Skip to content

security: Update supporting timeline #11300

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
cosmo0920 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

security: Update supporting timeline #11300

cosmo0920 wants to merge 1 commit into from

Conversation

@cosmo0920
Copy link
Contributor

@cosmo0920 cosmo0920 commented Dec 18, 2025
edited by coderabbitai bot
Loading

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

  • Example configuration file for the change
  • Debug log output from testing the change
  • Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

  • Run local packaging test showing all targets (including any new ones) build.
  • Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

  • Documentation required for this feature

Backporting

  • Backport to latest stable release.

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

Summary by CodeRabbit

  • Documentation
    • Updated security support timelines for supported product versions (4.2.x, 4.1.x, 4.0.x) with adjusted end-of-support dates.
    • Updated document's "last updated" date to reflect the latest revision.

✏️ Tip: You can customize this high-level summary in your review settings.

@cosmo0920 cosmo0920 requested a review from edsiper as a code owner December 18, 2025 09:33
@coderabbitai
Copy link

coderabbitai bot commented Dec 18, 2025
edited
Loading

Walkthrough

Updated SECURITY.md with revised end-of-support dates for versions 4.2.x, 4.1.x, and 4.0.x and an updated "Last updated" date of December 18, 2025. No other content or policy text changed.

Changes

Cohort / File(s) Change Summary
Security policy documentation
SECURITY.md		 Adjusted security update timelines: 4.2.x → July 30, 2026; 4.1.x → February 28, 2026; 4.0.x → December 23, 2025. Updated "Last updated" to December 18, 2025.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

  • Documentation-only date updates in a single policy file.

Poem

🐰 Dates hop forward, neat and bright,
Timelines trimmed and set just right,
December stamped with careful cheer,
A little change to keep things clear,
The rabbit nods — the path is light.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'security: Update supporting timeline' directly and clearly summarizes the main change: updating security support timelines in SECURITY.md.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch cosmo0920-reschedule-support-periods
📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 86eb4d1 and a89714c.

📒 Files selected for processing (1)
  • SECURITY.md (2 hunks)
🧰 Additional context used
🪛 markdownlint-cli2 (0.18.1)
SECURITY.md

61-61: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (21)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=Off, 3.31.6, clang, clang++)
  • GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_ADDRESS=On, 3.31.6, clang, clang++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_COVERAGE=On, 3.31.6, gcc, g++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=On, 3.31.6, gcc, g++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_SMALL=On, 3.31.6, gcc, g++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_MEMORY=On, 3.31.6, clang, clang++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=Off, 3.31.6, gcc, g++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=On, 3.31.6, gcc, g++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_COMPILER_STRICT_POINTER_TYPES=On, 3.31.6, gcc, g++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=Off, 3.31.6, gcc, g++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=On, 3.31.6, clang, clang++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_MEMORY=On, 3.31.6, gcc, g++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_ARROW=On, 3.31.6, gcc, g++)
  • GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_UNDEFINED=On, 3.31.6, gcc, g++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_THREAD=On, 3.31.6, clang, clang++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=On, 3.31.6, clang, clang++)
  • GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_ADDRESS=On, 3.31.6, gcc, g++)
  • GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_UNDEFINED=On, 3.31.6, clang, clang++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_SMALL=On, 3.31.6, clang, clang++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=Off, 3.31.6, clang, clang++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_THREAD=On, 3.31.6, gcc, g++)
🔇 Additional comments (1)
SECURITY.md (1)

9-11: ✅ Version support timeline dates updated correctly.

The end-of-support dates have been appropriately adjusted for all active versions:

  • 4.2.x extended to July 30, 2026
  • 4.1.x moved to February 28, 2026 (with correct spelling)
  • 4.0.x moved to December 23, 2025

The changes align with the PR objective and maintain proper semantic versioning and policy clarity.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@cosmo0920 cosmo0920 changed the title security: Update supporting schedule security: Update supporting timeline Dec 18, 2025
coderabbitai[bot]
coderabbitai bot reviewed Dec 18, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 909b1a9 and 86eb4d1.

📒 Files selected for processing (1)
  • SECURITY.md (2 hunks)
🧰 Additional context used
🪛 markdownlint-cli2 (0.18.1)
SECURITY.md

61-61: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (21)
  • GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_ADDRESS=On, 3.31.6, clang, clang++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_COMPILER_STRICT_POINTER_TYPES=On, 3.31.6, gcc, g++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_COVERAGE=On, 3.31.6, gcc, g++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_ARROW=On, 3.31.6, gcc, g++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=Off, 3.31.6, clang, clang++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_MEMORY=On, 3.31.6, gcc, g++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_SMALL=On, 3.31.6, gcc, g++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=Off, 3.31.6, gcc, g++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=Off, 3.31.6, clang, clang++)
  • GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_UNDEFINED=On, 3.31.6, gcc, g++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=On, 3.31.6, clang, clang++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=On, 3.31.6, gcc, g++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_SMALL=On, 3.31.6, clang, clang++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_MEMORY=On, 3.31.6, clang, clang++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_THREAD=On, 3.31.6, gcc, g++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=Off, 3.31.6, gcc, g++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=On, 3.31.6, gcc, g++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=On, 3.31.6, clang, clang++)
  • GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_THREAD=On, 3.31.6, clang, clang++)
  • GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_UNDEFINED=On, 3.31.6, clang, clang++)
  • GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_ADDRESS=On, 3.31.6, gcc, g++)
🔇 Additional comments (1)
SECURITY.md (1)

9-11: Verify the rationale for shortened EOM dates.

The EOM dates for 4.1.x and 4.0.x have been shortened:

  • 4.1.x: March 31, 2026 → February 28, 2026 (moved earlier by ~1 month)
  • 4.0.x: December 31, 2025 → December 23, 2025 (moved earlier by 8 days; now only 5 days from EOL as of today)

While the 4.2.x extension to July 30, 2026 is straightforward, please confirm that the earlier EOL dates for 4.1.x and 4.0.x are intentional business decisions (e.g., accelerated EOL to focus resources on later releases). This change impacts users' security patch availability and should be clearly communicated if these timelines are indeed being shortened.

@cosmo0920 cosmo0920 force-pushed the cosmo0920-reschedule-support-periods branch from 86eb4d1 to a89714c Compare December 18, 2025 10:52
patrick-stephens
patrick-stephens reviewed Dec 19, 2025
View reviewed changes
SECURITY.md
| **4.0.x** | ✅ Active | **December 31, 2025** |
| **4.2.x** | ✅ Active | **July 30, 2026** |
| **4.1.x** | ✅ Active | **February 28, 2026** |
| **4.0.x** | ✅ Active | **December 23, 2025** |
Copy link
Collaborator

@patrick-stephens patrick-stephens Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How come we're reducing this? Is it just because of availability over the holiday period?

I think it should be fine as it only shrinks it by a week.

patrick-stephens
patrick-stephens approved these changes Dec 19, 2025
View reviewed changes
Copy link
Collaborator

@patrick-stephens patrick-stephens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems ok to be although we should probably announce it in community channels - particularly as we're reducing two dates, increasing the length of support is ok I think but decreasing it needs visibility for folks who have the old dates as a dependency.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@patrick-stephens patrick-stephens patrick-stephens approved these changes

@edsiper edsiper Awaiting requested review from edsiper edsiper is a code owner

Assignees

No one assigned

Labels

docs-required

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cosmo0920 @patrick-stephens