If you have a site using the Drupal content management system, are starting or are in the process of developing a Drupal site, you'll want to be aware that Drupal 8 is likely going to be released this year.
Nobody knows exactly when Drupal 8 will be released. But when it is, the core Drupal team will no longer be releasing security patches for Drupal 6. What this new release and End-of-life (EOL) for Drupal 6 means for you depends on your specific situation.
I am about to start developing a new website using Drupal.
Whether actual development is about to start, or you are in the very early stages of pre-production I would strongly recommend using Drupal 7. Even if as you are reading this article Drupal 8 has just been released, my experience with the release of Drupal 7 was that it was not ready for prime time until between 6 and 12 months after release depending on your needs.
I have a Drupal 7 website.
If you have a web site that currently uses Drupal 7, I recommend that you stay on top of Drupal code and module updates on a regular basis. Drupal 7's EOL is certainly a few years away so there's no need to be concerned about that yet. You may want to put a tickler in your calendar in 18 months to look for the Drupal 9 release timeline so you can start to consider the process of upgrading in 36 – 48 months.
I have a Drupal 6 website.
If you have a web site that currently uses Drupal 6, there are number of scenarios to consider. First, as with Drupal 7, make sure you are on top of Drupal code and module updates on a regular basis. And, when Drupal 8 is released and Drupal 6 reaches its EOL, certainly update your code to that last version.
With a Drupal 6 website, you have a few options. You could upgrade the site to Drupal 7. Before you do this, make sure that Drupal 7 has support or replacement for all the modules you are currently using – if not then your options are to wait or get a custom module written for you which of course increases costs. You could leave your site as is and hope you are not targeted for a hack.
Now, Drupal 7's EOL is certainly a few years away so there's no need to be concerned about that yet. You may want to put a tickler in your calendar in 18 months to look for the Drupal 9 release timeline so you can start to consider the process of upgrading in 36 – 48 months.
I have a Drupal 5 website.
I do know of some organizations that are still using Drupal 5. Drupal 5's EOL was January 2011 and no new bug fixes or security patches have been released since then for Drupal core. Some modules may have released bug fixes or security patches after that date but they were few and far between. If you are still running a Drupal 5 website, it's very likely that you have security holes in your site. Time and budget permitting, I would certainly consider upgrading to Drupal 7 as soon as you can.
For more information, you could read this article about software applications security and you could also read about Updating Software Applications, Lessons From the Field.
Additional Resources:
Wikipedia: End of Life: http://en.wikipedia.org/wiki/End-of-life_%28product%29
Drupal 6 end of life when Drupal 8 is released… or not?: https://groups.drupal.org/node/291243
Choosing a Drupal version: https://drupal.org/documentation/version-info
