Bug fix policy

Actonic makes it a priority to ensure that customers' systems cannot be compromised by exploiting vulnerabilities in Actonic apps for various Atlassian products. 

Use the Service Desk portal https://actonic.atlassian.net/servicedesk/customer/portal/8 to submit a bug report.

Scope

The following describes how and when we resolve security bugs in our apps and applies only to applications for various Atlassian products. It does not describe the complete disclosure or advisory process that we follow or any other processes for non-Atlassian related products.

Security bug fix Service Level Agreement (SLA)

We have defined the following timeframes for fixing security issues in our products:

  • Critical severity bugs will be fixed in an app within 4 weeks of being reported

  • High severity bugs will be fixed in an app within 6 weeks of being reported

  • Medium severity bugs will be fixed in an app within 8 weeks of being reported

Critical Vulnerabilities

When a Critical security vulnerability is discovered by Actonic or reported by a third party, Actonic will do all of the following:

  • Issue a new, fixed release for the current version of the affected product as soon as possible.

  • Remove the affected release from the marketplace listing to avoid any future usage.

APP
SECURITY UPDATE POLICY
APP
SECURITY UPDATE POLICY

All the officially supported apps for Server and Data Center products:

We will only issue new bug fix releases for the current release version.

Customers should update the app from the marketplace when a bug fix release becomes available to ensure that the latest fixes have been applied.

All the officially supported apps for Cloud products:

The critical vulnerabilities resolution process does not apply to our Cloud products as these services are always fixed by Actonic without any additional action from customers.

Non-critical vulnerabilities

When a security issue of a High, Medium or Low severity is discovered, Actonic will include a fix in one of the next scheduled releases.