Sitefinity Bug Fixing Policy

Updated: 03/01/2024

The Progress Sitefinity team has a structured process to address and fix bugs as they are reported, which is mapped to different Sitefinity support tiers.

In general, we deliver updates and bugfixes for Sitefinity as follows:

  • Major and minor (official) releases include all cumulative fixes implemented since the last official release and are fully regression tested.
  • Bugfix rollup Updates (patches) are generally made to the most recent Active release and include prioritized bugfixes.  The next incremental rollup update includes all bugfixes available in the previous updates for the same Active release.
  • Product Updates may be provided for any Active or Sunset release(s) to address one or more specific problems or changes (e.g. security fixes, partner interface change) or to deliver a set of prioritized bugfixes. Product Updates are cumulative, in that they include all previously released updates for a given version.

Fixes for security vulnerabilities (both discovered internally and reported to us) are released according to the following rules based on CVSS scores:

  • Vulnerabilities with Critical and High CVSS scores are fixed in Product Updates for all affected supported versions.
  • Vulnerabilities with lower CVSS scores are fixed only in bugfix updates for the latest Active release and LTS releases, at Progress discretion.

The schedule of supported Sitefinity versions is available in our Sitefinity Lifecycle Policy document.

For more information on Sitefinity security practices, please refer to the Sitefinity Platform Security page and download our Sitefinity Security whitepaper.

Continuous Maintenance Effort

The Sitefinity group has a fixed percentage of development resources allocated to bugfixing and other maintenance tasks. Reported bugs are triaged and prioritized on a weekly basis by various criteria such as bug severity, customer impact, complexity, regression risk, and others, and assigned to the development group on maintenance duty. The bugs of relatively low complexity and regression risk are fixed and released in bugfix rollup patches, others are scheduled for major/minor releases.

Bugfix Rollup Updates

Bugfix rollup updates include cumulative fixes for the latest Active release and are typically released up to two times per month. They are available to all customers with current Maintenance and Support contracts. These updates do not include, as a rule, breaking API changes, database changes, or bug fixes with regression risk. Release notes for each patch detailing specific incremental fixes in the patch are posted upon release on our community forums, where you can subscribe to get release notifications.

The bugfix rollup updates are automatically applied to a newly created branch in the Sitefinity Cloud environment. Self-hosting/on-premise customers should apply the bugfix rollup updates at their discretion.

Defect Escalation and Backport Requests

Customers with defect escalation privileges are afforded a priority bug fix option, or escalation. They can get their Severity 1 issues prioritized ahead of the general bugfix queue to be addressed in the next immediate update for the most recent Active version. 

We port all bugfixes to the latest version. If a reported issue exists on the latest Active version, the fix will be included in the latest update for that version as well.

Customers with specific customer success packages are able to request a bugfix backport to an earlier Active release. Please refer to the Sitefinity Lifecycle Policy for details

Testing and Validation for Product Updates

Every bug fix passes rigorous manual quality assurance and performance tests applicable for the fix. Then, the cumulative product update has to pass our fully automated test suite that includes thousands of functional, integration, unit and performance tests. However, these builds do not go through our full manual regression testing cycle that we do before each major or minor product release.

Supported Update Paths

All product update releases are qualified for production use. The following update paths are fully supported:

  • from an older official release to a product update for the same major/minor release
  • from one update level to a later update level for the same major/minor release but not crossing a minor release
  • from an update to the immediately following official release (support will recommend the best option)


The information provided on this and related page(s) is intended to outline Progress’ general Sitefinity support and update practices. It is intended for informational purposes only and should not be relied upon when making any purchasing decisions. Please see the Sitefinity End User License Agreement for specific terms and conditions governing the use of Sitefinity and receipt of support and updates.