EOL Extended Support
PostgreSQL EOL doesn't mean
your audit deadline moved.
OSSeva maintains CVE coverage for PostgreSQL 11 through 14 — versions the community has stopped patching. Compliance-ready attestation letters, GPG-signed builds, and named engineers who know your schema.
Get my PostgreSQL coverage planWhy EOL PostgreSQL is a compliance problem
Community EOL doesn't pause your audit
The PostgreSQL Global Development Group releases a final minor update and stops. CVEs discovered after that date have no upstream patch. Your auditor's checklist does not have a 'community EOL exception' checkbox.
In-place upgrades carry real operational risk
Major PostgreSQL version upgrades require pg_upgrade, application compatibility testing, and often schema changes. For large production databases, that's a multi-quarter project — not a weekend task.
Oracle migration pressure compounds the problem
Many teams are simultaneously running an Oracle → PostgreSQL migration while their existing PostgreSQL version approaches EOL. OSSeva covers both transitions under one engagement.
Version coverage matrix
| Version | Community EOL | Status | OSSeva Coverage |
|---|---|---|---|
| 11.x | Nov 2023 | EOL | Full CVE + Compliance |
| 12.x | Nov 2024 | EOL | Full CVE + Compliance |
| 13.x | Nov 2025 | EOL | Full CVE + Compliance |
| 14.x | Nov 2026 | Approaching EOL | Full CVE + Compliance |
| 15.x | Nov 2027 | Current | Supported |
| 16.x | Nov 2028 | Current | Supported |
Compliance attestation included
Every patch release ships with audit-ready documentation citing SOC 2 CC7.1, PCI DSS 6.3.3, HIPAA §164.308(a)(1), and ISO 27001 A.12.6.1. Your auditor gets a citation, not an explanation.
Oracle → PostgreSQL migrations
Running an Oracle migration while your Postgres version approaches EOL? OSSeva's Architect tier covers both: extended support on your current version and migration architecture to your target.
Frequently asked questions
What PostgreSQL versions have reached community EOL?
PostgreSQL uses a 5-year support lifecycle. Currently past EOL: PostgreSQL 9.6 (2021), 10 (2022), 11 (November 2023), and 12 (November 2024). PostgreSQL 13 reaches EOL November 2025. OSSeva provides extended security patching for PostgreSQL 11, 12, and 13 for teams that need additional time to plan a major-version migration.
What are the risks of running PostgreSQL 11 or 12 in production?
Running EOL PostgreSQL exposes you to unpatched CVEs (e.g., CVE-2026-1093, a row security policy bypass affecting PostgreSQL 11–13 disclosed after community EOL), which are known to any attacker who reads the PostgreSQL security announcements. In regulated environments, EOL software is increasingly cited directly in PCI DSS, SOC 2, and OCC examination findings. OSSeva provides the patches and attestation documentation to remediate both the technical and compliance risk.
How complex is a PostgreSQL major version upgrade?
PostgreSQL major version upgrades (e.g., PG 12 to PG 16) require using pg_upgrade or a logical replication approach, followed by extensive testing of application queries, stored procedures, and extension compatibility. For large databases (multi-TB) or complex schemas with many extensions, migrations take 3–9 months to do safely. OSSeva's extended support gives teams the security coverage to plan and execute this migration properly, rather than under audit pressure.
Does OSSeva support PostgreSQL extensions like PostGIS, pgvector, or TimescaleDB?
OSSeva's PostgreSQL patches focus on the core engine (libpq, the query planner, WAL, and authentication). Extensions like PostGIS, pgvector, and TimescaleDB are maintained by their own communities. OSSeva can provide compatibility testing and guidance for these extensions as part of an Assure or Operate engagement, but does not independently patch extension code.
Stay compliant on your timeline.
Book a discovery call and we'll map your PostgreSQL version coverage gaps in 30 minutes.