Your Ubuntu 16.04 systems are now sitting ducks unless you pay up or move out

Canonical has announced that Ubuntu 16.04 LTS has reached the end of standard Expanded Security Maintenance with Ubuntu Pro. Anyone still on this version wanting to keep using it must now buy the Legacy add-on via an Ubuntu Pro subscription to extend the life until April 2031.

Buying the Legacy add-on is quite an extreme measure and should only be used if you have some application that won’t work on newer versions. For everyone else, you’ll want to either do a clean install of Ubuntu 26.04 LTS or you can do progressive in-place upgrades through 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS. The upgrade path from 24.04 LTS to 26.04 LTS is not open until later.

If you choose to go with the Legacy add-on, Canonical will provide security maintenance for binary packages across the main and universe repositories. You’ll get critical patches for essential packages such as MySQL 5.7, Python 2.7, PostgreSQL 9.5, and NGINX 1.10. The support also covers OpenStack Mitaka and key components like Ceph and Kubernetes where technically possible.

Explaining why you might want the Legacy add-on, Canonical writes:

"Migrating a decade-old infrastructure is a massive undertaking. Whether it’s due to complex troubleshooting, hardware compatibility, or strict regulatory requirements (like PCI-DSS or the EU Cyber Resillience Act), sometimes an immediate upgrade isn’t possible.

Legacy add-on allows you to:

• Keep mission-critical systems operational without the risk of unpatched CVEs.
• Continue meeting security standards while your teams focus on long-term migration planning.
• Receive ongoing security patches for your machines.
• Access 24×7 technical support for break fix and bug fix."

If you do not upgrade or buy the legacy add-on, then your system will be vulnerable to any new exploits that are released. For organizations, this will be a massive issue as it could lead to the loss of customer data. You can find out more in Canonical’s announcement.