Lech Sandecki
on 14 March 2023
Time to prepare for Ubuntu 18.04 LTS End of Standard Support on 31 May 2023
Ubuntu 18.04 LTS ‘Bionic Beaver‘, one of the most popular Ubuntu releases, will reach the end of the standard, five-year maintenance window for Long-Term Support (LTS) releases on 31 May 2023.
What is an Ubuntu LTS release?
Ubuntu LTS releases provide a stable, enterprise platform for development and production, with five years of standard security maintenance for the ‘Main’ repository and in-place upgrades to the next LTS release.
It is important to take action – either by migrating to the next LTS or upgrading to Ubuntu Pro. Unless you take action, your 18.04 LTS machines will not receive any security updates after 31 May 2023.
With an Ubuntu Pro subscription, your Ubuntu 18.04 LTS deployment can receive Expanded Security Maintenance (ESM) until 2028.
Remain fully covered until 2028 with Ubuntu Pro
Ubuntu 18.04 LTS will remain fully supported until April 2028 with an Ubuntu Pro subscription. Ubuntu Pro is available for amd64, arm64, s390X, andPowerPC architectures.
This includes security patching for all Ubuntu packages thanks to Expanded Security Maintenance (ESM) for Infrastructure and Applications and optional 24/7 phone and ticket support.
Ubuntu Pro is free for personal and small-scale commercial users on up to 5 machines and transparent, per-machine pricing for enterprises. It is available for desktops, servers, and IoT devices and on public clouds – AWS, Azure, Google, IBM and Oracle.
What is ESM?
Ubuntu Pro expands the security maintenance of Ubuntu LTS releases in scope and length.
esm-infra
extends the LTS release coverage for the Ubuntu Main repository, allowing for continued security fixes for high and critical common vulnerabilities and exposures (CVEs) for an additional 5 years.
esm-apps
covers security patching for the Ubuntu Universe repository with over 23,000 packages for 10 years.
This access enables organisations with workloads running on Ubuntu LTS releases to maintain compliance standards by providing a secure environment before upgrading. Do not hesitate to contact us to discuss the end-of-standard support for your Ubuntu 18.04 LTS estate.
What’s the difference between Ubuntu ‘Main’ and ‘Universe’ repositories?
The tens of thousands of Ubuntu packages are organised into a set of repositories.
Main is the set of packages that we identified as our focus when we launched Ubuntu – they are packages that are either installed on every machine, or very widely used for all kinds of deployments, from desktop to cloud. When we launched Ubuntu LTS, we committed to security-supporting these packages and their dependencies in ‘Main’ for five years, out of the box.
The ‘Universe’ repository holds all of the other open-source packages in Ubuntu, from Debian and the Ubuntu community. The ‘Universe’ is a much bigger repository of over 23,000 packages per release. Historically those packages came with no security maintenance commitment from Canonical. Nevertheless, Canonical and the Ubuntu community provided the best-effort maintenance for those packages. With the launch of Ubuntu Pro, all of the packages in Ubuntu Universe get the same security maintenance commitment from Canonical as packages in Ubuntu ‘Main’.
To find out how many packages from each of the Ubuntu repositories are being used by your system, run $pro security-status
.
Do I need ESM?
Transitioning to the latest operating system is important for performance, hardware enablement and new technology benefits. But it is a complex process for existing deployments.
Typically enterprise solutions combine software from a variety of teams within an organisation. In most cases, there is an extended supply chain, involving software from 3rd party vendors, who in turn may have their own software vendors. Such complex scenarios result in a dependency on software stacks (e.g., Java, python) which have certain properties in the upgraded system that either got deprecated, replaced or changed in behaviour. The upgrade process in that case becomes a change management process involving risk analysis, stakeholder communication and possibly the upgrade of existing solutions, in addition to the actual operating system upgrade. That is even more challenging if you are in a heavily-regulated industry where the compliance process to meet the regulatory requirements, such as PCI-DSS, SOC2 and GDPR, would result in additional planning and implementation.
In cases where the operational stability and security patching continuity of the systems is critical, ESM reduces the risk of security incidents and gives your team more time to roll out an upgrade plan.
If this scenario sounds familiar, you can continue using Ubuntu 18.04 LTS for an additional 5 years with the Ubuntu Pro subscription and benefit from that extra time.
Summary
It’s important to take action. If you continue to run Ubuntu 18.04 LTS without ESM, you will not receive any security updates after 31 May 2023. Security vulnerabilities that remain unpatched open your systems to hackers and the potential of a major breach.
If you are operating in a regulated environment, such as the financial services, healthcare and telco industries, then getting all security patches applied in a timely manner is critical to meet regulatory requirements. If you are an Ubuntu 18.04 LTS user, consider your options: upgrade to the latest Ubuntu LTS or get ESM coverage until 2028 with Ubuntu Pro.
More resources
Ubuntu 18.04 LTS End of Standard Support: get options and recommendations – sign up for the webinar