Livepatch has a new 13-month sliding support window – What does it mean for you?
The Livepatch tool is a valuable solution for resolving critical and high-security kernel CVEs without requiring an immediate system reboot. However, it is not a substitute for regular maintenance windows and reboots, as some CVEs still require a system reboot. Additionally, Livepatch only covers security-related kernel updates, not non-security bug fixes, lower-priority security fixes, or performance improvements. Canonical has introduced a sliding support window of 13 months for each GA kernel version revision of all its Ubuntu LTS releases to ensure adherence to industry best practices. If a customer has not rebooted their system within 13 months, they will need to install the latest kernel update and reboot to receive further livepatches. Canonical still supports LTS releases for 5 years as part of their LTS commitments and 10 years for Ubuntu Pro subscribers. Customers have the option to upgrade to the latest available HWE kernel if they choose to reboot, regardless of the kernel they use. Canonical addresses kernel vulnerabilities through Stable Release Updates released every few weeks, allowing customers to either livepatch or update their kernel every few weeks. The 13-month sliding support window allows customers to continue using the same kernel revision for up to 13 months while benefiting from Livepatch, and not rebooting for more than 13 months will result in no longer receiving livepatches for that particular kernel version revision.