MuleSoft Security Update Policy
|Mule Runtime Engine versions 3.5, 3.6, and 3.7 reached End of Life on or before January 25, 2020. For more information, contact your Customer Success Manager to determine how you can migrate to the latest Mule version.|
Within MuleSoft, a dedicated Security Support Representative is responsible for subscribing to notifications for security vulnerabilities notifications for all third-party libraries included in the Mule ESB distribution. Additionally, MuleSoft regularly and consistently checks for security issues within the Mule ESB software itself.
Whenever MuleSoft detects a security vulnerability in Mule ESB or any of the third-party libraries included therein, we invoke the following process.
Security Support Representative assesses the vulnerability, then calculates its potential as a security risk.
Support Representative creates a ticket to address the vulnerability, prioritizing its solution as critical if warranted.
MuleSoft’s development team addresses critical issues immediately; any less-threatening issues are resolved within a timeframe commensurate with their potential as a security risk.
MuleSoft distributes any critical fixes to Mule ESB as patches, and includes any and all fixes to address security issues in the distribution of the next Mule ESB maintenance release.