The WordPress Security Team will cease providing updates for WordPress versions 4.1 – 4.6 in July 2025.
Officially only the latest version of WordPress is supported. The Security Team historically has a practice of backporting security fixes, as necessary, as a courtesy to sites on older versions in the expectation the sites will be automatically updated.
Background
Since December 2022 these courtesy backports have been applied when necessary to versions of WordPress back to 4.1. Versions 4.1 – 4.6 have now reached levels of usage where the benefit of providing these updates is outweighed by the significant effort involved in maintaining not only the branches themselves, but also the tooling and infrastructure for performing the backporting, building, testing, and releasing that’s required in order to continue having confidence in backporting to these branches.
Well below 1% of sites are running WordPress 4.1 – 4.6 as of June 2025. Conversely, backporting security updates to older versions of WordPress takes a substantial amount of time and effort that compounds when each new major version is released. The effect of this imbalance means that during a security release the security team spends most of the time preparing backports for a minority of WordPress installations. By dropping support for these older versions, the team can continue to focus on the latest versions of WordPress which are used by the overwhelming majority of WordPress websites.
Process
Versions older than 4.7 will display a non-dismissible notice in the admin dashboard informing users that an update is available. In the final updates for these WordPress versions, these notices will be made more prominent and inform the administrator that their version of WordPress is no longer receiving security updates.

The text strings and translations for these messages already exist in all branches and won’t change.
TracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. ticket
Changes to the trunk branch and the affected branches can be tracked in this Core Trac ticket.
Thanks to @desrosj for reviewing this post prior to publishing