Publishing Policy

When a critical severity security vulnerability is discovered and resolved, we will inform customers through the following mechanisms:

• We will post a security advisory on Security Advisories at the same time as releasing a fix for the vulnerability.
• We will send an email copy of all critical security advisories to the technical contacts we have in our database. 

If you want to track non-critical severity security vulnerabilities, you need to monitor the issue trackers for the relevant products on https://jira.xpand-it.com/, for example, https://jira.xpand-it.com/browse/XRAY for Xray for Jira Server and Data Center. Security issues are marked with security labels: security_vulnerability_critical, security_vulnerability_high, security_vulnerability_medium, security_vulnerability_low).

All security issues will be listed in the release notes of the release where they have been fixed, similar to other bugs. 

Advisories

• Security Advisory 2020-04-24 - Xray for Jira Server and Data Center
• Security Advisory - July, 2021
• Security Advisory - March, 2022

List of Know Security Vulnerabilities for Xray