Bug Fix/Security Bug Fix Policy
# help-with-umbracol
liamgold
09/19/2024, 8:38 AMA client wants to know the exact timeframes for bugfixes, if a bug fix is logged is there a guaranteed timeframe it would be fixed within?
I can't see anything on the security pages of the website, just that major security bug fixes will be issued as a 5 day notice email to people to prepare for applying the hotfix.
But in this scenario how long would it typically be between logging a major security bug fix, to actually getting it published?
s
Sebastiaan
09/19/2024, 11:30 AMAs soon as possible, we work with the reporter on timelines, depending on the severity of the issue. If you need to know more please email security@umbraco.com for details, and it would help to get some information on the website as well, so make sure to suggest that too.
l
liamgold
09/19/2024, 12:36 PMwell it's a new build website for a client that is not on umbraco yet, and they wanted the official wording on it and I just couldn't find anything on the website
they would are getting an umbraco 13 lts
liamgold
09/19/2024, 12:37 PMThanks for the info
liamgold
09/19/2024, 12:41 PMSounds like the right suggestion is, if it is a high risk bug, then it's fixed asap, but released 5 days later with the notice email that is sent out.
If it's a low risk, it is bundled in with the next patch release for that LTS
s
Sebastiaan
09/19/2024, 1:11 PMThat's right, only critical security fixes get a 5 day heads-up period (so people can reserve time to do patching). The rest just gets fixed and a patch will come out.
Sebastiaan
09/19/2024, 1:12 PMBut if you feel info is missing on the site, do email the security team so they can ammend.
l
liamgold
09/19/2024, 1:15 PMok thanks - I do think it would be useful for something to reference and provide clients