Life Cycle Security Update Policy

Red Hat is committed to providing secure, stable Enterprise-class products. While we strive to find and remove software vulnerabilities during the productization process, we recognize that vulnerabilities in software can be routinely found at any point in the life cycle, and we are prepared to respond when they are discovered. Red Hat advises our customers to always install the latest product releases, updates, and security updates when made available to remain as secure as possible. Red Hat may be unable to provide security updates for versions that are past their supported life cycle, leaving those versions at risk to threats from ever-changing security requirements and unpatched vulnerabilities.

For security issues under embargo, Red Hat does not disclose, discuss, or confirm security issues until an investigation is conducted and the vulnerability is made public. Once an embargoed issue has been made public, Red Hat publishes documentation regarding the flaw including technical details on the issue, a Common Vulnerabilities and Exposures (CVE) identifier, a Common Vulnerabilities Security Score (CVSS), a Red Hat Severity Rating, and the Red Hat products impacted by the vulnerability. Red Hat distributes information about security issues in its products through the Red Hat CVE database and security advisories to active subscription holders.

For the latest information on security errata and advisories, refer to our Security Advisories. For more information on the life cycles of our products and what level of maintenance can be expected for each product, refer to our Life Cycle and Update Policies.