DNN realizes that our customers have invested a great deal of time, money, and energy on their DNN implementations, and we are committed to protecting those investments. For this reason, we have established a set of policies regarding upgrades, security, and support horizon. These include:
- Upgrades. DNN believes it is essential to protect our customers’ investments in the work they have done using the DNN Platform and our Evoq solutions. We work hard to ensure not only that upgrades are quick and painless, but also that they don’t break your existing sites, skins, or modules. This is a core value on which we founded the company.
- Security. We make every effort to ensure speedy analysis of reported issues and, where required, provide workarounds and updated application releases to fix them. If you see suspected issues/security scan results please report them by either sending an email to firstname.lastname@example.org. All submitted information is viewed only by members of the DNN Security Task Force, and will not be discussed outside the Task Force without the permission of the person/company who reported the issue. Each confirmed issue is assigned a severity level (critical, moderate, or low) corresponding to its potential impact on the security of DNN installations.
The Security Task Force then issues a security bulletin via DNN security forum posts and, where judged necessary, email. The bulletin provides details about the issue, the DNN versions impacted, and suggested fixes or workarounds. Security bulletins are issued as required.
- Critical means the issue can be exploited by a remote attacker to gain access to DNN data or functionality. All critical issue security bulletins include a recommended workaround or fix that should be applied as soon as possible.
- Moderate means the issue can compromise data or functionality on a portal/website only if some other condition is met (e.g. a particular module or a user within a particular role is required). Moderate issue security bulletins typically include recommended actions to resolve the issue.
- Low means the issue is very difficult to exploit or has a limited potential impact.
- Support Horizon. We actively provide security fixes and select bug fixes for every version of our software until one year after the release of the next major version. For example, support of version 6.x continues until one year after version 7.0 is released. DNN feels that this policy protects customers’ investments in the work they have done while empowering our developers to focus their energies on innovation – benefitting customers old and new. Our obligations to Evoq customers are outlined in the Support Services Addendum to the standard terms and conditions of the DNN Software License and Service Agreement and are valid as long as a customer has an active subscription license.