CentOS 7
Extended Lifecycle Support
(ELS) Early Access

CentOS 7 is a free and open-source Linux distribution based on the sources of Red Hat Enterprise Linux (RHEL). It is widely used by enterprises, web hosting companies, and individual developers for its stability and compatibility with RHEL’s robust set of tools and features.

Yes, you can still use CentOS 7 until June 30, 2024 with vendor-supplied security updates. After that date, the vendor-supplied patches will stop arriving. If you don’t migrate your systems to a supported distribution, then your deployed systems won’t stop running, which puts you at risk of a vulnerability exploit. You can even likely deploy new systems using CentOS 7 after the end-of-life date, but any new vulnerabilities that pop up won’t be patched by the vendor. However, if you sign up for Extended Lifecycle Support (ELS) from TuxCare, you can continue to receive patches and use your CentOS 7 systems securely.

Distribution vendors may adjust the original NVD scores for CVEs (Common Vulnerabilities and Exposures) in open-source components impacting their products. These adjustments are based on vendor-specific factors (e.g., version or build chain), alongside their own risk assessments. When the adjusted CVE score falls below the vendor’s threshold, or if a vulnerability is deemed outside the current support lifecycle phase, the vendor may opt not to provide a patch. However, environment-specific configurations could substantially alter the lowered risk level a vendor assigns to a vulnerability.

Concurrently, if a CVE falls outside the product’s support lifecycle phase, it does not signify a reduction in danger. This simply indicates that an analysis determining whether the product is affected by this CVE was not performed. In the case of CentOS 7, the distribution vendor advises that in such scenarios it should be assumed the product is affected. Numerous unpatched High and Critical vulnerabilities exist in CentOS 7, with the majority labeled as “Out of Support Scope” status.

The official security support for CentOS 7 from the CentOS Project ends on June 30, 2024. However, with our Extended Lifecycle Support (ELS) service, you can continue to receive security updates and patches beyond this date – enabling your organization to use CentOS 7 until you’re ready to plan and execute a large-scale migration, which shouldn’t be rushed.

While CentOS 7 remains a solid and stable distribution,  its end-of-life date is approaching fast. With CentOS 8 already in its end-of-life phase and no release of CentOS 9, it’s recommended to migrate to another distribution in the long run to benefit from modern features, improvements, and longer security support. However, migrating to a supported distribution can take up to a year for many organizations. Fortunately, our Extended Lifecycle Support (ELS) ensures that you can securely keep using CentOS 7 while you plan a smooth and safe transition.

Choosing a successor to CentOS 7 depends on your specific needs. There are multiple options available, but many organizations seek a free RHEL-compatible distribution, like AlmaLinux, for instance, because it – and others – are very similar to CentOS 7. Also, with the AlmaLinux ELevate tool, you can migrate your CentOS 7 systems to AlmaLinux 9 seamlessly.