Composer 2.x — End of Life
ActiveComposer 2.x — All releases
| Version | Released | Active support | EOL date | Latest patch | Status |
|---|---|---|---|---|---|
| 2.10 | May 28, 2026 | — | No | 2.10.1 | Active |
| 2.9 | Nov 13, 2025 | — | May 28, 2026 | 2.9.8 | EOL |
| 2.8 | Oct 2, 2024 | — | Nov 13, 2025 | 2.8.12 | EOL |
| 2.7 | Feb 8, 2024 | — | Oct 2, 2024 | 2.7.9 | EOL |
| 2.6 | Sep 1, 2023 | — | Feb 8, 2024 | 2.6.6 | EOL |
| 2.5 | Dec 20, 2022 | — | Sep 1, 2023 | 2.5.8 | EOL |
| 2.4 | Aug 16, 2022 | — | Dec 20, 2022 | 2.4.4 | EOL |
| 2.3 | Mar 30, 2022 | — | Aug 16, 2022 | 2.3.10 | EOL |
| 2.2LTS | Dec 22, 2021 | — | No | 2.2.28 | Active |
| 2.1 | Jun 3, 2021 | — | Dec 22, 2021 | 2.1.14 | EOL |
| 2.0 | Oct 24, 2020 | — | Jun 3, 2021 | 2.0.14 | EOL |
CVEs affecting Composer 2.x (0)
Frequently asked questions
Is Composer 2 end of life?
Partially. Some Composer 2.x releases have reached EOL. Check the version table above for the exact status of each sub-release.
What CVEs affect Composer 2?
No CVEs are currently tracked for Composer 2.x in our database. This may mean no vulnerabilities have been recorded yet, or the data is still syncing.
What is the latest Composer 2 version?
The latest Composer 2.x patch release is 2.10.1, released on June 4, 2026. Always run the latest patch to benefit from all security fixes.
When was Composer 2 first released?
Composer 2.0 was initially released on May 28, 2026. See the full version timeline in the table above.
Is it safe to run Composer 2 in production?
Composer 2 is still supported and safe for production use. Ensure you are running the latest patch version (2.10.1) to have all security fixes applied.
Data sourced from endoflife.date · CVE data from NVD · EPSS from FIRST.org · KEV from CISA