Docker Engine Lifecycle & Security Support Policy
Docker Engine is built from the Moby project and released in major version branches named docker-X.x (for example, docker-29.x). Each branch is maintained by sponsoring maintainers who decide on backports, bug fixes, and security updates.
The official and authoritative source for branch status is the BRANCHES-AND-TAGS.md file in the Moby repository. Each branch is listed with one of three contribution statuses:
| Security Support Status | Description |
|---|---|
| Maintained | Actively developed, accepts contributions and backports, in-scope for security advisories |
| Maintained (security) | No longer actively developed but may still accept critical security fixes; remains in-scope for security advisories |
| Unmaintained | No longer developed, no contributions accepted, out of scope for security advisories — this is the effective EOL state |
Docker Engine does not publish fixed EOL dates. Unlike many other projects, there is no official calendar of end-of-life dates per version. The only signal is when a branch transitions to Unmaintained in BRANCHES-AND-TAGS.md. Some branches include an "Expected End of Maintenance" date, but this is a rough estimate provided by the sponsoring maintainer — not a formal commitment. Many branches have no date at all.
In practice, a branch typically becomes Unmaintained once the next major version has stabilized. Staying on a Maintained branch is the only way to ensure you receive ongoing security protection.
Risks of Using End-of-Life (EOL) Versions
Running an Unmaintained (EOL) version of Docker Engine exposes your infrastructure to several practical risks that grow over time.
| Risk | What It Means for Your Environment |
|---|---|
| Security vulnerabilities | Known issues remain unpatched, increasing the chance of container escapes or host compromises |
| No bug fixes | Problems you encounter will not be resolved by the official project |
| Compatibility gaps | Newer operating systems, kernels, or orchestration tools may stop working reliably |
| Compliance challenges | Security standards and audits often require supported software with active patching |
These risks typically start small but can become serious during security incidents or infrastructure changes.
What Happens After Docker Engine Reaches EOL
When a Docker Engine release branch becomes Unmaintained, the project stops all development and backports. No further bug fixes or security patches are provided, and the branch is considered out of scope for official advisories.
Your containers and hosts will continue to run in the short term, but over time compatibility with modern kernels, networking tools, and security features may break. Any newly discovered vulnerabilities stay unaddressed, and the wider ecosystem — orchestrators, CI/CD tools, and cloud providers — moves on to newer versions. Maintenance becomes more difficult and expensive as community support shifts elsewhere.
The recommended path is to migrate to a currently Maintained branch before your version reaches Unmaintained status.
FAQ
Q1: What does EOL mean for Docker Engine?
EOL occurs when a release branch is marked Unmaintained in the Moby project's BRANCHES-AND-TAGS.md. No more updates, bug fixes, or security advisories are provided from that point.
Q2: How long is a Docker Engine version supported?
There is no fixed support period. Docker Engine does not guarantee a set number of months or years per version. Support ends when maintainers mark the branch Unmaintained, which typically happens after the next major version stabilizes.
Q3: Where can I find the official EOL date for my version?
Docker Engine does not publish official EOL dates. The authoritative source is the BRANCHES-AND-TAGS.md file. Some branches list an expected end-of-maintenance date, but this is an estimate — not a guarantee.
Q4: Will an EOL version still receive security fixes?
No. Once a branch is Unmaintained, it is out of scope for security advisories and fixes.
Q5: Is it safe to keep using an EOL version?
It is not recommended for production. The lack of updates increases security and compatibility risks over time.
Q6: When should I upgrade my Docker Engine version?
Upgrade to a currently Maintained branch before your existing version becomes Unmaintained. Since no fixed dates are published, regularly checking the branch status is the best way to stay ahead.
Tracking & Monitoring Docker Engine EOL Status
Because Docker Engine does not publish a fixed EOL calendar, the most reliable approach is to track branch status changes directly from the source. The Moby project maintains the current status of all release branches in BRANCHES-AND-TAGS.md on GitHub.
Many teams add simple version checks to their CI/CD pipelines or monitoring systems. Internal documentation or dashboards that flag any host running an Unmaintained branch help prevent unexpected gaps in support.
Regular checks turn lifecycle management into a routine part of infrastructure operations.
How To Check Your Docker Engine Version
Verifying your current Docker Engine version is quick and helps confirm you are on a supported release. Here are the most reliable methods:
| Method | Command |
|---|---|
| Simple version check | docker --version |
| Detailed version info | docker version |
| Engine API version | |
Run these commands regularly as part of your maintenance routine to ensure you stay on a Maintained branch.