- The user reports the vulnerability privately to email@example.com or through the Support Portal. The initial response time will be is less than 24 hours.
- The relavant team at WSO2 fix fixes the vulnerability and QA verifies the solution.
- The fix will be is distributed:
- If the issue is of a product, distribute the patches to the subscription customers first. Then disclose it publicly after 4 weeks.
- If the issue is of a service, apply the fix to the deployment.
- If the issue is of an open source project, apply the fix to the master branch, and release a new version of the distribution if required.
- Reported user will be is kept updated on the progress of the process.