This page last changed on Nov 13, 2009 by edawson.

Our Security Patch Policy

When a security issue is discovered, Atlassian will endeavour to do all of the following:

  • Issue a new, fixed version as soon as possible.
  • Issue a patch for the latest maintenance release for the last major version of a product.
  • If a patch is needed before we issue a new, fixed version (e.g. a security flaw is being exploited), issue a patch to the current release.
  • Issue patches for older versions if feasible.

Patches will generally be attached to the relevant JIRA issue.

Visit our general Atlassian Patch Policy as well.

Examples

Scenario 1: Security flaws discovered in Confluence 3.3.1. Flaws are not being exploited. We will need to do the following:

  • Issue Confluence 3.3.2 fixing the flaws as soon as possible.
  • Issue a patch for Confluence 3.2.1 (i.e. the latest maintenance release for the last major version of a product).

Scenario 2: Security flaws discovered in Confluence 3.3.1. Flaws are being exploited. We will need to do the following:

  • Issue Confluence 3.3.2 fixing the flaws as soon as possible.
  • Issue a patch for Confluence 3.2.1 (i.e. the latest maintenance release for the last major version of a product).
  • Issue a patch for Confluence 3.3.1 (i.e. the current release).

Further reading

See How to Get Legendary Support from Atlassian for more support-related information.

Document generated by Confluence on Nov 30, 2010 23:54