upbound · tr0njavolta · Jun 15, 2026 · Jun 15, 2026 · Jun 15, 2026
diff --git a/docs/reference/cve-policy.md b/docs/reference/cve-policy.md
@@ -100,8 +100,18 @@ CVEs.
 
 Upbound bundles Kubernetes, UXP, and other infrastructure components within
 Spaces. CVEs in bundled dependencies are evaluated and patched under the same
-SLAs as first-party CVEs. Upbound publishes a software bill of materials (SBOM)
-for each release to support customer vulnerability tracking.
+SLAs as first-party CVEs.
+
+**Spaces Support Lifecycle**
+
+| Minor Version | Current Minor Release Date | Latest Patch Release | Latest Patch Release Date | End of Support (EOL) Date |
+| ------------- | -------------------------- | -------------------- | ------------------------- | ------------------------- |
+| v1.17         | 2026-05-18                 | v1.17.0              | 2026-05-18                | 2027-05-18                |
+| v1.16         | 2026-03-13                 | v1.16.1              | 2026-05-22                | 2027-03-13                |
+| v1.15         | 2025-11-18                 | v1.15.4              | 2026-05-22                | 2026-11-18                |
+| v1.14         | 2025-09-16                 | v1.14.7              | 2026-05-22                | 2026-09-16                |
+| v1.13         | 2025-06-11                 | v1.13.6              | 2026-03-16                | 2026-06-11                |
+
 
 ## How Upbound triages CVEs