Vulnerability Fixing Policies

APIG Vulnerability Fixing Time

• SDK vulnerabilities:

  For a vulnerability involved in the SDKs provided by APIG, a fix will be provided in line with the risk level within the fixing time. You can fix the vulnerability on your own.

• Other vulnerabilities:

  Upgrade versions to fix other vulnerabilities.

Fixing Statement

To prevent customers from being exposed to unexpected risks, API Gateway (APIG) does not provide other information about the vulnerability except the vulnerability background, details, technical analysis, affected functions/versions/scenarios, solutions, and reference information.

In addition, APIG provides the same information for all customers to protect all customers equally. APIG will not notify individual customers in advance.

APIG does not develop or release intrusive code (or code for verification) to exploit vulnerabilities.