Linux 4.19, the Last Supported Kernel of the Linux 4.x Series, Finally Reaches EOL (9to5linux.com) 13
Slashdot reader prisoninmate shared this report from 9to5Linux:
Linux kernel 4.19, the last of the Linux 4.x kernel series, has now reached the end of its supported life as announced earlier on the Linux kernel mailing list by kernel developer Greg Kroah-Hartman. The Linux 4.19 kernel branch was released more than six years ago, on October 22nd, 2018, and it received no less than 325 maintenance updates, the last one being Linux 4.19.325. The biggest highlights of Linux kernel 4.19 were initial Wi-Fi 6 support, the EROFS file system, and a union mount filesystem implementation.
Kroah-Hartman said on the mailing list. "This one is finished, it is end-of-life as of right now... It had a good life..." As a "fun" proof that this one is finished (and that any company saying they care about it really should have their statements validated with facts), I looked at the "unfixed" CVEs from this kernel release. Currently it is a list 983 CVEs long, too long to list here.... Note, this does NOT count the hardware CVEs which kernel.org does not track, and many are sill unfixed in this kernel branch.
Yes, CVE counts don't mean much these days, but hey, it's a signal of something, right? I take it to mean that no one is caring enough to backport the needed fixes to this branch, which means that you shouldn't be using it anymore.
Anyway, please move off to a more modern kernel if you were using this one for some reason. Like 6.12.y, the next LTS kernel we will be supporting for multiple years.
Kroah-Hartman said on the mailing list. "This one is finished, it is end-of-life as of right now... It had a good life..." As a "fun" proof that this one is finished (and that any company saying they care about it really should have their statements validated with facts), I looked at the "unfixed" CVEs from this kernel release. Currently it is a list 983 CVEs long, too long to list here.... Note, this does NOT count the hardware CVEs which kernel.org does not track, and many are sill unfixed in this kernel branch.
Yes, CVE counts don't mean much these days, but hey, it's a signal of something, right? I take it to mean that no one is caring enough to backport the needed fixes to this branch, which means that you shouldn't be using it anymore.
Anyway, please move off to a more modern kernel if you were using this one for some reason. Like 6.12.y, the next LTS kernel we will be supporting for multiple years.
4.x series so many patches..... (Score:2)
4.x was the first to 300+ patches?
Re: (Score:2)
Yes, but 5.4 isn't far behind at 5.4.286 etc.
Until December 2026, they will continue to take over each year. But then up to 5 kerneld will reach EOL at the same time. https://www.kernel.org/categor... [kernel.org]
Re: (Score:2)
Not patches, releases.
Each release consists of many patches that were backported from the current tree by the 4.19 maintainers.
Note that this only marks 4.19 end as official Linux kernel support.
The Linux Civil Infrastructure Project (CIP) is maintaining 4.19 until 2029. It will be Linux 4.19-cip if you're tracking your kernel branches. So you have about 4 more years of 4.19 being supported. it's worth updating your repos to point to their tree.
Re: (Score:2)
Exactly.
Here's a direct quote:
Does the major version number (4.x vs 5.x) mean anything?
No. The major version number is incremented when the number after the dot starts looking "too big." There is literally no other reason.
https://www.kernel.org/categor... [kernel.org]
The CIP will be maintaining 4.19 until ~2029 (Score:3)
And 4.4 will be maintained until ~2027 , so if you absolutely, positively, need to stay in 4.x (say, some hardware of yours stops working in higher kernels) choose one of those branches, and stay there, while you plan your move to 5.10 or 6.1
https://wiki.linuxfoundation.o... [linuxfoundation.org]
https://linux.slashdot.org/sto... [slashdot.org]
Here is a nifty table of general kernel support:
https://en.wikipedia.org/wiki/... [wikipedia.org]
And, just as a curiosity, but do not quote me on this: DD-WRT has aligned to use only LTS/CIP based Kernels.
Re: (Score:2)
And to add to this list, RHEL 8 will be providing support for 4.18 until 2031. So 4.x kernels will be around for a long, long time yet to come.
Damn I got old (Score:3)
Unfixed CVEs (Score:2)
I looked at the "unfixed" CVEs from this kernel release. Currently it is a list 983 CVEs long, too long to list here....
When you're engaged in a malicious compliance exercise [risky.biz] where you're reporting every single trivial issue as a CVE, this number is pretty much meaningless.
Re: (Score:2)
No it's not. The point of "support" period is not just for security but also for bug fixes. The whole CVE being issued for bug fixes by the kernel team make it even more relevant to TFS. There are bugs not being fixed. No one here is discussing the severity, just the fact that there are known bugs. That isn't meaningless.
4.20 (Score:2)