In September, WordPress’ Security Team announced it would be dropping support for versions 3.7 through 4.0 by December 1, 2022. Yesterday the final releases for these versions (3.7.41, 3.8.41, 3.9.40, and 4.0.38) were made available to the very small percentage of users who are running ancient versions of WordPress.
As part of the final releases, the upgrade notification now informs users that they are on a version that is no longer receiving security updates. This affects fewer than 1% of total installs. The vast majority of WordPress sites are running 4.1 or later and will continue receiving security updates.
Wherever possible, WordPress users should be running 6.1.1 on PHP 8 or later. (Although PHP 7.4 is the minimum version required to use WordPress, PHP 7.4 reached end of life two days ago and will no longer be receiving security updates. Version 8.0 will reach EOL in 11 months.)
Now that the Security Team is no longer obligated to backport security updates to very old versions, it frees up their time to better support newer versions of WordPress.
I’ve changed the minimum requirement for most of my plugins to be WP v5.6 and plan on bumping it higher as every release comes up.