MuleSoft Security Update Policy
Within MuleSoft, a dedicated Security Support Representative is responsible for subscribing to notifications for security vulnerabilities notifications for all third-party libraries included in the Mule distribution. Additionally, MuleSoft regularly and consistently checks for security issues within the Mule software itself.
Managing Security Issues
Whenever MuleSoft detects a security vulnerability in Mule or any of the third-party libraries included therein, we invoke the following process.
-
Security Support Representative assesses the vulnerability, then calculates its potential as a security risk.
-
Support Representative creates a ticket to address the vulnerability, prioritizing its solution as critical if warranted.
-
MuleSoft’s development team addresses critical issues immediately; any less-threatening issues are resolved within a timeframe commensurate with their potential as a security risk.
-
MuleSoft distributes any critical fixes to Mule as patches, and includes any and all fixes to address security issues in the distribution of the next Mule maintenance release.
For policies related to security vulnerabilities in Mule 3 and later versions of Mule, see Critical Security Vulnerabilities.