Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • The user reports the vulnerability privately to or through the Support Portal. The initial response time will be is less than 24 hours.
  • The relavant team at WSO2 fix fixes the vulnerability and QA verifies the solution.
  • The fix will be is distributed:
    • If the issue is of a product, distribute the patches to the subscription customers first. Then disclose it publicly after 4 weeks.
    • If the issue is of a service, apply the fix to the deployment.
    • If the issue is of an open source project, apply the fix to the master branch, and release a new version of the distribution if required.
  • Reported user will be is kept updated on the progress of the process.