As anticipated, support for Ubuntu 18.04 LTS is now over — but don’t panic if you’re still using it, as this is not the end of the road.
Ubuntu 18.04 ‘Bionic Beaver’ lives on through Expanded Security Maintenance1, or ESM.
This provides users of the distro with a further five years (!) of core security updates from Canonical and Ubuntu developers.
ESM isn’t automatic but it is easy to enrol.
To benefit, you need to sign up for an Ubuntu Pro subscription — but don’t worry, this is free for regular users on up to 5 devices (more if you’re an active Ubuntu contributor) — then link it to your computer via the Software & Updates app.
Once done you’ll get security updates for the 23,000 packages available in the Ubuntu Universe repository, across amd64, arm64, s390X, and PowerPC architectures. Without Ubuntu Pro these packages are only patched on a “best effort” basis.
Together, LTS and Ubuntu Pro/ESM provides 10 years of security coverage from release date.
However, ESM is more of a crutch for people who can’t upgrade to a newer version (for whatever reason) and not, in my opinion, a reason NOT to upgrade at all. Technology marches on and it (generally) pays to keep pace, especially when you’re a desktop user.
Ubuntu Pro may give you high and critical CVE security updates but it won’t bring you updated software, new features, newer kernels, etc. For those benefits you need to migrate to a more recent LTS or interim build.
Those who don’t upgrade or don’t enable ESM will, obviously, get no further updates from Ubuntu as of May 31. Third-party PPAs, and formats like Snap and Flatpak, will continue to offer ways to update, albeit on a patchwork and entirely noncommittal basis.
I say, use this opportunity to bid bon voyage to the Bionic Beaver and fan through the fabulous Focal Fossa, which gets general support until 2025, and ESM until 2030, or jump on up to the Jammy Jellyfish, which gets general support until 2027, and ESM until 2032.
1 I always thought ESM stood for ‘extended security maintenance’ but the ESM landing page refers to it as ‘expanded security maintenance’.