Pantheon release notes

The latest version of WordPress, 6.9.4, is available on Pantheon as of today, March 11th, 2026.

This is a security release that addresses incomplete security fixes from the previous 6.9.2 and 6.9.3 releases. Three security vulnerabilities are fixed in this version:

• A PclZip path traversal issue
• An authorization bypass on the Notes feature
• An XXE (XML External Entity) vulnerability in the external getID3 library

Action required

Upgrade to WordPress 6.9.4 right from your Pantheon dashboard or Terminus to access the latest features, fixes, and security enhancements. See related documentation for how to apply core updates.

The latest version of WordPress, 6.9.3, is available on Pantheon as of yesterday, March 10th, 2026.

This version is an immediate follow up with fixes for bugs introduced in 6.9.2, which is a security release.

Action required

Upgrade to WordPress 6.9.3 right from your Pantheon dashboard or Terminus to access the latest features, fixes, and security enhancements. See related documentation for how to apply core updates.

Pantheon is announcing a PHP version removal schedule. The following PHP versions will be removed from the platform on September 30, 2026:

• PHP 5.6
• PHP 7.0
• PHP 7.1
• PHP 7.2 (End of Sale: May 1, 2026)
• PHP 7.3 (End of Sale: May 1, 2026)
• PHP 8.0 (End of Sale: May 1, 2026)

PHP 5.6, 7.0, and 7.1 are already end-of-sale. PHP 7.2, 7.3, and 8.0 will reach end-of-sale on May 1, 2026, meaning no new sites can be created with these versions after that date.

Additionally, PHP 8.1 will reach end-of-sale on September 30, 2026, with a removal date to be announced at least 9 months in advance.

What happens when a PHP version is removed?

Sites still running a removed PHP version will be automatically upgraded to the oldest available PHP version at the time of removal. If your site's software has not been updated for compatibility, this may result in broken functionality.

What to expect going forward

Pantheon will guarantee at least 9 months of advance notice before removing any PHP version from the platform. Refer to the PHP version lifecycle table for the latest schedule.

Action required

If your site is running PHP 5.6, 7.0, 7.1, 7.2, 7.3, or 8.0, upgrade to a recommended PHP version before September 30, 2026 to avoid disruption. We recommend PHP 8.3 or 8.4 for all production sites.

For guidance on upgrading, refer to Upgrade PHP Versions.

Pantheon has released version 2.3.1 of the WP SAML Auth WordPress plugin. This update adds a new filter for multisite environments to give developers more control over how SAML-provisioned users are added to sites. No action is required — existing behavior is unchanged.

What's new

• Multisite user provisioning control — A new wp_saml_auth_auto_add_to_blog filter allows developers to prevent auto-provisioned SAML users from being automatically added to the current site. When set to false, users are created as network-level users without a role on any specific site, giving full control over site membership. The filter defaults to true, preserving existing behavior. See #465 for details.

Update to 2.3.1 from the WordPress dashboard under Plugins > Installed Plugins, or download it from the WordPress Plugin Repository.

For more details, see the plugin changelog.

Pantheon's Solr search Drupal module, search_api_pantheon, has been updated with two new releases — 8.4.0 and 8.4.1. These releases include significant architectural improvements and enhanced developer experience.

We recommend upgrading directly to 8.4.1.

What's Changed in 8.4.0

• License corrected to GPL-2.0+ to align with Drupal standards.
• Major code refactoring resulting in a 60% reduction in code length.
• Simplified service architecture for better maintainability.
• Removed unnecessary overrides for Guzzle, Endpoint, and the Solarium client.
• Improved local development experience. Server connector configuration fields are now editable in local environments and automatically overridden when deployed to Pantheon.
• Drush commands automatically use the first enabled server with the Pantheon connector. The server_id argument is no longer needed or accepted.
  • For more details, see the diagnostic commands section in README.md: https://git.drupalcode.org/project/search_api_pantheon/-/blob/8.4.x/README.md#diagnostic-commands

Dependency Updates:

• Removed direct dependencies on guzzlehttp/guzzle, symfony/finder, symfony/yaml, and other packages now provided transitively through search_api_solr (these dependencies are still available but come through search_api_solr instead).
  • Impact: No action required unless custom code directly uses these services
• Removed kint-php/kint dependency.

What's Changed in 8.4.1

• Restored the search_api_pantheon_admin submodule (removed in 8.4.0) as an obsolete module to support smooth upgrades from earlier versions.

Action Required

1. Back up your database before proceeding with the upgrade.
2. Test thoroughly in a non-production environment before deploying to your live site.

Pantheon Search Server Migration

Since version 8.3.0, the default server ID is pantheon_search. New installations use this automatically. Existing sites upgrading from earlier versions can migrate from pantheon_solr8 to pantheon_search via an update hook.

If you proceed with migration, the update hook will update the server ID from pantheon_solr8 to pantheon_search, reassign all indexes to the new server, and flag content for reindexing.

After running database updates (drush updb), reindex your content:

To opt out of migration and continue using pantheon_solr8, add this to your settings.php before running database updates:

Upgrade Instructions

For detailed installation and upgrade instructions, please refer to:

• README.md
• CHANGELOG.txt

Important: Version Support

Version 8.4.x is now the only maintained version; support for 8.3.x and 8.2.x has been discontinued.

We will be launching a new Slack instance for our Pantheon Customer Community on Monday, March 9th, 2026.

What's new

• Members-only Community. The new Slack Community will be exclusive to verified Pantheon customers and partners.
• Multichannel. The new Slack will have channels built around your interest so every conversation feels relevant and worth showing up to.
• Quarterly roadmap reviews. You'll hear directly from our product team on what's coming next.
• Dedicated Product Feedback channel. A dedicated #product-feedback channel where you can share ideas, vote on what matters most, and send feedback straight to our product team without ever leaving Slack.
• Quarterly challenges. We will be launching quarterly challenges with awesome perks and giveaways just for showing up and being part of the community.
• Limtied-edition swag. Because being an amazing customer has its perks.

What's not changing

• We're staying on Slack, just moving to a new workspace. Same app to connect with Pantheon and the wider community.
• All channels, users and conversations will be moving over. We will still be your peer-to-peer resource. Site- and workspace-specific questions and support should still go through the normal support channels.
• Same workspace URL. Once the migration is complete, we'll be using the same workspace URL you've always used to access the Pantheon Community Slack.

Action required

• If you are a member in our existing Community Slack and using a different email to sign into Pantheon (e.g. a business email) than what you are using to sign onto the Pantheon Slack, we ask that you update your email addresses to match by end-of-day March 6, 2026.
• If you are unable to connect to the Pantheon Community Slack after the migration on March 9, 2026, please submit this form and our team will review.

Considerations

• The migration is happening on Friday, March 6th. There will be 2 days of data not migrated from the existing (old) Slack instance into the new Community Slack.

As a follow-up to our release note announcing the removal of PHP Runtime Generation 1, we're now providing specific dates for the removal from the platform.

What's changing when?

All environments that have not been upgraded to PHP Runtime Generation 2 will be auto-upgraded on the following schedule:

• April 6, 2026: Dev and Multidev environments will be auto-upgraded to Generation 2
• April 13, 2026: Test and Live environments will be auto-upgraded to Generation 2

After these dates, PHP Runtime Generation 1 will no longer be available.

Action Required

We strongly recommend that all site owners proactively test and upgrade to Generation 2 rather than waiting for the auto-upgrade. This allows you to:

• Test your site in Dev and Multidev environments before the upgrade reaches Test and Live
• Address any compatibility issues on your own timeline
• Avoid potential downtime or unexpected issues during the auto-upgrade

Please review the Known Changes and Requirements if you are still in the process of upgrading your site.

The latest version of WordPress, 6.9.1, is available on Pantheon as of February 4, 2026.

Action required

Upgrade to WordPress 6.9.1 right from your Pantheon dashboard or Terminus to access the latest features, fixes, and security enhancements. See related documentation for how to apply core updates.

Highlights

• This minor release includes fixes for 49 bugs throughout Core and the Block Editor, addressing issues affecting multiple areas of WordPress including the block editor, mail, and classic themes. For a full list of bug fixes, please refer to the release candidate announcement.

WordPress 6.9.1 is a short-cycle maintenance release. The next major version of WordPress will be 7.0; it is scheduled for release on 9 April 2026 at WordCamp Asia.

For full details about WordPress 6.9.1, see the official release announcement.