security: update policy for 5.0 and EOL 4.1

[patrick-stephens]

Update the security details for latest versions to show 4.1 is EOL now and 5.0 with a nominal EOM date.

---

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

• Example configuration file for the change
• Debug log output from testing the change

• Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

• Run local packaging test showing all targets (including any new ones) build.
• Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

• Documentation required for this feature

Backporting

• Backport to latest stable release.

---

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

Summary by CodeRabbit

• Documentation
  • Updated security support information: version 5.0.x is now actively supported with security updates through November 30, 2026. Version 4.1.x and earlier are now end-of-life and no longer receive updates.

[coderabbitai]

📝 Walkthrough

Walkthrough

SECURITY.md updates the Supported Versions matrix to introduce 5.0.x as an Active release with security updates ending November 30, 2026, and transitions 4.1.x from Active to EOL status. The accompanying policy note is adjusted to clarify that 4.1 and earlier receive no further fixes.

Changes

Version Support Policy Update

Layer / File(s)	Summary
Supported versions matrix and EOL policy SECURITY.md	Supported Versions table rows for 5.0.x (Active) and 4.1.x (EOL) with corresponding end-of-security-updates dates, and the accompanying policy note updated to state that 4.1 and earlier versions receive no further fixes.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related PRs

• fluent/fluent-bit#11300: Updates the same SECURITY.md version timeline for 4.1.x and affects the same supported versions matrix.
• fluent/fluent-bit#11339: Modifies SECURITY.md's Supported Versions and EOL status for maintained release lines including 4.1.x and 5.0.x.

Suggested labels

docs-required

Suggested reviewers

• edsiper
• cosmo0920

Poem

A version grows old, another is born,
5.0 steps forward, 4.1 moves on,
The security road stretches far and wide,
Five-oh-oh claims the spotlight with pride,
We note what's been left, and look ahead. 🐰

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the main change: updating security policy to mark version 4.1 as EOL and version 5.0 with an EOM date.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch update_security_policy_5_0

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

SECURITY.md (1)

62-62: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Update the document timestamp to match this policy change.

Line 62 still says “December 18, 2025,” which is now stale for this update and can confuse readers about policy freshness.

Suggested doc fix

-_Last updated: December 18, 2025_
+_Last updated: May 18, 2026_

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@SECURITY.md` at line 62, Update the document's "Last updated" timestamp
string that currently reads "Last updated: December 18, 2025" to the current
update date; locate the exact line containing that string in SECURITY.md and
replace the old date with the new date for this policy change so the header
reflects the latest revision.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@SECURITY.md`:
- Line 62: Update the document's "Last updated" timestamp string that currently
reads "Last updated: December 18, 2025" to the current update date; locate the
exact line containing that string in SECURITY.md and replace the old date with
the new date for this policy change so the header reflects the latest revision.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 92a25288-417e-4014-9daf-c4bf84782885

📥 Commits

Reviewing files that changed from the base of the PR and between 6474297 and c778efc.

📒 Files selected for processing (1)

• SECURITY.md