We accept issues and vulnerability disclosures on all releases for up to two years. For example;
| Version | Release date | Supported |
|---|---|---|
| 24.0.0.1 | Jan 2024 | until Jan 2026 |
| 25.0.0.12 | Dec 2025 | until Dec 2027 |
| 26.0.0.3 | Mar 2026 | until Mar 2028 |
We use Hackerone to manage vulnerability disclosure. To disclose a vulnerability in Open Liberty please use https://hackerone.com/ibm to enter the details. It will be routed to the Open Liberty project so a fix can be provided prior to public disclosure.
The policy on the https://hackerone.com/ibm describes the policy guidelines for IBM products. Open Liberty is an IBM open source project so some of the guidelines do not apply. Specifically the first and third bullets can be ignored since they only apply to IBM products.