Rocky 8.9, MariaDB 10.3

Hi, We run Qualys cloud agent to detect software CVE’s and it has marked at MariaDB 10.3.39 as having a couple CVE’s to remediate. I see that 10.3 is no longer on the RedHat App Stream Life Cycle, they have 10.5 good until 2026. We have a split decision from admins that 10.3 is continuing to be supported but that is only through RedHat Full Life Application Streams Release Life Cycle, which I believe is for their paying customers.
Can somebody please clarify for me what streams Rocky gets downstream from RHEL? MariaDB 10.3 was EOL in 2023, are we in Rocky still receiving patches for that?

Appreciate any info, thank you.
K Hanson, Montana State University

Any stream that RHEL provides, we also provide.

If the mariadb 10.3 stream receives updates in RHEL, we’ll also build it and ship it out. Otherwise, no changes will occur. “Full life” implies that the stream they’re referring to will be supported until 8 is end of life, which will be in 2029. If you look at their list, they also state the virt stream. This always receives updates and has since 8’s release. Same with squid.

If qualys is saying that there are CVE’s, you may want to research them on Red Hat’s website to see if they are applicable or have been fixed already.

1 Like

Thank you very much for clarifying.