> Security patches and critical bug fixes will continue for a transition period.
They're not explicit for how long this "transition period" will be, it sounds like a year.
We've seen this before with IdentityServer, and many other examples where maintainers switched to a commercial license, leaving behind a wake of businesses who aren't willing to tie themselves to a commercial license and would rather turn a blind eye to dwindling support.
IdendityServer4 was promised security updates until Nov 2022. Here we are over 2 years later and it's still a popular package.
And that's a security-critical part of the application! Some people even still go back to the pre-AGPL version of iTextSharp for PDF writing, and that switch was 15+ years ago.
>Patches and updates to v8 through at least the end of 2026. That's 1.75 years from now, giving developers plenty of runway to plan their migration to v9.
Doesn't really matter. For big, distributed apps at work I use Keycloak or something similar, maybe an own authorization service built on OPAL. For small apps I either use an authentication and authorization library I built myself or, if I don't need something too fancy I use Identity (the one MS provides).
They're not explicit for how long this "transition period" will be, it sounds like a year.
We've seen this before with IdentityServer, and many other examples where maintainers switched to a commercial license, leaving behind a wake of businesses who aren't willing to tie themselves to a commercial license and would rather turn a blind eye to dwindling support.
IdendityServer4 was promised security updates until Nov 2022. Here we are over 2 years later and it's still a popular package.
And that's a security-critical part of the application! Some people even still go back to the pre-AGPL version of iTextSharp for PDF writing, and that switch was 15+ years ago.