Last Updated: May 28, 2024

We aim to address security issues within the following timeframes:

• Critical severity bugs (CVSS v2 score >= 8, CVSS v3 score >= 9): Fixed within 4 weeks of being reported.
• High severity bugs (CVSS v2 score >= 6, CVSS v3 score >= 7): Fixed within 6 weeks of being reported.
• Medium severity bugs (CVSS v2 score >= 3, CVSS v3 score >= 4): Fixed within 8 weeks of being reported.

Critical vulnerabilities: When a critical security vulnerability is found by us or reported by a third party, we will release a fixed version of the affected product as soon as possible.

Non-critical vulnerabilities: For high, medium, or low severity security issues, the fix will be included in the next scheduled maintenance release.

To resolve the vulnerability, you should upgrade your installation.

Additional information: We continually evaluate our policies based on customer feedback and will provide updates or changes on this page.