Sitefinity Bug Fixing Policy

Updated: 01/26/2020

The Progress Sitefinity team has a structured process to address and fix bugs as they are reported, which is mapped to different support tiers that we offer for Sitefinity.

In general, we deliver updates and bugfixes for Sitefinity as follows:

  • Major and minor (official) releases have all cumulative fixes implemented since the last official release and are fully regression tested.
  • Bugfix rollup patches are made to the most recent official release and include prioritized bugfixes for this increment. The next incremental patch includes all bugfixes available in the previous patches for the same official release, including hotfixes. (We previously referred to these as “internal builds;” this name is deprecated).
  • Hotfix Updates (aka Service Packs or Hotfixes) address one or more specific problems or changes (e.g. security fixes, partner interface change) that potentially impact a large number of customers and are typically released for all supported official versions. Hotfixes are released in response to discovery of such problems or changes. Hotfixes are cumulative, in that they include all previous hotfixes for a given version.
  • Custom on-demand patches (available for Enterprise Support Plan customers only) are provided for the current and the immediately previous major release families.

Fixes for security vulnerabilities (both discovered internally and reported to us) are released according to the following rules based on CVSS scores:

  • Vulnerabilities with Critical and High CVSS scores are fixed in Hotfix Updates for all affected supported versions.
  • Vulnerabilities with lower CVSS scores are fixed only in bugfix patches for the latest official release.

The schedule of supported Sitefinity versions is available in our Sitefinity Lifecycle Policy document.

For more information on Sitefinity security practices, please refer to the Sitefinity Platform Security page and download our Sitefinity Security whitepaper.

Continuous Maintenance Effort

The Sitefinity group has a fixed percentage of development resources allocated to bugfixing and other maintenance tasks. Reported bugs are triaged and prioritized on a weekly basis by various criteria such as bug severity, customer impact, complexity, regression risk, and others, and assigned to the development group on maintenance duty. The bugs of relatively low complexity and regression risk are fixed and released in bugfix rollup patches, others are scheduled for major/minor releases.

Bugfix Rollup Patches

Bugfix rollup patches include cumulative fixes for the latest official release and are typically released on a Friday two to four times per month. They are available to all customers with current Updates and Support Program contracts via their Telerik Accounts. These patch releases do not include breaking API changes, database changes, and bug fixes with high regression risk. Release notes for each patch detailing specific incremental fixes in the patch are posted upon release on our community forums, where you can subscribe to get release notifications.

Our goal with these patches is to help customers and partners address important issues for specific use cases without having to wait for the official product update. The patches should be applied at customer’s discretion.

Enterprise Support Plan and 7-Day Bug Fixing

Customers with Sitefinity Enterprise Support Plan licenses are afforded a priority bug fix option. They can get their Severity 1 issues prioritized ahead of the general queue to be addressed in the next immediate patch for their supported version. Enterprise priority bugfixes cover the current and the previous major release families (i.e. given the current version is 11.1, Enterprise patches are provided for official releases 10.x and 11.x - see below in Custom Patches).

Sitefinity Team will attempt to resolve acknowledged Severity 1 product defects within 7 days. Due to some limitations like regression potential and necessary refactoring our service level objective (SLO) is to meet the 7-day target for 80% or more of Severity 1 product defects. Please note that the 7 days bug fixing SLO is provided for information purposes only and is not a legally binding commitment or agreement.

Enterprise Support Plan and Custom Patches

We highly recommend that customers regularly upgrade their Sitefinity version to benefit from the improvements in the software as well as to get access to the latest bugfixes. However, sometimes business considerations prevent customers from upgrading. In such cases, we will attempt to prepare a patch for a specific Enterprise Support Plan customer with a requested bugfix based on the latest publicly released patch for their installed version. If this bug exists on the latest official version, the fix will be included in the next patch for the latest version, too. This service is available to Enterprise Support Plan customers only and covers up to one major version back from the current latest official release (e.g. current release 11.1, versions supported for patching are 10.x and 11.x).

Testing and Validation for Patches and Hotfixes

Every bug fix passes rigorous manual quality assurance and performance tests applicable for the fix. Then, the cumulative patch has to pass our fully automated test suite that includes thousands of functional, integration, unit and performance tests. However, these builds do not go through our full manual regression testing cycle that we do before each major or minor product release.

Supported Update Paths

All patches and hotfixes are qualified for production use. The following update paths are fully supported:

  • from an older official release to a hotfix for the same major / minor release
  • from one patch level to a later patch level for the same major/minor release but not crossing a minor release
  • from a patch to a following official release (support will recommend the best option)


The information provided on this and related page(s) is intended to outline Progress’ general Sitefinity support and update practices. It is intended for informational purposes only and should not be relied upon when making any purchasing decisions. Please see the Sitefinity End User License Agreement for specific terms and conditions governing the use of Sitefinity and receipt of support and updates.