Solutions Events Blog Get in touch
menu
Home > Blog > OpenSearch Now Has an LTS Program. Here's What That Means for Your Production Deployment.

OpenSearch

2026-06-02

OpenSearch Now Has an LTS Program. Here's What That Means for Your Production Deployment.

OpenSearch's new LTS program brings enterprise-grade support, security assurances, and long-term stability to production deployments.

Reading time: 5 minutes
By Alannah Melly
If you’ve been running OpenSearch in production for any length of time, you’ve probably encountered a version of this scenario: a security team flags a CVE against your current OpenSearch release and asks for a patch timeline. Or your version enters maintenance and you realise there is no documented upgrade path you can commit to. Or an auditor asks which vendor is accountable for your OpenSearch security posture, and you have no clear answer.
These are not edge cases. They are the natural result of running a powerful, community-driven open source platform in enterprise environments that were designed around commercial software contracts. Until April 2026, OpenSearch didn’t have a formal mechanism to address them. Now it does.

The Gap the LTS Program Was Designed to Close

OpenSearch has grown rapidly since its launch in 2021 as a fork of Elasticsearch. It now has over 1.5 billion downloads and is used in production by organisations including Atlassian and Uber. But despite its scale, enterprises running it for mission-critical search, observability, and analytics workloads have consistently faced the same unanswered questions:
  • Which version should we be on, and how long is it supported for?
  • When a CVE is disclosed, who patches it, and on what timeline?
  • What can we show an auditor as evidence of our security posture?
  • If we need commercial support, how do we evaluate and compare vendors?
The OpenSearch Software Foundation’s Long-Term Support (LTS) program, announced at OpenSearchCon Europe in Prague on 16 April 2026, was built to answer all four.

What the LTS Program Actually Delivers

The program rests on three pillars, each targeting a specific gap that production operators have felt for years.

Defined Support Lifecycles

Each major OpenSearch version will have at least one designated LTS release with a guaranteed minimum of 18 months of support. The program launches with OpenSearch 2.19 and 3.6 as the first designated LTS releases. This gives engineering and security teams a planning horizon they can actually work with, rather than an informal expectation that a version will “probably” be maintained.

Transparent Security Posture

The program sets hard requirements for how accredited providers handle vulnerabilities. Medium and high-severity CVEs must be addressed within 60 days of public disclosure. Accredited providers also receive early security vulnerability notifications — before public disclosure — so patching work can begin before the wider ecosystem is aware of the issue.
Additionally, the Foundation is scanning all 152 OpenSearch repositories to build Software Bills of Materials (SBOMs), giving organisations the artefacts they need to demonstrate component provenance and security posture for compliance and audit requirements. This is a direct response to regulatory pressure from frameworks including the EU’s Cyber Resilience Act (CRA).

Accredited Vendor Choice, Without Lock-In

Rather than designating a single commercial partner, the Foundation has created a vendor accreditation model. Providers are vetted against a set of standards and, once accredited, can deliver Foundation-approved commercial LTS support. A critical condition of accreditation is the no-fork policy: every bug fix and security patch developed for an LTS version must be contributed back upstream to the open source project. There is one codebase, maintained in the open, regardless of which accredited provider you choose.

OpenSearch 3.6: The First LTS Release

OpenSearch 3.6 is not only administratively significant as the first LTS release — it is also a substantial feature release. It introduces the OpenSearch Observability Stack, a fully pre-configured observability environment bundling OpenTelemetry Collector, Data Prepper, Prometheus, and OpenSearch Dashboards, deployable with a single Docker Compose command. It also introduces Application Performance Monitoring (APM) for real-time monitoring of distributed applications, and the OpenSearch Relevance Agent — an experimental AI-powered tool using three specialised subagents to automate search relevance optimisation, reducing cycles that previously took weeks to a matter of hours.
For teams evaluating or already running 3.x, 3.6 is the version to standardise on.

Eliatra as a Foundation-Accredited LTS Provider

Eliatra is one of three founding accredited providers under the OpenSearch Software Foundation’s LTS program, alongside BigData Boutique and Resolve Technology. We are a founding member of the Foundation itself, and our engineers maintain the Security and Operator repositories for OpenSearch — two of the most critical components for enterprise deployments.
We have been supporting OpenSearch in production since its earliest days. The LTS program formalises what we have always done. It does not change our approach — it gives our customers a structure to point to.
“Open source only works when the community shows up for it. Becoming an OpenSearch Software Foundation-certified LTS provider is how we show up. Our customers run OpenSearch in production environments where a surprise CVE or an unsupported version is not an option — they need a partner who is accountable, not just available. This program gives that commitment a structure, and gives our customers something they can take to their security teams with confidence.”
— David Bennett, Managing Director, Eliatra

What This Means in Practice

If you are running OpenSearch in production today, the immediate practical implications are:
  • On 2.x? OpenSearch 2.19 is the version to align to for a supported LTS lifecycle.
  • Planning a 3.x deployment? 3.6 is the first LTS release and the right foundation to build on.
  • Security or compliance team asking for documented SLAs and SBOM artefacts? Those now exist under the LTS program framework.
  • Need a commercial support partner? Eliatra is Foundation-accredited and ready to help.
The LTS program removes the last remaining hesitation for enterprises considering OpenSearch for mission-critical workloads. You no longer have to choose between open source flexibility and enterprise-grade support guarantees.

You may also like

OpenSearch 3.2: What's New?

OpenSearch 3.2 has been released, bringing a wide range of improvements across search, observability, and generative AI use cases. Below we take a closer look at the most notable changes.
Reflecting on 2023 and Charting the Course for 2024

Our Year in Review: New Products, Team Events, and Next Steps

Before and After: What Changes When You Move to OpenSearch LTS

Learn what changes with OpenSearch LTS and the key factors to consider when evaluating an accredited provider.
Eliatra Newsletter
Sign up to the Eliatra Newsletter to keep updated about our Managed OpenSearch offerings and services!