Complete end-of-life dates, support windows, and security status for all Kuma versions. Data sourced from endoflife.date and official vendor documentation. Updated at every deploy.
| Version | Latest Release | Release Date | EOL Date | Days | Status |
|---|---|---|---|---|---|
| 1.2 | 1.2.3 | Jun 17, 2021 | Jun 17, 2022 | 1422 days past EOL | EOL |
| 1.3 | 1.3.1 | Aug 24, 2021 | Aug 26, 2022 | 1352 days past EOL | EOL |
| 1.4 | 1.4.1 | Nov 19, 2021 | Nov 22, 2022 | 1264 days past EOL | EOL |
| 1.5 | 1.5.5 | Feb 24, 2022 | Feb 24, 2023 | 1170 days past EOL | EOL |
| 1.6 | 1.6.5 | Apr 11, 2022 | Apr 12, 2023 | 1123 days past EOL | EOL |
| 1.7 | 1.7.6 | Jun 13, 2022 | Jun 16, 2023 | 1058 days past EOL | EOL |
| 1.8 | 1.8.8 | Aug 22, 2022 | Aug 24, 2023 | 989 days past EOL | EOL |
| 2.0 | 2.0.8 | Nov 4, 2022 | Nov 4, 2023 | 917 days past EOL | EOL |
| 2.1 | 2.1.7 | Jan 30, 2023 | Feb 1, 2024 | 828 days past EOL | EOL |
| 2.2 | 2.2.9 | Apr 14, 2023 | Apr 14, 2024 | 755 days past EOL | EOL |
| 2.3 | 2.3.7 | Jun 23, 2023 | Jun 23, 2024 | 685 days past EOL | EOL |
| 2.4 | 2.4.10 | Aug 29, 2023 | Aug 29, 2024 | 618 days past EOL | EOL |
| 2.5 | 2.5.11 | Nov 15, 2023 | Nov 15, 2024 | 540 days past EOL | EOL |
| 2.6 | 2.6.15 | Feb 1, 2024 | Feb 1, 2025 | 462 days past EOL | EOL |
| 2.7 LTS | 2.7.25 | Apr 19, 2024 | Oct 19, 2026 | 163 days remaining | Warning |
| 2.8 | 2.8.8 | Jun 24, 2024 | Jun 24, 2025 | 319 days past EOL | EOL |
| 2.9 | 2.9.15 | Oct 22, 2024 | Jun 22, 2026 | 44 days remaining | Warning |
| 2.10 | 2.10.11 | Mar 20, 2025 | Mar 20, 2026 | 50 days past EOL | EOL |
| 2.11 | 2.11.13 | Jun 10, 2025 | Jun 10, 2026 | 32 days remaining | Warning |
| 2.12 | 2.12.10 | Sep 9, 2025 | Sep 9, 2026 | 123 days remaining | Warning |
| 2.13 | 2.13.5 | Dec 22, 2025 | Dec 22, 2027 | 592 days remaining | Active |
When a Kuma version reaches end of life, the maintainers stop issuing security patches. Vulnerabilities discovered after this date are publicly disclosed on the National Vulnerability Database, exploit code appears on GitHub, and your systems remain permanently exposed.
The CVE blind spot: Most vulnerability scanners check for known CVEs but do not flag the accumulation of unpatched vulnerabilities in EOL software. With a zero-day, nobody knows about the vulnerability. With EOL software, the vulnerability is public — listed, rated, and often weaponized — but no patch will ever exist. This is the most dangerous gap in enterprise security posture.
Organizations running EOL Kuma should treat it as a vulnerability class in their risk register, apply compensating controls (network segmentation, enhanced monitoring, access restriction), and prioritize migration to a supported version.
Upload requirements.txt, package.json, or Gemfile — full EOL report instantly.
Open Stack Scanner →