Confluence SharePoint Connector 1.3 : Security Patch Policy
This page last changed on Jan 11, 2010 by ggaskell.
Product Security Patch PolicyAtlassian makes it a priority to ensure the customers' systems cannot be compromised by exploiting vulnerabilities in Atlassian products. ScopeThis page describes when and how we release security patches and security upgrades for our products. It does not describe the whole of disclosure process that we follow. It also excludes Studio, since Studio will always be patched by Atlassian without additional notifications. Critical vulnerabilitiesWhen a Critical security vulnerability is discovered by Atlassian or reported by a third party, Atlassian will do all of the following:
Patches will be attached to the relevant JIRA issue. You can use these patches as a "stop-gap" measure until you upgrade your installation in order to fully fix the vulnerability. Non-critical vulnerabilitiesWhen a security issue of a High, Medium or Low severity is discovered, Atlassian will do all of the following:
You should upgrade your installation in order to fix the vulnerability. Other informationSeverity level of vulnerabilities is calculated based on Severity Levels for Security Issues. Visit our general Atlassian Patch Policy as well. ExamplesExample 1: A critical severity vulnerability is found in a (hypothetical current release) JIRA 5.3.2. The last bugfix release in 5.2.x branch was 5.2.3. In this case, a patch will be created for 5.3.2 and 5.2.3. In addition, new bugfix releases, 5.3.3 and 5.2.4, which are free from this vulnerability, will be created in a few days. Example 2: A high or medium severity vulnerability is found in the same release as in the previous example. The fix will be included into the currently scheduled releases 5.3.3 and 5.2.4. Release schedule will not be brought forward and no patches will be issued. If the vulnerability is in a plugin module, then a plugin upgrade package may still be supplied. Further readingSee How to Get Legendary Support from Atlassian for more support-related information. |
![]() |
Document generated by Confluence on Feb 20, 2011 21:50 |