Skip to main content

Pantheon release notes

Your destination for staying informed about our latest innovations and product updates.
Subscribe to RSS feed
Security
November 3, 2025

PHP versions 8.3.27 and 8.4.14, are now available on the platform. These updates bring the latest bug fixes, improving performance and security for your sites. The latest versions have already rolled out to all sites.

PHP 8.4 is only available with the new PHP Runtime Generation 2.

The PHP 8.4 upgrade process automatically includes an upgrade to PHP Runtime Generation 2 if your site hasn't been upgraded already.

Important PHP version information

  • PHP 8.1 and 8.2 are currently receiving security-only updates.
  • For more details, see the full list of PHP supported versions.

For the best performance and security, Pantheon recommends running PHP 8.2 and above.

October 14, 2025

Tika 1.18 and 1.21 will no longer be available starting January 19, 2026. Impacted sites must upgrade to Tika 3.2 which is available via PHP Runtime Generation 2.

The Apache Tika toolkit detects and extracts metadata and structured text content from various documents using existing parser libraries. On the Pantheon platform, our customers tend to use Tika to parse PDF content for searching with Solr.

Action Required

For most customers, we expect the upgrade to be seamless and not require any manual intervention. But if your site has a custom Tika integration, we recommend you follow our documentation for upgrading to Tika 3 as soon as possible to ensure your site continues to operate as expected.

Sites which have not upgraded to Tika 3 as of January 19, 2026, will be automatically upgraded. Setting tika_version: 1 in pantheon.yml will be ignored after that date. Symlinks from the 1.xx jar filepaths (/srv/bin/tika-app-1.xx.jar) will point to the new Tika 3 jar (/opt/pantheon/tika/tika.jar). These symlinks will be removed later in 2026.

October 7, 2025

PHP versions 8.3.26 and 8.4.13, are now available on the platform. These updates bring the latest bug fixes, improving performance and security for your sites. Updates will be applied automatically over the next few days, so no manual action is required.

PHP 8.4 is only available with the new PHP Runtime Generation 2. To upgrade your site, set the following in your pantheon.yml file:

The PHP 8.4 upgrade process automatically includes an upgrade to PHP Runtime Generation 2.

Important PHP version information

  • PHP 8.1 and 8.2 are currently receiving security-only updates.
  • For more details, see the full list of PHP supported versions.

For the best performance and security, Pantheon recommends running PHP 8.2 and above.

October 6, 2025

Starting today, the session length for users logged into the Pantheon Dashboard has been reduced from 24 hours to 14 hours - regardless of session activity.

Key Changes

  • Previously, Pantheon Dashboard sessions expired after 24 hours of inactivity.
  • Previously, session lengths were inconsistent in some places of the Pantheon Dashboard leading to random logout and authentication requests.
  • Reducing session lengths to 14 hours across the Pantheon Dashboard provides various security benefits and stronger protection for your accounts.

Terminus sessions are not impacted. See related documentation for more information.

September 12, 2025

PHP versions 8.3.25 and 8.4.12, and are now available on the platform. These updates brings the latest bug fixes, improving performance and security for your sites. Updates will be applied automatically over the next few days, so no manual action is required.

PHP 8.4 is only available with the new PHP Runtime Generation 2. To upgrade your site, set the following in your pantheon.yml file:

The PHP 8.4 upgrade process automatically includes an upgrade to PHP Runtime Generation 2.

Important PHP version information

  • PHP 8.1 and 8.2 are currently receiving security-only updates.
  • For more details, see the full list of PHP supported versions.

For the best performance and security, Pantheon recommends running PHP 8.2 and above.

August 8, 2025

Editorial note: The date has been moved from November 12 to December 9.

Sites running Drupal 9.4+ will no longer be able to access Solr 3 via Pantheon Search services starting December 9, 2025. 

After this date, affected sites will not be able to fetch Solr search results or index new content using Solr 3. Views or blocks that rely on Solr-powered Search API indexes may fail to load, return no results, or throw errors.

To find out which version of Solr your site is running, go to your site in the Pantheon Dashboard > Status. Look for the Solr value in the Software Versions block. 

This follows our recent announcement of Pantheon Search no longer being available for Drupal 8-9.3.

Action Required

Affected Drupal sites will need to upgrade to Solr 8 and search_api_pantheon 8.2+. A Solr upgrade guide is available in our documentation.

Alternatively, Pantheon Search can be disabled, and site owners may choose to implement Drupal’s built-in database search or a third-party search service provider.

August 6, 2025

PHP versions 8.3.24 and 8.4.11, and are now available on the platform. These updates brings the latest bug fixes and enhancements, improving performance and security for your sites. Updates will be applied automatically over the next few days, so no manual action is required.

PHP 8.4 is only available with the new PHP Runtime Generation 2. To upgrade your site, set the following in your pantheon.yml file:

The PHP 8.4 upgrade process automatically includes an upgrade to PHP Runtime Generation 2.

Important PHP version information

  • PHP 8.1 and 8.2 are currently receiving security-only updates.
  • For more details, see the full list of PHP supported versions.

For the best performance and security, Pantheon recommends running PHP 8.2 and above.

August 6, 2025

Starting August 13th, 2025 Pantheon will start blocking web access to several common configuration and dependency management paths. This is a preventative security measure to protect against potential information disclosure vulnerabilities. For the vast majority of users, no site impact is expected and no action is required.

Key Changes

We are updating our platform's global routing configuration to prevent public access to the following paths:

  • composer.json
  • composer.lock
  • package.json
  • phpunit.xml.dist

Any attempt to access these files directly via a web browser or other HTTP client will result in a 403 Forbidden error.

Why make this change?

These files, while essential for development and deployment workflows, can expose sensitive information if they are publicly accessible.

Blocking these files aligns with security best practices by ensuring that information intended for developers and build processes is not publicly exposed.

Site Impact

For most sites, there will be no noticeable impact. These files are not intended to be served publicly, and this change simply enforces security best practices at the platform level.

This change will not affect:

  • Your ability to access or modify these files via Git or SFTP.
  • Your local development workflow.
  • The execution of composer or npm/yarn commands during your build process on Pantheon.

In the unlikely event that your application logic relies on public, web-based access to these files (a practice which is strongly discouraged), please contact support.