We are currently using CDH 5.16.1 and will to to understand the policy around security patches and vulnerabilities on older CDH versions and if there is EOL roadmap for older versions of cloudera express.
Specifically we are trying to understand if a new security vulnerability is found in older express version will that be addressed or patched for that version or we will need to go to the latest CDH version to secure data.
@adarshv The Patch of Security vulnerabilities depends on few things.
1. The urgency or impact.
2. Fix availability.
3. Subscription and use case based.
If the product is EOL and the vulnerability is fixed in next versions than you will have to upgrade. If there is a Patch (Old) available then you might can apply that.
If you are a customer and you can not upgrade and Patch is only way then you can discuss with Cloudera Support or Sales team to explore the opportunities on that.
Generally the upgrade is most conventional method as this gives some more bug fixes as well as features which will make our experience better.