Actonic Products makes it a priority to ensure that customers' systems cannot be compromised by exploiting vulnerabilities in Actonic Products apps for various Atlassian products. 

Use the Service Desk portal https://actonic.atlassian.net/servicedesk/customer/portal/8 to submit a bug report.

Scope

The following describes how and when we resolve security bugs in our apps and applies only to applications for various Atlassian products. It does not describe the complete disclosure or advisory process that we follow or any other processes for non-Atlassian related products.

Security bug fix Service Level Agreement (SLA)

We have defined the following timeframes for fixing security issues in our products:

• Critical severity bugs will be fixed in an app within 4 weeks of being reported

• High severity bugs will be fixed in an app within 6 weeks of being reported

• Medium severity bugs will be fixed in an app within 8 weeks of being reported

Critical Vulnerabilities

When a Critical security vulnerability is discovered by Actonic Products or reported by a third party, Actonic Products will do all of the following:

• Issue a new, fixed release for the current version of the affected product as soon as possible.

• Remove the affected release from the marketplace listing to avoid any future usage.

Non-critical vulnerabilities

When a security issue of a High, Medium or Low severity is discovered, Actonic Products will include a fix in one of the next scheduled releases.