Pantheon release notes

Following the successful rollout of PHP Runtime Generation 2 for all environments that have not opted-out, we are now preparing to remove PHP Runtime Generation 1 from the platform starting April 6, 2026.

What's changing when?

Between April 6 and April 17, 2026, all environments that have not been upgraded will be auto-upgraded to Generation 2. Opting out will no longer be available.

Action Required

Please view the Known Changes and Requirements list if you are still in the process of upgrading your site. We recommend all site owners proactively test and upgrade to Generation 2 rather than waiting for this auto-upgrade.

We are removing ionCube support from the platform on March 8, 2026. This PHP extension was prevously only available for PHP 8.1 on PHP Runtime Generation 1.

Pantheon continually reviews our PHP runtime and explores opportunities to optimize performance and build times.

If your application uses ionCube, please contact support or your Customer Success Manager to explore options for your use case.

The latest version of WordPress, 6.9, is available on Pantheon as of December 02, 2025.

Action required

Upgrade to WordPress 6.9 right from your Pantheon dashboard or Terminus to access the latest features, fixes, and security enhancements. See related documentation for how to apply core updates.

For full details about WordPress 6.9, see the release notes

Pantheon is updating its platform to align with current IANA standards by removing support for deprecated MIME types that use the x- prefix. This change will be introduced on November 17, 2025.

The following deprecated types have been updated to their modern, IANA-standard equivalents. No action is required for these files unless you have custom code explicitly referencing the old format.

• application/mathml+xml mml
• application/javascript js mjs
• image/vnd.microsoft.icon ico
• image/bmp bmp
• application/vnd.rar rar
• audio/mp4 m4a
• video/mp4 m4v
• font/ttf ttf
• text/vcard vcf
• application/vnd.amazon.mobi8-ebook mobi

The following deprecated x- prefixed MIME types will be removed entirely from platform support:

• text/x-component htc
• image/x-jng jng
• application/x-7z-compressed 7z
• application/x-cocoa cco
• application/x-javascript
• application/x-java-archive-diff jardiff
• application/x-java-jnlp-file jnlp
• application/x-makeself run
• application/x-perl pl pm
• application/x-pilot prc pdb
• application/x-redhat-package-manager rpm
• application/x-sea sea
• application/x-shockwave-flash swf
• application/x-stuffit sit
• application/x-tcl tcl tk
• audio/x-realaudio ra
• video/x-flv flv
• video/x-mng mng
• video/x-ms-asf asx asf
• video/x-ms-wmv wmv
• video/x-msvideo avi
• application/x-plist plist

Action Required

Review any custom code or configurations that utilize the removed MIME types and update them to use their respective IANA-standard equivalents.

If you encounter a file type that IANA does not yet handle, or if you require an alternative configuration, please follow the instructions in our documentation.

The Pantheon Content Publisher plugin is now officially available in the WordPress Plugin Repository. You can now install or update it directly from your WordPress dashboard.

Action required

We recommend that all customers switch their sites to the WordPress.org–hosted version to take advantage of seamless updates and improved long-term support. By switching, you’ll:

• Receive automatic update notifications and one-click upgrades within the WordPress admin panel
• Stay up to date with the latest security, stability, and compatibility improvements
• Benefit from WordPress’s official distribution system, including built-in changelogs, and version tracking

Switching to the repository version helps ensure your site runs the most stable and officially supported release of the plugin.

For sites using Object Cache Pro, a new recommended config constant, Pantheon OCP Config Version 2.0, is now available.

The primary change is setting the analytics persist setting to false to reduce Redis errors experienced by sites. This will now clear object caching analytics when the cache is flushed.

View the new config constant here.

Action Required

You may choose to manually replace the WP_REDIS_CONFIG constant in your wp-config-ocp.php or re-run terminus install:run <site>.<environment> ocp to apply the changes.

Tika 1.18 and 1.21 will no longer be available starting January 19, 2026. Impacted sites must upgrade to Tika 3.2 which is available via PHP Runtime Generation 2.

The Apache Tika toolkit detects and extracts metadata and structured text content from various documents using existing parser libraries. On the Pantheon platform, our customers tend to use Tika to parse PDF content for searching with Solr.

Action Required

For most customers, we expect the upgrade to be seamless and not require any manual intervention. But if your site has a custom Tika integration, we recommend you follow our documentation for upgrading to Tika 3 as soon as possible to ensure your site continues to operate as expected.

Sites which have not upgraded to Tika 3 as of January 19, 2026, will be automatically upgraded. Setting tika_version: 1 in pantheon.yml will be ignored after that date. Symlinks from the 1.xx jar filepaths (/srv/bin/tika-app-1.xx.jar) will point to the new Tika 3 jar (/opt/pantheon/tika/tika.jar). These symlinks will be removed later in 2026.

As part of Pantheon's Long-Term Support (LTS) for Drupal 7, Drupal 7.105 is now available with a critical security patch.

In order to swiftly provide security coverage for a discovered vulnerability, both 7.104 and 7.105 have been included in a 7.105 tag for the drops-7 upstream.

• 7.104: This backports a prototype pollution fix in the BBQ JavaScript library used by several popular modules, including Views, Overlay and Module Filter. Of the usages inspected, only Overlay was found to be using BBQ in a vulnerable manner. If you cannot upgrade immediately, the issue can be mitigated by uninstalling Overlay module. If Overlay is not installed, then this update is not needed.

• 7.105: This adds support for PHP 8.4. If you do not run and/or do not plan to run your site on PHP 8.4, you do not need this update. Because of the many deprecation notices added to PHP 8.4, it is recommended that ini_set('error_reporting', E_ALL & ~E_DEPRECATED & ~E_USER_DEPRECATED) or some equivalent is added to the site's settings.php file.

Action required

Apply the latest upstream update to your Drupal 7 site to receive these updates. See related documentation for how to apply core updates.

About Drupal 7 Long-Term Support

Pantheon has partnered with Tag1 Consulting to deliver security updates and maintenance for Drupal 7 sites until at least January 5, 2027. This extended support is included at no additional cost.

For configuration guidance and detailed information, visit our related documentation.