Nav
You are viewing an older version of this section. Click here to navigate to the latest version.

MuleSoft Security Update Policy

Within MuleSoft, a dedicated Security Support Representative is responsible for subscribing to notifications for security vulnerabilities notifications for all third-party libraries included in the Mule distribution. Additionally, MuleSoft regularly and consistently checks for security issues within the Mule software itself.

Managing Security Issues

Whenever MuleSoft detects a security vulnerability in Mule or any of the third-party libraries included therein, we invoke the following process.

  1. Security Support Representative assesses the vulnerability, then calculates its potential as a security risk. 

  2. Support Representative creates a ticket to address the vulnerability, prioritizing its solution as critical if warranted.

  3. MuleSoft’s development team addresses critical issues immediately; any less-threatening issues are resolved within a timeframe commensurate with their potential as a security risk.

  4. MuleSoft distributes any critical fixes to Mule as patches, and includes any and all fixes to address security issues in the distribution of the next Mule maintenance release.

In this topic: