The Progress Sitefinity team has a structured process to address and fix bugs as they are reported, which is mapped to different support tiers that we offer for Sitefinity.
In general, we deliver updates and bugfixes for Sitefinity as follows:
Fixes for security vulnerabilities (both discovered internally and reported to us) are released according to the following rules based on CVSS scores:
The schedule of supported Sitefinity versions is available in our Sitefinity Lifecycle Policy document.
For more information on Sitefinity security practices, please refer to the Sitefinity Platform Security page and download our Sitefinity Security whitepaper.
The Sitefinity group has a fixed percentage of development resources allocated to bugfixing and other maintenance tasks. Reported bugs are triaged and prioritized on a weekly basis by various criteria such as bug severity, customer impact, complexity, regression risk, and others, and assigned to the development group on maintenance duty. The bugs of relatively low complexity and regression risk are fixed and released in bugfix rollup patches, others are scheduled for major/minor releases.
Bugfix rollup patches include cumulative fixes for the latest official release and are typically released on a Friday two to four times per month. They are available to all customers with current Updates and Support Program contracts via their Telerik Accounts. These patch releases do not include breaking API changes, database changes, and bug fixes with high regression risk. Release notes for each patch detailing specific incremental fixes in the patch are posted upon release on our community forums, where you can subscribe to get release notifications.
Our goal with these patches is to help customers and partners address important issues for specific use cases without having to wait for the official product update. The patches should be applied at customer’s discretion.
Customers with Sitefinity Enterprise Support Plan licenses are afforded a priority bug fix option. They can get their Severity 1 issues prioritized ahead of the general queue to be addressed in the next immediate patch for their supported version. Enterprise priority bugfixes cover the current and the previous major release families (i.e. given the current version is 11.1, Enterprise patches are provided for official releases 10.x and 11.x - see below in Custom Patches).
Sitefinity Team will attempt to resolve acknowledged Severity 1 product defects within 7 days. Due to some limitations like regression potential and necessary refactoring our service level objective (SLO) is to meet the 7-day target for 80% or more of Severity 1 product defects. Please note that the 7 days bug fixing SLO is provided for information purposes only and is not a legally binding commitment or agreement.
We highly recommend that customers regularly upgrade their Sitefinity version to benefit from the improvements in the software as well as to get access to the latest bugfixes. However, sometimes business considerations prevent customers from upgrading. In such cases, we will attempt to prepare a patch for a specific Enterprise Support Plan customer with a requested bugfix based on the latest publicly released patch for their installed version. If this bug exists on the latest official version, the fix will be included in the next patch for the latest version, too. This service is available to Enterprise Support Plan customers only and covers up to one major version back from the current latest official release (e.g. current release 11.1, versions supported for patching are 10.x and 11.x).
All patches and hotfixes are qualified for production use. The following update paths are fully supported: