Tencent Cloud Security Center pays close attention to security vulnerabilities. After major security vulnerabilities are officially announced, Tencent Cloud Security Center tracks the vulnerabilities in a timely manner, informs users of the vulnerabilities, and provides solutions to fix them.

Vulnerability Fixing Period for Tencent Cloud Official Images

• Periodic vulnerability fixes: Tencent Cloud fixes the vulnerabilities of official images twice a year.
• Fixes for high-risk vulnerabilities: for high-risk vulnerabilities, Tencent Cloud issues emergency fixes and provides them to customers once they are ready.

Scope of Images Covered by Vulnerability Fixes

Tencent Cloud's image security maintenance principles are consistent with those of official upstream image releases. Tencent Cloud will perform security maintenance on the system versions that are within the official maintenance period.

CentOS

CentOS only updates software and vulnerabilities for the most recent minor versions of the current major versions. Tencent Cloud's maintenance principles are consistent with those of CentOS. Tencent Cloud only performs periodic vulnerability fixing on the most recent minor versions of the current major versions within the official maintenance period, and releases emergency fixes for high-risk vulnerabilities.

The following provides maintenance information on Tencent Cloud's existing CentOS images:

• CentOS 7.6 64-bit (CentOS continues to provide support.)
• CentOS 7.5 64-bit (CentOS continues to provide support.)
• CentOS 7.4 64-bit (CentOS continues to provide support.)
• CentOS 7.3 64-bit (CentOS continues to provide support.)
• CentOS 7.2 64-bit (CentOS continues to provide support.)
• CentOS 7.1 64-bit (CentOS has stopped providing support.)
• CentOS 7.0 64-bit (CentOS has stopped providing support.)
• CentOS 6.9 32-bit/64-bit (CentOS continues to provide support until the next version is released.)
• CentOS 6.8 32-bit/64-bit (CentOS has stopped providing support.)
• CentOS 6.7 32-bit/64-bit (CentOS has stopped providing support.)
• CentOS 6.6 32-bit/64-bit (CentOS has stopped providing support.)
• CentOS 6.5 32-bit/64-bit (CentOS has stopped providing support.)
• CentOS 6.4 32-bit/64-bit (CentOS has stopped providing support.)
• CentOS 6.3 32-bit/64-bit (CentOS has stopped providing support.)
• CentOS 6.2 64-bit (CentOS has stopped providing support.)
• CentOS 5.11 32-bit/64-bit (CentOS has stopped providing support.)
• CentOS 5.8 32-bit/64-bit (CentOS has stopped providing support.)

Ubuntu

Ubuntu provides the long-term software and vulnerability update service for systems of the LTS versions. It provides the 5-year update service for the server version of each LTS system. Tencent Cloud provides the server systems in various LTS versions. To ensure consistency with official Ubuntu releases, Tencent Cloud periodically updates vulnerabilities for images within the maintenance period, and releases emergency fixes for high-risk vulnerabilities.

The following provides maintenance information on Tencent Cloud's existing Ubuntu images:

• Ubuntu 18.04 LTS 64-bit (Ubuntu provides support.)
• Ubuntu 16.04 LTS 64-bit (Ubuntu provides support.)
• Ubuntu 14.04 LTS 32-bit/64-bit (Ubuntu provides support.)
• Ubuntu 12.04 LTS 64-bit (Ubuntu has stopped providing support.)
• Ubuntu 10.04 LTS 32-bit/64-bit (Ubuntu has stopped providing support.)

Debian

Debian officially maintains two branch systems: stable and oldstable, where "stable" indicates the current stable version and "oldstable" indicates the previous stable version. Debian updates software and vulnerabilities for the stable-version system, whereas volunteers and communities provide the Long Term Support (LTS) for the oldstable-version system. Tencent Cloud's maintenance strategy is consistent with that of Debian, and only periodically fixes vulnerabilities for the stable-version systems maintained by Debian.

The following provides maintenance information on Tencent Cloud's existing Debian images:

• Debian 9.0 64-bit (Debian provides support.)
• Debian 8.2 32-bit/64-bit (Debian plans to stop providing support for this version in June 2019.)
• Debian 7.8 32-bit/64-bit (Debian has stopped providing support.)
• Debian 7.4 64-bit (Debian has stopped providing support.)

openSUSE

Based on the lifecycle of the openSUSE system, Tencent Cloud periodically fixes vulnerabilities for the systems officially supported by openSUSE.

The following provides maintenance information on Tencent Cloud's existing openSUSE images:

• openSUSE 42.3 (openSUSE provides support.)
• openSUSE 13.2 (openSUSE has stopped providing support.)
• openSUSE 12.3 32-bit/64-bit (openSUSE has stopped providing support.)

FreeBSD

Since FreeBSD 11.0-RELEASE, FreeBSD has been providing a 5-year maintenance period for the stable version. For versions earlier than 11.0-RELEASE, FreeBSD provides different maintenance periods for different types of versions. Tencent Cloud's maintenance principles are consistent with those of FreeBSD.

The following provides maintenance information on Tencent Cloud's existing FreeBSD images:

• FreeBSD 11.1 64-bit (FreeBSD provides support.)
• FreeBSD 10.1 64-bit (FreeBSD has stopped providing support.)

Commercial systems

Tencent Cloud does not provide the vulnerability update or fixing service for commercial systems.