Complete end-of-life dates, support windows, and security status for all Cakephp versions. Data sourced from endoflife.date and official vendor documentation. Updated at every deploy.
| Version | Latest Release | Release Date | EOL Date | Days | Status |
|---|---|---|---|---|---|
| 1.3 | 1.3.21 | Apr 25, 2010 | Nov 1, 2015 | 3842 days past EOL | EOL |
| 2.0 | 2.0.6 | Oct 16, 2011 | Supported indefinitely | Supported | Active |
| 2.1 | 2.1.5 | Mar 4, 2012 | Supported indefinitely | Supported | Active |
| 2.2 | 2.2.9 | Jul 1, 2012 | Supported indefinitely | Supported | Active |
| 2.3 | 2.3.10 | Jan 28, 2013 | Supported indefinitely | Supported | Active |
| 2.4 | 2.4.10 | Aug 30, 2013 | Supported indefinitely | Supported | Active |
| 2.5 | 2.5.9 | May 12, 2014 | Supported indefinitely | Supported | Active |
| 2.6 | 2.6.13 | Dec 23, 2014 | Supported indefinitely | Supported | Active |
| 3.0 | 3.0.19 | Mar 22, 2015 | Supported indefinitely | Supported | Active |
| 2.7 | 2.7.11 | Jul 11, 2015 | Supported indefinitely | Supported | Active |
| 3.1 | 3.1.14 | Sep 19, 2015 | Feb 13, 2017 | 3372 days past EOL | EOL |
| 3.2 | 3.2.14 | Jan 29, 2016 | Supported indefinitely | Supported | Active |
| 2.8 | 2.8.9 | Feb 6, 2016 | Supported indefinitely | Supported | Active |
| 3.3 | 3.3.16 | Aug 12, 2016 | Supported indefinitely | Supported | Active |
| 2.9 | 2.9.9 | Sep 18, 2016 | Supported indefinitely | Supported | Active |
| 3.4 | 3.4.14 | Feb 12, 2017 | Supported indefinitely | Supported | Active |
| 2.10 | 2.10.24 | Jul 22, 2017 | Jun 15, 2021 | 1789 days past EOL | EOL |
| 3.5 | 3.5.18 | Aug 18, 2017 | Supported indefinitely | Supported | Active |
| 3.6 | 3.6.15 | Apr 14, 2018 | Supported indefinitely | Supported | Active |
| 3.7 | 3.7.9 | Dec 8, 2018 | Supported indefinitely | Supported | Active |
| 3.8 | 3.8.13 | Jun 26, 2019 | Supported indefinitely | Supported | Active |
| 4.0 | 4.0.10 | Dec 15, 2019 | Supported indefinitely | Supported | Active |
| 3.9 | 3.9.10 | Jun 20, 2020 | Supported indefinitely | Supported | Active |
| 4.1 | 4.1.7 | Jul 4, 2020 | Supported indefinitely | Supported | Active |
| 4.2 | 4.2.12 | Dec 20, 2020 | Oct 14, 2023 | 938 days past EOL | EOL |
| 3.10 | 3.10.5 | Jun 19, 2021 | Dec 15, 2022 | 1241 days past EOL | EOL |
| 4.3 | 4.3.11 | Oct 23, 2021 | Sep 9, 2026 | 123 days remaining | Warning |
| 4.4 | 4.4.18 | Jun 6, 2022 | Sep 9, 2026 | 123 days remaining | Warning |
| 5.0 | 5.0.11 | Sep 9, 2023 | Jan 9, 2026 | 120 days past EOL | EOL |
| 4.5 | 4.5.10 | Oct 14, 2023 | Sep 9, 2026 | 123 days remaining | Warning |
| 5.1 | 5.1.6 | Sep 13, 2024 | Already EOL | Supported | Active |
| 4.6 | 4.6.3 | Mar 22, 2025 | Sep 9, 2026 | 123 days remaining | Warning |
| 5.2 | 5.2.12 | Mar 29, 2025 | Already EOL | Supported | Active |
| 5.3 | 5.3.5 | Jan 9, 2026 | Already EOL | Supported | Active |
When a Cakephp version reaches end of life, the maintainers stop issuing security patches. Vulnerabilities discovered after this date are publicly disclosed on the National Vulnerability Database, exploit code appears on GitHub, and your systems remain permanently exposed.
The CVE blind spot: Most vulnerability scanners check for known CVEs but do not flag the accumulation of unpatched vulnerabilities in EOL software. With a zero-day, nobody knows about the vulnerability. With EOL software, the vulnerability is public — listed, rated, and often weaponized — but no patch will ever exist. This is the most dangerous gap in enterprise security posture.
Organizations running EOL Cakephp should treat it as a vulnerability class in their risk register, apply compensating controls (network segmentation, enhanced monitoring, access restriction), and prioritize migration to a supported version.
Upload requirements.txt, package.json, or Gemfile — full EOL report instantly.
Open Stack Scanner →