Updated on 2022-11-01 GMT+08:00

Vulnerability Fixing Policies

Vulnerability Fixing Time

  • High-risk vulnerabilities

    Distributed Message Service (DMS) for RocketMQ fixes vulnerabilities within one month after the RocketMQ community detects them and releases fixing solutions. The fixing policies are the same as those of the community.

    An emergent OS vulnerability will be released in line with the related policies and process. A fix will be provided in about one month. You can fix the vulnerability on your own.

  • Other vulnerabilities

    Upgrade versions to fix other vulnerabilities.

Fixing Statement

To prevent customers from being exposed to unexpected risks, DMS for RocketMQ does not provide other information about vulnerabilities except the vulnerability background, details, technical analysis, affected functions/versions/scenarios, solutions, and reference information.

In addition, DMS for RocketMQ provides the same information for all customers to protect all customers equally. DMS for RocketMQ will not notify individual customers in advance.

DMS for RocketMQ does not develop or release intrusive code (or code for verification) to exploit vulnerabilities.