 8 — Latest Release

Rails 8.0 was released in November 2024 and represents a significant step in Rails' evolution toward simplicity and self-contained deployment. It ships with Solid Cache, Solid Queue, and Solid Cable — database-backed implementations of caching, background jobs, and WebSockets that reduce external infrastructure dependencies. It also includes Kamal 2 for container-based deployment and Thruster for HTTP asset caching.

Rails 8 requires Ruby 3.2 or later. If you are on Ruby 3.1 or earlier, you will need to upgrade Ruby first before targeting Rails 8.

Understanding the Rails Maintenance Policy

The Rails maintenance policy is simple but easy to misread. At any given time, only the latest patch release of the two most recent minor versions within a supported major receives security fixes. When a new minor version is released, the previous one enters a transition period and then goes unsupported.

The Rails CVE track record
Rails has had numerous high and critical CVEs over its lifetime — SQL injection through unsafe query parameters, CSRF vulnerabilities, mass assignment bypasses, and regex injection issues. The framework's security record has improved significantly since the Rails 3/4 era, but new CVEs are still disclosed regularly. EOL versions never receive the fixes.

Upgrading Rails Safely

Upgrade one minor version at a time

The Rails team's official guidance is to upgrade incrementally: 6.0 → 6.1 → 7.0 → 7.1 → 7.2 → 8.0. Each minor version includes deprecation warnings for APIs removed in the next version. Skipping versions means missing those warnings and hitting breaking changes blind.

Use the upgrade guide

The Rails Guides include a dedicated upgrade guide for each version pair. Always start there — it documents every breaking change, configuration requirement, and default behavior change introduced in the new version.

Run with both old and new defaults

Rails uses the config/application.rb load_defaults value to control which new defaults are active. After upgrading the gem, set load_defaults to the new version number and address failures one at a time before switching fully.

Check your Ruby version first

Each Rails version has a minimum Ruby requirement. Check the Ruby EOL page and ensure your Ruby version is both compatible with your target Rails version and not itself EOL. Rails 8 requires Ruby 3.2+.

Related products
Rails runs on Ruby — check the Ruby end-of-life dates. If you use PostgreSQL or MySQL as your database, check PostgreSQL EOL dates and MySQL EOL dates to ensure your full stack is on supported versions.

The Monthly EOL Digest™

Once a month — critical end-of-life dates, CVE blind spots, and lifecycle changes worth knowing about.

✓ You're on the list.