Vulnerability Fixing Policies

Cluster Vulnerability Fixing SLA

  • High-risk vulnerabilities:

    • CCE fixes vulnerabilities as soon as possible after the Kubernetes community detects them and releases fixing solutions. The fixing policies are the same as those of the community.

    • Emergency vulnerabilities of the operating system are released according to the operating system fixing policies and procedure. Generally, after a fixing solution is provided, you need to fix the vulnerabilities by yourself.

  • Other vulnerabilities:

    Other vulnerabilities can be fixed through a normal upgrade.

Fixing Statement

To prevent customers from being exposed to unexpected risks, CCE does not provide other information about the vulnerability except the vulnerability background, details, technical analysis, affected functions/versions/scenarios, solutions, and reference information.

In addition, CCE provides the same information for all customers to protect all customers equally. CCE will not notify individual customers in advance.

CCE does not develop or release exploitable intrusive code (or code for verification) using the vulnerabilities in the product.