Red Hat Enterprise Linux has one of the most complex lifecycle policies of any enterprise software product. RHEL doesn't have a single EOL date — it has a series of overlapping support phases: Full Support, Maintenance Support, Extended Life, and Extended Lifecycle Support (ELS). Each phase means something different in terms of what patches you actually receive.
RHEL 7 reached its final ELS end date on June 30, 2024. RHEL 8 is in Maintenance Support until May 31, 2029. RHEL 9 is actively supported until May 31, 2032. RHEL 10 just launched in May 2025 with support through 2035.
Understanding RHEL's Lifecycle Phases
RHEL's lifecycle is more complex than most Linux distributions. You need to know which phase your version is in to understand what security coverage you actually have.
| Phase | Name | What you get |
|---|---|---|
| Phase 1 | Full Support | Full security patches, bug fixes, new hardware enablement, new functionality. Typically the first 5 years. |
| Phase 2 | Maintenance Support | Critical and important security patches and select urgent bug fixes only. No new features. Years 5–10. |
| Phase 3 | Extended Life | No patches of any kind from standard support. Access to previously released content only. |
| Add-on | ELS | Paid add-on. Extends security patches beyond standard lifecycle for specific critical/important CVEs. |
Maintenance Support ≠ Full Support. Many teams assume being in "Maintenance Support" means they're still fully covered. It doesn't. In Maintenance Support, Red Hat only patches critical and important CVEs — moderate and low severity CVEs are not fixed. If your threat model includes moderate-severity vulnerabilities (most compliance frameworks expect it to), Maintenance Support is not sufficient coverage.
Complete RHEL EOL Schedule
| Version | Full Support ends | Maintenance ends | ELS available | Status | EOL Risk Score™ |
|---|---|---|---|---|---|
| RHEL 6 | Nov 10, 2020 | Nov 30, 2020 | Ended Dec 31, 2026 | EOL | 95 Critical |
| RHEL 7 | Aug 6, 2019 | Jun 30, 2024 | Ended Jun 30, 2024 | EOL | 88 Critical |
| RHEL 8 | May 31, 2024 | May 31, 2029 | Available after 2029 | Maintenance | 38 Medium |
| RHEL 9 | May 31, 2027 | May 31, 2032 | Available after 2032 | Full Support | 18 Low |
| RHEL 10 | May 31, 2030 | May 31, 2035 | Available after 2035 | Latest | 10 Low |
RHEL 7 — Fully End of Life June 30, 2024
EOL Risk Score™: 88 Critical
RHEL 7 completed its full lifecycle on June 30, 2024 — the end of both its Maintenance Support phase and the final ELS add-on term. There is no supported patch path of any kind remaining for RHEL 7.
This is significant because RHEL 7 was the dominant enterprise Linux version for nearly a decade. Many organizations standardized on it and are still running workloads on it today — either because migrations were deferred or because legacy application dependencies haven't been resolved.
Running RHEL 7 in 2026 means two years of unpatched CVEs have accumulated. CISA's Known Exploited Vulnerabilities catalog includes entries for vulnerabilities in Linux kernel versions that RHEL 7 shipped with. There is no fix path without upgrading the OS.
Target version: RHEL 9 (Full Support until 2027) or RHEL 10 (Full Support until 2030). RHEL 8 is an option but it entered Maintenance Support in May 2024 — it's not the best long-term target for a fresh migration. If you cannot upgrade immediately, commercial extended support is available from vendors like TuxCare, which provides security patches for RHEL 7 past Red Hat's official EOL date.
RHEL 8 — Maintenance Support Until May 31, 2029
EOL Risk Score™: 38 Medium
RHEL 8 entered Maintenance Support on May 31, 2024. It will receive critical and important CVE patches until May 31, 2029 — but no new features, no hardware enablement, and no moderate or low severity security fixes.
RHEL 8 is a stable choice for environments that can accept these limitations. For compliance-focused organizations, the lack of moderate CVE patching is worth documenting in your risk register.
RHEL 8.10 is the final minor release for RHEL 8. Organizations should be on 8.10 to receive all available Maintenance Support patches.
What to do: If you're on RHEL 8, you're in a manageable position but should be planning migration to RHEL 9 within the next 2–3 years. Don't let Maintenance Support become an excuse to defer indefinitely.
RHEL 9 — Actively Supported Until May 2032
EOL Risk Score™: 18 Low
RHEL 9 is in Full Support and is the recommended production target for most organizations today. It receives the full range of security patches, bug fixes, and hardware enablement. Full Support runs until May 31, 2027, followed by Maintenance Support through May 31, 2032.
RHEL 9 introduced a number of changes from RHEL 8 — it's the first RHEL version based on CentOS Stream as an upstream source, uses Linux Kernel 5.14, and ships with updated default toolchains including Python 3.9, GCC 11, and OpenSSL 3.0.
This is your target version if you're migrating from RHEL 7 or 8 and not ready to move to RHEL 10 yet.
RHEL 10 — Current, Supported Until 2035
EOL Risk Score™: 10 Low
RHEL 10 launched at Red Hat Summit on May 20, 2025. It uses Linux Kernel 6.12 and introduces updated toolchains, improved container and edge support, and enhanced security defaults. Full Support runs through May 31, 2030, with Maintenance Support extending to May 31, 2035.
RHEL 10 is the right choice for new deployments and greenfield infrastructure.
Extended Lifecycle Support (ELS) Explained
Red Hat's Extended Lifecycle Support is a paid add-on subscription that extends security patch coverage beyond the end of standard support phases.
What ELS covers: Critical and Important CVE fixes only, for the last minor release of the major version. It does not cover moderate or low severity CVEs, bug fixes, or hardware enablement. It is explicitly not a substitute for migration — it is a bridge.
RHEL 7 ELS: The ELS terms ran annually from July 1, 2024 through December 31, 2026 — those terms have now expired. RHEL 7 ELS is no longer available from Red Hat.
RHEL 8 ELS: Will become available after May 31, 2029.
With Red Hat's RHEL 7 ELS expired, third-party vendors like TuxCare provide commercial extended lifecycle support for RHEL 7 with ongoing critical and important CVE patches. Extended support must be documented as a compensating control for any compliance framework that requires current security patches.
How to Upgrade Safely
01 — Identify your current version and phase
Run cat /etc/redhat-release to confirm your exact RHEL version. Cross-reference with the table above to identify which lifecycle phase you're in and what patches you're actually receiving.
02 — Inventory your application dependencies
RHEL major version upgrades are not in-place upgrades — you typically provision a new system and migrate applications. Confirm compatibility with the target RHEL version's toolchain. Pay particular attention to compiled binaries, kernel modules, and applications that depend on specific glibc or OpenSSL versions.
03 — Use the Red Hat Upgrade Tool for RHEL 8 → 9
Red Hat provides the leapp upgrade utility for in-place upgrades from RHEL 7 to 8 and RHEL 8 to 9. Run leapp preupgrade first to get a compatibility report before committing to the upgrade.
04 — Test in a non-production environment first
Run the full upgrade in a staging environment that mirrors production, execute your application test suite, and validate before scheduling the production migration window.
05 — Document compensating controls if migration takes time
For compliance purposes — SOC 2, PCI DSS, HIPAA — if you're running RHEL 7 or RHEL 8 in Maintenance Support, document this as a known risk with a defined migration timeline and compensating controls. An undocumented EOL OS is a compliance finding. A documented one with a remediation plan is a managed risk.
06 — Align your application stack upgrades with the OS migration
A RHEL major version upgrade is the right time to also update your application runtimes, databases, and middleware. Plan the full stack, not just the OS layer.
Check your full stack for EOL exposure at endoflife.ai — free EOL checker, stack scanner, and EOL Risk Score™ for 455+ products. No signup required.
Top comments (0)