Is there published anywhere which versions are considered not supported and/or not secured?
Company’s I am working with is using Big-IP Edge Client Windows 7104.2017.317.1402, which to me appears to be out of date and has known CVEs.
But I am struggling to find any official list and state of client releases?
Actually, there is no an EoS Edge Client version itself.
Prior to v13.1.0, Edge client was bonded to the APM firmware version.
Starting with v13.1, it is possible to upgrade the edge client version independently. Anyway, all releases are supported as far as they work under one supported APM release.
F5 support policy states this:
"Starting with BIG-IP APM 13.1.0, BIG-IP Edge Client is available as a standalone package that can be installed on BIG-IP APM running 13.1.0 or later. BIG-IP Edge Client versions are not statically tied to a specific BIG-IP version. As F5 releases new client versions, you can install them to an existing BIG-IP system.
For these client versions, F5 Support offers assistance for customers with a valid support contract and a currently supported BIG-IP APM version. F5 provides software fixes in the current latest major released version and one version prior."
REF - https://support.f5.com/csp/article/K22258530
Regarding the CVE, the best way to handle this is to check the release notes of the new edge client versions to verify what vulnerabilities are fixed.
REF - https://techdocs.f5.com/kb/en-us/bigip-edge-apps.html
REF - https://support.f5.com/csp/article/K13757