MuleSoft Security Update Policy
Within MuleSoft, a dedicated Security Support Representative is responsible for subscribing to notifications for security vulnerabilities notifications for all third-party libraries included in the Mule distribution. Additionally, MuleSoft regularly and consistently checks for security issues within the Mule software itself.
Whenever MuleSoft detects a security vulnerability in Mule or any of the third-party libraries included therein, we invoke the following process.
Security Support Representative assesses the vulnerability, then calculates its potential as a security risk.
Support Representative creates a ticket to address the vulnerability, prioritizing its solution as critical if warranted.
MuleSoft’s development team addresses critical issues immediately; any less-threatening issues are resolved within a timeframe commensurate with their potential as a security risk.
MuleSoft distributes any critical fixes to Mule as patches, and includes any and all fixes to address security issues in the distribution of the next Mule maintenance release.