25 lines
896 B
Markdown
25 lines
896 B
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
pg_stat_monitor project follows rolling release strategy. So all security updates go to new versions.
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Please report any vulnerabilities to our project in [Jira](https://perconadev.atlassian.net/jira/software/c/projects/PG/issues).
|
|
|
|
If the vulnerability is accepted and confirmed by our experts, you should normally expect us to deliver
|
|
a version with a fix according to the timelines provided below:
|
|
|
|
For Percona created software (our engineers wrote the code):
|
|
|
|
- Low/Medium: 120 days
|
|
- High: 90 days
|
|
- Critical: ASAP but should not exceed 30 days
|
|
|
|
For Non-Percona created software (upstream provided/packaged) from the time the vendor releases a patch:
|
|
|
|
- Low/Medium: 2nd release from current version
|
|
- High: Next release
|
|
- Critical: Hotfix or no later than next release (our regular release cadence is once every month)
|