alt Hacker News> Security patches and critical bug fixes will continue for a transition period.
They're not explicit for how long this "transition period" will be, it sounds like a year.
We've seen this before with IdentityServer, and many other examples where maintainers switched to a commercial license, leaving behind a wake of businesses who aren't willing to tie themselves to a commercial license and would rather turn a blind eye to dwindling support.
IdendityServer4 was promised security updates until Nov 2022. Here we are over 2 years later and it's still a popular package.
And that's a security-critical part of the application! Some people even still go back to the pre-AGPL version of iTextSharp for PDF writing, and that switch was 15+ years ago.
Replies
>We've seen this before with IdentityServer
Doesn't really matter. For big, distributed apps at work I use Keycloak or something similar, maybe an own authorization service built on OPAL. For small apps I either use an authentication and authorization library I built myself or, if I don't need something too fancy I use Identity (the one MS provides).
Further below
>Patches and updates to v8 through at least the end of 2026. That's 1.75 years from now, giving developers plenty of runway to plan their migration to v9.