One of the most critical concerns for database administrators and developers is understanding the support lifecycle of their database systems. If you’re running Apache CouchDB in production, knowing when security updates and technical support will end is essential for maintaining a secure and stable environment. This article provides a comprehensive overview of Apache CouchDB’s End-of-Support (EOS) and End-of-Life (EOL) schedules across all versions.
1. Apache CouchDB Overview
Apache CouchDB is an open-source document-oriented NoSQL database implemented in Erlang. First released in 2005, it became an Apache Software Foundation project in 2008.
Key Features:
- JSON-based data storage
- HTTP API access
- JavaScript-based MapReduce queries
- Multi-master replication support
- Clustering and high availability
- Offline-first application development capabilities
CouchDB stands for “Cluster of Unreliable Commodity Hardware,” designed to operate reliably on standard hardware clusters.
2. Understanding Apache CouchDB’s Support Policy
Apache CouchDB’s current support policy is straightforward but strict:
Core Support Policy:
- Only the latest 2 releases receive CVE (security vulnerability) support
- Previous versions are officially unsupported
- Critical security patches may occasionally be backported at the team’s discretion
- Affected versions are immediately deprecated when security-related releases occur
According to the Apache CouchDB official support policy, when CVEs are discovered, patches are only provided for the current release series and the immediate predecessor.
3. Currently Supported Versions (September 2025)
As of September 2025, the officially supported Apache CouchDB versions receiving security updates are:
| Version | Release Date | Support Status | Notes |
|---|---|---|---|
| 3.5.0 | May 5, 2025 | ✅ Currently Supported | Latest feature release |
| 3.4.3 | March 18, 2025 | ✅ Currently Supported | Maintenance release |
Check your current version:
curl http://localhost:5984/_config/vendor/version
You can also monitor the latest support status at endoflife.date.
4. Complete Apache CouchDB Version EOL Schedule
3.x Series (Current Support)
| Version | Release Date | EOL Date | Status | Key Features |
|---|---|---|---|---|
| 3.5.0 | May 5, 2025 | Currently Supported | ✅ Active | Parallel read support, xxHash enabled by default |
| 3.4.3 | March 18, 2025 | Currently Supported | ✅ Maintenance | Attachment size calculation fixes, atts_since functionality |
| 3.4.2 | Late 2024 | End of Support | 🔴 EOL | Legacy version |
| 3.4.1 | Mid 2024 | End of Support | 🔴 EOL | Legacy version |
| 3.4.0 | Early 2024 | End of Support | 🔴 EOL | New feature introduction |
| 3.3.3 | Late 2023 | End of Support | 🔴 EOL | CVE fixes |
| 3.3.2 | Mid 2023 | End of Support | 🔴 EOL | Bug fixes |
| 3.3.1 | Early 2023 | End of Support | 🔴 EOL | Maintenance release |
| 3.3.0 | Late 2022 | End of Support | 🔴 EOL | New features |
| 3.2.3 | 2023 | End of Support | 🔴 EOL | CVE-2023-26268 fix |
| 3.2.2 | 2022 | End of Support | 🔴 EOL | CVE-2022-24706 fix (critical security release) |
| 3.2.1 | 2021 | End of Support | 🔴 EOL | Bug fixes |
| 3.2.0 | 2021 | End of Support | 🔴 EOL | Prometheus metrics support, CSP settings |
| 3.1.2 | 2021 | End of Support | 🔴 EOL | Minor fixes |
| 3.1.1 | 2020 | End of Support | 🔴 EOL | Bug fixes |
| 3.1.0 | 2020 | End of Support | 🔴 EOL | Partitioning improvements |
| 3.0.1 | 2020 | End of Support | 🔴 EOL | Memory leak fixes |
| 3.0.0 | 2019 | End of Support | 🔴 EOL | Major upgrade, Dreyfus integration |
2.x Series (End of Support)
Important: The 2.x line has been officially EOL since 2019.
| Version | Release Date | EOL Date | Status | Notes |
|---|---|---|---|---|
| 2.3.1 | July 2019 | EOL 2019 | 🔴 EOL | Last supported 2.x version |
| 2.3.0 | April 2019 | EOL 2019 | 🔴 EOL | Python 3.x support, security enhancements |
| 2.2.0 | August 2018 | EOL 2019 | 🔴 EOL | Performance improvements, multi-query support |
| 2.1.2 | June 2018 | EOL 2019 | 🔴 EOL | Security fixes |
| 2.1.1 | March 2018 | EOL 2019 | 🔴 EOL | Bug fixes |
| 2.1.0 | November 2017 | EOL 2019 | 🔴 EOL | Scheduler improvements, Mango enhancements |
| 2.0.0 | September 2016 | EOL 2019 | 🔴 EOL | Native clustering introduction, Fauxton |
1.x Series (Complete End of Support)
Important: The 1.x line is completely deprecated due to security issues.
| Version | Release Date | EOL Date | Status | Notes |
|---|---|---|---|---|
| 1.7.2 | November 2017 | EOL 2019 | 🔴 EOL | Security vulnerabilities present |
| 1.7.1 | February 2017 | EOL 2019 | 🔴 EOL | Security vulnerabilities present |
| 1.7.0 | November 2016 | EOL 2019 | 🔴 EOL | Security vulnerabilities present |
| 1.6.0 | August 2014 | EOL 2019 | 🔴 EOL | Security vulnerabilities present |
| 1.5.1 | April 2014 | EOL 2019 | 🔴 EOL | Security vulnerabilities present |
| 1.5.0 | November 2013 | EOL 2019 | 🔴 EOL | Security vulnerabilities present |
| 1.4.0 | August 2013 | EOL 2019 | 🔴 EOL | Security vulnerabilities present |
| 1.3.1 | June 2013 | EOL 2019 | 🔴 EOL | Security vulnerabilities present |
| 1.3.0 | April 2013 | EOL 2019 | 🔴 EOL | Security vulnerabilities present |
| 1.2.2 | April 2013 | EOL 2019 | 🔴 EOL | Security vulnerabilities present |
| 1.2.1 | March 2013 | EOL 2019 | 🔴 EOL | Security vulnerabilities present |
| 1.2.0 | April 2012 | EOL 2019 | 🔴 EOL | Security vulnerabilities present |
| 1.1.2 | March 2013 | EOL 2019 | 🔴 EOL | Security vulnerabilities present |
| 1.1.1 | October 2011 | EOL 2019 | 🔴 EOL | Security vulnerabilities present |
| 1.1.0 | May 2011 | EOL 2019 | 🔴 EOL | Security vulnerabilities present |
| 1.0.4 | March 2013 | EOL 2019 | 🔴 EOL | Security vulnerabilities present |
| 1.0.3 | July 2011 | EOL 2019 | 🔴 EOL | Security vulnerabilities present |
| 1.0.2 | January 2011 | EOL 2019 | 🔴 EOL | Security vulnerabilities present |
| 1.0.1 | August 2010 | EOL 2019 | 🔴 EOL | Security vulnerabilities present |
| 1.0.0 | July 2010 | EOL 2019 | 🔴 EOL | First stable release |
0.x Series (Apache Incubator Era – Complete EOL)
Note: Early versions from the Apache Incubator project era.
| Version | Release Date | EOL Date | Status | Notes |
|---|---|---|---|---|
| 0.11.2 | August 10, 2010 | EOL 2010 | 🔴 EOL | Last 0.x version |
| 0.11.1 | July 12, 2010 | EOL 2010 | 🔴 EOL | Bug fixes |
| 0.11.0 | March 28, 2010 | EOL 2010 | 🔴 EOL | New features |
| 0.10.2 | April 14, 2010 | EOL 2010 | 🔴 EOL | Maintenance release |
| 0.10.1 | November 25, 2009 | EOL 2010 | 🔴 EOL | Bug fixes |
| 0.10.0 | October 8, 2009 | EOL 2010 | 🔴 EOL | Major feature updates |
| 0.9.2 | November 25, 2009 | EOL 2009 | 🔴 EOL | Bug fixes |
| 0.9.1 | December 1, 2009 | EOL 2009 | 🔴 EOL | Patch release |
| 0.9.0 | December 1, 2009 | EOL 2009 | 🔴 EOL | Beta release |
| 0.8.1-incubating | Early 2009 | EOL 2009 | 🔴 EOL | Apache Incubator patch |
| 0.8.0-incubating | Late 2008 | EOL 2009 | 🔴 EOL | First Apache Incubator release |
Version Summary Statistics
| Major Series | Total Releases | Current Support | First Release | Last Release |
|---|---|---|---|---|
| 3.x | 17 releases | ✅ 2 versions supported | 2019 | 2025 |
| 2.x | 7 releases | 🔴 Complete EOL | 2016 | 2019 |
| 1.x | 15 releases | 🔴 Complete EOL | 2010 | 2017 |
| 0.x | 11 releases | 🔴 Complete EOL | 2008 | 2010 |
| Total | 50 releases | Only 2 supported | 2008 | 2025 |
5. Upgrade Strategy and Migration Guide
Direct Upgrade from 1.x to 3.x Not Possible
Important: CouchDB 1.x cannot be directly upgraded to 3.x.
Upgrade Paths:
- 1.x → 2.3.1 → 3.x: First upgrade to 2.3.1 to convert databases and indexes
- Direct Replication: Install new 3.x instance and replicate directly from 1.x to 3.x
Upgrading Within 3.x Series
Safe upgrade and downgrade paths exist between 3.4.x and 3.5.0.
6. Security Vulnerability (CVE) History (2010-2023)
Latest Update: No new CVEs discovered in 2024 and 2025.
Major CVE List
| CVE Number | Discovery Date | Affected Versions | Patched Versions | Severity | Vulnerability Type |
|---|---|---|---|---|---|
| CVE-2023-45725 | October 2023 | Pre-3.x | 3.2.3, 3.3.3 | 🔴 High | Privilege Escalation (Design Documents) |
| CVE-2023-26268 | March 2023 | Pre-3.x | 3.2.3 | 🟡 Medium | Information Sharing (couchjs processes) |
| CVE-2022-24706 | May 2022 | Pre-3.x | 3.2.2 | 🔴 High | Information Disclosure |
| CVE-2020-1955 | April 2020 | 1.x, 2.x, 3.0 | 2.3.1, 3.0.1 | 🔴 High | Remote Privilege Escalation |
| CVE-2018-17188 | November 2018 | 1.x, 2.x | 2.2.0, 1.7.2 | 🔴 High | Remote Privilege Escalation |
| CVE-2018-11769 | August 2018 | 1.x, 2.x | 2.2.0, 1.7.2 | 🔴 High | Remote Code Execution |
| CVE-2018-8007 | April 2018 | 1.x, 2.x | 2.1.2, 1.7.2 | 🔴 High | Remote Code Execution |
| CVE-2017-12636 | November 2017 | 1.x | 1.7.1 | 🔴 High | Remote Code Execution |
| CVE-2017-12635 | November 2017 | 1.x | 1.7.1 | 🔴 High | Remote Privilege Escalation |
Vulnerability Classification by Type
| Vulnerability Type | CVE Count | Major Version Impact | Severity |
|---|---|---|---|
| Remote Code Execution | 4 | 1.x, 2.x | 🔴 Critical |
| Privilege Escalation | 4 | 1.x, 2.x, 3.x | 🔴 High |
| Information Disclosure | 3 | All versions | 🟡 Medium-High |
7. Production Recommendations
Current Status Assessment
| Current Version | Risk Level | Immediate Action | Target Version |
|---|---|---|---|
| 3.5.x | 🟢 Safe | Regular monitoring | Maintain |
| 3.4.3 | 🟢 Safe | Regular monitoring | Maintain or 3.5.x |
| 3.4.2 and below | 🟡 Caution | Upgrade within 3 months | 3.5.x |
| 3.3.x and below | 🟠 Risk | Upgrade within 1 month | 3.5.x |
| 2.x | 🔴 Critical | Immediate upgrade | 3.5.x |
| 1.x | 🔴 Severe | Immediate upgrade | 3.5.x |
Security Monitoring Resources
8. Summary
Key Takeaways:
- Current Support: Only 3.5.0 and 3.4.3 receive security support
- Immediate Action Required: Any deployment running 2.x or earlier
- Regular Reviews: Quarterly version checks and upgrade planning
- Security Status: No new CVEs discovered in 2024-2025
Useful Commands:
# Check current version
curl http://localhost:5984/
# Health check
curl http://localhost:5984/_up
# List all databases
curl http://admin:password@localhost:5984/_all_dbs
Maintaining a secure and efficient CouchDB deployment requires continuous attention and strategic planning. Security updates directly impact business continuity, making regular monitoring and prompt response essential for production environments.