Scope of Coverage

Red Hat Lightwell Network does not include traditional Red Hat technical support. Customers receive signed libraries that contain verified and tested patches tailored to both current and older versions of the Lightwell Libraries. However, the service does not provide technical assistance for applying the patches or using the platform. Red Hat Lightwell Network operates on a self-service consumption model where patched artifacts are made available through Red Hat secured registries.

Red Hat Lightwell Network provides security vulnerability remediation and supply chain integrity for specified open source packages. Red Hat provides the following support for Lightwell Network Members:

  • Access, onboarding, and availability of the Lightwell Network repositories
  • Remediations for high priority vulnerabilities to Lightwell Libraries as determined by Red Hat
  • Backported security fixes to older, dependency-driven versions of the Lightwell Libraries
  • Signed artifacts with supply chain metadata for the updates to Lightwell Libraries
  • Submission of security fixes to current upstream open source projects
  • Maintenance of security fixes when upstream acceptance does not occur until such time when an applicable security fix is accepted upstream

The following are not included as part of the Lightwell Network:

  • Functional, feature or performance enhancements to upstream libraries
  • Support for non-security bugs in upstream libraries
  • Customer application code support or debugging
  • Technical assistance for applying patches

All patched artifacts are provided at Red Hat's discretion based on vulnerability severity, exploitability, and ecosystem impact. Security severity classifications follow Red Hat's Security Data classification system.