The Progress Sitefinity team has a structured process to address and fix bugs as they are reported, which is mapped to different Sitefinity support tiers.
In general, we deliver updates and bugfixes for Sitefinity as follows:
Fixes for security vulnerabilities (both discovered internally and reported to us) are released according to the following rules based on CVSS scores:
The schedule of supported Sitefinity versions is available in our Sitefinity Lifecycle Policy document.
For more information on Sitefinity security practices, please refer to the Sitefinity Platform Security page and download our Sitefinity Security whitepaper.
The Sitefinity group has a fixed percentage of development resources allocated to bugfixing and other maintenance tasks. Reported bugs are triaged and prioritized on a weekly basis by various criteria such as bug severity, customer impact, complexity, regression risk, and others, and assigned to the development group on maintenance duty. The bugs of relatively low complexity and regression risk are fixed and released in bugfix rollup patches, others are scheduled for major/minor releases.
Bugfix rollup updates include cumulative fixes for the latest Active release and are typically released up to two times per month. They are available to all customers with current Maintenance and Support contracts. These updates do not include, as a rule, breaking API changes, database changes, or bug fixes with regression risk. Release notes for each patch detailing specific incremental fixes in the patch are posted upon release on our community forums, where you can subscribe to get release notifications.
The bugfix rollup updates are automatically applied to a newly created branch in the Sitefinity Cloud environment. Self-hosting/on-premise customers should apply the bugfix rollup updates at their discretion.
Customers with Sitefinity Enterprise licenses are afforded a priority bug fix option, or escalation. They can get their Severity 1 issues prioritized ahead of the general bugfix queue to be addressed in the next immediate update for their supported version before its Enterprise Support end date.
We port all bugfixes to the latest version. If a reported issue exists on the latest Active version, the fix will be included in the latest update for that version as well.
Every bug fix passes rigorous manual quality assurance and performance tests applicable for the fix. Then, the cumulative product update has to pass our fully automated test suite that includes thousands of functional, integration, unit and performance tests. However, these builds do not go through our full manual regression testing cycle that we do before each major or minor product release.
All product update releases are qualified for production use. The following update paths are fully supported:
The information provided on this and related page(s) is intended to outline Progress’ general Sitefinity support and update practices. It is intended for informational purposes only and should not be relied upon when making any purchasing decisions. Please see the Sitefinity End User License Agreement for specific terms and conditions governing the use of Sitefinity and receipt of support and updates.