Actonic Products makes it a priority to ensure that customers' systems cannot be compromised by exploiting vulnerabilities in Actonic Products apps for various Atlassian products.
...
When a Critical security vulnerability is discovered by Actonic Products or reported by a third party, Actonic Products will do all of the following:
Issue a new, fixed release for the current version of the affected product as soon as possible.
Remove the affected release from the marketplace listing to avoid any future usage.
APP | SECURITY UPDATE POLICY |
---|---|
All the officially supported apps for Server and Data Center products: |
https://marketplace.atlassian.com/apps/1219041/gdpr-dsgvo-and-security-for-confluence https://marketplace.atlassian.com/apps/1218962/gdpr-dsgvo-and-security-for-jira https://marketplace.atlassian.com/apps/1216891/power-jql-extended-search-functions https://marketplace.atlassian.com/apps/1217271/inline-table-editing https://marketplace.atlassian.com/apps/1217328/show-inline-comments-in-editor https://marketplace.atlassian.com/apps/1218874/who-is-online-for-jira https://marketplace.atlassian.com/apps/1219918/fast-user-switcher-fus-for-confluence https://marketplace.atlassian.com/apps/1220356/fast-user-switcher-fus-for-jira https://marketplace.atlassian.com/apps/1227537/timesheet-builder-time-tracking-and-worklog-analysis | We will only issue new bug fix releases for the current release version. Customers should update the app from the marketplace when a bug fix release becomes available to ensure that the latest fixes have been applied. |
All the officially supported apps for Cloud products: |
https://marketplace.atlassian.com/apps/1218962/gdpr-dsgvo-and-security-for-jira https://marketplace.atlassian.com/apps/1219041/gdpr-dsgvo-and-security-for-confluence https://marketplace.atlassian.com/apps/1227537/timesheet-builder-time-tracking-and-worklog-analysis https://marketplace.atlassian.com/apps/1217271/inline-table-editing https://marketplace.atlassian.com/apps/1218874/who-is-online-for-jira | The critical vulnerabilities resolution process does not apply to our Cloud products as these services are always fixed by Actonic Products without any additional action from customers. |
Non-critical vulnerabilities
When a security issue of a High, Medium or Low severity is discovered, Actonic Products will include a fix in one of the next scheduled releases.