Oh, I wasn't previously aware of this useful resource:

..lists support lifecycles for releases of a number of software packages. It was recently mentioned in a discussion on oss-security about "affected versions" for CVEs, and why EOLed vulnerable software might not be listed.

So don't blindly check vulnerability metadata against installed software versions without looking at vendor support cycles.

Sign in to participate in the conversation
INFRa Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!