EOL for Beginners

What is LTS? —
long-term support, and the trap inside it.

Published 2026-07-08 · 9 min read · endoflife.ai Research

"Just use the LTS version" is the most common piece of software lifecycle advice ever given — and one of the least explained. What exactly are you being promised when a release is stamped Long-Term Support? Who's promising it, for how long, and what happens when even the long term ends? This guide covers how LTS actually works across the major ecosystems, why vendors invented it, and the planning mistake that catches almost everyone.

What LTS actually promises

An LTS release is a version the maintainer commits to supporting — security patches and critical bug fixes — for a defined, published, longer-than-normal window, without forcing you to absorb new features or breaking changes along the way. Three parts of that sentence carry all the weight:

Why vendors invented it

LTS is a truce between two audiences that want opposite things. Developers and the project itself want to ship — new features, better performance, breaking changes that clean up old mistakes. Operators want nothing to change, ever, except security fixes. Without LTS, projects either move too slowly (frustrating development) or too fast (leaving production users stranded on unpatched versions because upgrading is disruptive).

The LTS model resolves this by splitting the release train: a fast track for people who want the newest, and designated stable checkpoints with long patch windows for people running businesses. It also concentrates the ecosystem — when most production users sit on the same LTS lines, framework authors, security researchers, and vendors all test against the same versions, which makes those versions genuinely safer. That's why "use the LTS" is usually right — and why understanding its expiry is non-negotiable.

The LTS rhythms of major ecosystems

Every ecosystem tunes the model differently. Knowing the rhythm of yours is the difference between planned upgrades and emergency ones:

Node.js — even numbers only

Even-numbered Node.js releases (18, 20, 22, 24…) enter LTS and receive roughly 30 months of total support. Odd-numbered releases are short-lived experiments — they exist to preview features and are retired within months. Production on an odd Node version is a scheduling accident waiting to happen.

Java — the two-year checkpoint

Since the release cadence changed, a new Java LTS arrives every two years (17, 21, 25), with non-LTS versions shipping every six months and dying when the next one arrives. The twist: how long an LTS lasts depends on whose build you run — Oracle, Temurin, Corretto and others publish different support windows for the same Java version. In the JVM world, LTS is a property of the vendor, not just the version.

Ubuntu — the five-year workhorse

An Ubuntu LTS lands every two years (20.04, 22.04, 24.04) with five years of standard support, extendable to roughly a decade with paid Expanded Security Maintenance. The interim releases get just nine months — one of the sharpest LTS/non-LTS gaps anywhere.

.NET — LTS and STS, explicitly labeled

Microsoft alternates .NET releases between LTS (three years — .NET 8) and STS, "Standard Term Support" (18 months — .NET 9). Same framework, same quality, radically different planning horizon; the label is right there in the release notes and routinely ignored.

Frameworks and libraries — shorter than you think

Application frameworks run tighter windows: a Django LTS gets about three years, a Spring Boot minor roughly a year of open-source support, an Angular major about 18 months. And in the library world, "LTS" sometimes means a paid program — Jackson designates open LTS branches, while vendors like Tiny sell LTS agreements for TinyMCE after open-source support ends. Always check what the word means in the ecosystem you're reading.

The LTS trap: stability is not immortality

Here is the mistake that fills remediation backlogs: teams hear "LTS" as "solved" and stop tracking the date. The stability is real — for the window. But choosing an LTS at its release gets you the full window; adopting it two years in gets you the remainder, and organizations routinely standardize on an LTS just as it enters its final year.

The math that bites
Ubuntu 20.04 LTS felt permanent in 2020; its standard support ended in April 2025. .NET 8 LTS, released November 2023, exits support in November 2026. An LTS chosen without noting its end date is just an EOL surprise with extra steps — check any version's actual window in seconds with the EOL Checker.

The second half of the trap: because LTS versions are stable for years, the skills and context for upgrading atrophy. The team that deployed on the LTS has moved on; nobody remembers the app's quirks; and the eventual jump spans multiple major versions at once — the hardest possible upgrade, scheduled by an external deadline. As we covered in CVEs by stack layer, that's precisely how frameworks and runtimes end up frozen past EOL, where every new CVE becomes permanent.

The other trap: non-LTS releases in production

The inverse mistake is quieter: a developer starts a project on the newest release — Node 23, .NET 9, a non-LTS Java — because it's what the tutorial used or what shipped that week. The project goes to production, and its support window turns out to be measured in months. Nothing is wrong with non-LTS releases; they're for people who upgrade continuously. The failure is deploying one without pricing in that treadmill. If your organization upgrades annually, only LTS rhythms fit.

How to actually plan around LTS windows

LTS is the best deal in software operations: years of boring, patched stability in exchange for one obligation — knowing when it ends. Keep the date, and the model works exactly as advertised.

The Monthly EOL Digest™

Once a month — critical end-of-life dates, CVE blind spots, and lifecycle changes worth knowing about.

✓ You're on the list.