Support Policy

Maintenance and Security Policy

Supported Versions

The following versions are supported with security updates

Version	Release date	End of Standard Support	End of Life
5.X	2023-03	2025-03	2026-03
4.X	2021-03	2023-03	2024-03
3.7.X	2022-04	2022-09	2023-09

Note: After End of Standard Support a release will only get security patches.

Dependencies support

RODA	Java	Apache Tomcat	Apache Solr	E-ARK IP
5.X	Java 17 (LTS)	Apache Tomcat 9	Apache Solr 9.X	E-ARK IP 2.X-S1
4.X	Java 8 (LTS)	Apache Tomcat 8.5	Apache Solr 8.X2	E-ARK IP 2.X3
3.7.X	Java 8 (LTS)	Apache Tomcat 8.5	Apache Solr 7.7.3 (EOL)	E-ARK IP 1.X

Reporting a Vulnerability

To report on a vulnerability, please use the github forms for vulnerability reporting:

https://github.com/keeps/roda/security/advisories/new

After our security team assesses the reported vulnerability, you’ll be informed if it was accepted and how long it would take for a security fix.

1. RODA 5 added support for URLs instead of files in E-ARK IP (S from Shallow). ↩

2. RODA 4.4 upgraded from Solr 7 to 8 ↩

3. RODA 4.2 introduced E-ARK IP 2.X ↩