Where to find out about the latest software updates, when your server will be updated, and how new releases protect against security vulnerabilities.
Like any modern, cloud-hosted software as a service (SaaS) product, we’re continually updating SurveyCTO. We regularly release updates for a variety of reasons, including adding new features, improving existing features, and addressing potential security vulnerabilities.
Given the way that the modern threat environment is rapidly evolving, addressing potential vulnerabilities requires a pretty constant stream of updates. What we call “maintenance releases” generally include security updates as well as minor improvements in features.
New to SurveyCTO? Sign up for a free trial or request a demo today!
What you need to know about maintenance releases
We roll out maintenance releases to all users automatically, over the course of 2-4 weeks. If you see that a maintenance release is out and you want to install it before we’ve automatically updated your server, you can do so either from the announcement in your server console or from your subscription management page. You can also learn about exactly what’s in every release here in the server release notes:
Other types of releases
Minor releases include small security updates, bug fixes, and minor improvements in features. We generally roll out minor releases automatically.
Major releases include more substantive feature updates. For these releases, we’ll typically update free trial and Community users right away, and allow all other users to update over a 12-week period. To automatically update your server or delay updates, you can set preferences in your subscription management page.
How regular security releases keep your servers safe in the face of vulnerabilities
Finally, in terms of security vulnerabilities, you can rest easy that we’re keeping your SurveyCTO servers — and your data — safe, 24×7. That includes regular maintenance releases but also security releases that reflect our extraordinary efforts to keep your systems safe.
For example, as soon as the news broke on December 9, 2021, about the widely-publicized “Log4Shell” vulnerability, our technical team worked to ensure that all SurveyCTO servers were immediately protected against Log4Shell attacks and no servers were compromised before news broke. We deployed the patched release on December 11, 2021, and then we thoroughly tested a series of permanent software updates before we rolled them out to servers. Within days of the initial news breaking, we observed many likely automated attempts to exploit these vulnerabilities, but we had already patched the vulnerabilities quickly (faster than many other platforms).
In addition to regular maintenance releases, we perform annual SOC 2 audits, robust 24×7 monitoring, and our system architecture is designed to maximally protect systems and data. And on top of all these efforts, you benefit from the added protection of end-to-end encryption above industry standards.
Questions about the latest release? Reach out to our support team in the Support Center.