Scope
This page describes when and how we release security bug fixes for our products.
Security Bugfix Service Level Agreement (SLA)
We attempt to meet the following time frames for fixing security issues.
- Critical severity bugs should be fixed in the product within 2 weeks of being reported.
- High severity bugs should be fixed in the product within 3 weeks of being reported.
- Medium severity bugs should be fixed in the product within 4 weeks of being reported.
- Low severity bugs should be fixed in the product within 8 weeks of being reported.
Critical vulnerabilities
When a Critical security vulnerability is discovered Lexzur will do all of the following:
- Inform affected clients about this vulnerability & suggest a workaround if possible.
- Issue a new, fixed release for the current version of the affected product as soon as possible.