Key Points
- Ubuntu 16.04 LTS security updates ended in April 2026
- No direct upgrade path – must progress through intermediate versions
- Legacy add-on extends support to April 2031 for Ubuntu Pro subscribers
What this is about
ubuntu.com announced that Ubuntu 16.04 LTS (Xenial Xerus) reached the end of its Expanded Security Maintenance in April 2026. This means systems running this version no longer receive security updates, leaving them vulnerable to new threats.
Users have two choices: upgrade progressively through newer LTS versions to reach 26.04 LTS, or activate the Legacy add-on for their Ubuntu Pro subscription. The Legacy add-on extends security patches for five more years, covering critical packages like MySQL 5.7, Python 2.7, and PostgreSQL 9.5.
Why it matters
This affects organizations still running Ubuntu 16.04 on mission-critical systems. These users may include businesses with specialized hardware, proprietary software stacks, or regulatory compliance requirements that prevent immediate upgrades.
The practical impact is significant but manageable. Without the Legacy add-on, systems face unpatched security vulnerabilities. With it, teams can maintain security compliance while planning long-term migration strategies. The add-on ensures continued security maintenance for both the Linux kernel and thousands of open source packages.
If you’re managing Ubuntu 16.04 servers, have you considered your migration timeline or evaluated the Legacy add-on?