Bug fix policy

Actonic Products makes it a priority to ensure that customers' systems cannot be compromised by exploiting vulnerabilities in Actonic Products apps for various Atlassian products. 

Use the Service Desk portal https://actonic.atlassian.net/servicedesk/customer/portal/8 to submit a bug report.

Scope

The following describes how and when we resolve security bugs in our apps and applies only to applications for various Atlassian products. It does not describe the complete disclosure or advisory process that we follow or any other processes for non-Atlassian related products.

Security bug fix Service Level Agreement (SLA)

We have defined the following timeframes for fixing security issues in our products:

  • Critical severity bugs will be fixed in an app within 4 weeks of being reported

  • High severity bugs will be fixed in an app within 6 weeks of being reported

  • Medium severity bugs will be fixed in an app within 8 weeks of being reported

Critical Vulnerabilities

When a Critical security vulnerability is discovered by Actonic Products or reported by a third party, Actonic Products will do all of the following:

  • Issue a new, fixed release for the current version of the affected product as soon as possible.

  • Remove the affected release from the marketplace listing to avoid any future usage.

APP
SECURITY UPDATE POLICY
APP
SECURITY UPDATE POLICY

All the officially supported apps for Server and Data Center products:

https://marketplace.atlassian.com/apps/1219041/gdpr-dsgvo-and-security-for-confluence

https://marketplace.atlassian.com/apps/1218962/gdpr-dsgvo-and-security-for-jira

https://marketplace.atlassian.com/apps/1216891/power-jql-extended-search-functions

https://marketplace.atlassian.com/apps/1217271/inline-table-editing

https://marketplace.atlassian.com/apps/1217328/show-inline-comments-in-editor

https://marketplace.atlassian.com/apps/1218874/who-is-online-for-jira

https://marketplace.atlassian.com/apps/1219918/fast-user-switcher-fus-for-confluence

https://marketplace.atlassian.com/apps/1220356/fast-user-switcher-fus-for-jira

https://marketplace.atlassian.com/apps/1227537/timesheet-builder-time-tracking-and-worklog-analysis

https://marketplace.atlassian.com/apps/1216997/report-builder-jira-reports-and-data-analysis?hosting=cloud&tab=overview

We will only issue new bug fix releases for the current release version.

Customers should update the app from the marketplace when a bug fix release becomes available to ensure that the latest fixes have been applied.

All the officially supported apps for Cloud products:

https://marketplace.atlassian.com/apps/1218962/gdpr-dsgvo-and-security-for-jira

https://marketplace.atlassian.com/apps/1219041/gdpr-dsgvo-and-security-for-confluence

https://marketplace.atlassian.com/apps/1227537/timesheet-builder-time-tracking-and-worklog-analysis

https://marketplace.atlassian.com/apps/1217271/inline-table-editing

https://marketplace.atlassian.com/apps/1218874/who-is-online-for-jira

https://marketplace.atlassian.com/apps/1216997/report-builder-jira-reports-and-data-analysis?hosting=cloud&tab=overview

The critical vulnerabilities resolution process does not apply to our Cloud products as these services are always fixed by Actonic Products without any additional action from customers.

Non-critical vulnerabilities

When a security issue of a High, Medium or Low severity is discovered, Actonic Products will include a fix in one of the next scheduled releases.