MariaDB Security Bug Fixing Policy

You are viewing an old version of this article. View the current version here.

The MariaDB developers classify all security bugs according to their threat level. The threat level can be one of:

  • Red: an exploitable vulnerability that causes arbitrary code execution or allows an unauthenticated user to crash the server or get access to the data.
  • Yellow: everything else.

We promise to fix any red security bug immediately, usually within hours, and release fixed (i.e. not vulnerable) MariaDB binaries as soon as possible, usually the next day.

We will fix yellow security bugs as soon as possible, but we will not change our planned release schedule to get the fix out earlier.

Reporting and verifying bugs

The Reporting Bugs page has details on how to report a bug.

The developers are generally happy to help with verifying bugs. If you need help, ask on IRC or on the maria-developers mailing list.

If the bug is repeatable, it is very helpful if you create a test case for the bug for use with mysql-test-run. See Debugging MariaDB with mysql-test-run for more information.

See also

Comments

Comments loading...
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.