This Inrupt Product Lifecycle and Maintenance Policy (“Policy”) describes the support lifecycle and release processes for all Inrupt Products.
The following terms have the following meanings when used in this Policy.
“ESS Server" means the Inrupt Enterprise Solid Server.
Inrupt Products follow the Semver versioning scheme, described at https://semver.org/
“Major Release” means a version of an Inrupt product identified by a change in the number to the left of the first decimal point (X.x.x). Major Releases may contain backwards breaking compatibility changes to the product.
“Minor Release” means a version of an Inrupt product identified by a change in the middle number in between the two decimal points (x.X.x). Minor releases preserve full backwards compatibility within a Major Release.
"Patch Release" means a version of the ESS Server identified by a change in the number to the right of the second decimal point (x.x.X). Patch versions preserve full backwards compatibility within a Major Release.
The life-cycle for major and minor versions of Inrupt Software consists of 4 phases, which are outlined below.
During this phase, the software should not be used in production environments and is meant for early access and feedback purposes only. It is possible for future releases to introduce breaking changes.
During this phase, the software is generally available for use. Software releases are supported for a minimum of 1 year.
Inrupt will make a public announcement when software enters the deprecation phase. A release is deprecated once it is older than 6 months and it is no longer the latest major or minor version. No new feature development is done on deprecated major versions of products. We recommend customers upgrade to a fully supported version once the version they are on is deprecated.
Inrupt provides support for all releases until they reach End-of-Life (EOL). A release reaches End-of-Life once it has been deprecated for at least 6 months and is 2 versions behind the latest version.
Inrupt will make a public announcement when software enters the End-of-Life phase. When a major product version reaches EOL, it will no longer receive minor updates or patch releases. When a minor product version reaches EOL, it will no longer receive patch releases. In both cases the Inrupt team will not provide support for it. Use of software which has reached EOL is done at the user’s own risk.
The following is a visual illustration of the major version life-cycle. Please note that the timelines shown below are illustrative and not binding.
All patch releases within a minor release will be supported in the same timeframe as the minor release they correspond to, unless the relevant support policy states otherwise. For security purposes, support for certain patch releases may end before its corresponding minor release reaches EOL. This will only occur after a new patch release which addresses any critical security issues is made available.
The Inrupt Enterprise Solid Server is certified by third party penetration testing annually. The independent certification letter is available from Inrupt upon request.
Inrupt runs continuous scanning for vulnerabilities in its infrastructure and code, with a response policy and procedure published at https://www.inrupt.com/security.
For more details on incident response, vulnerabilities, current list of advisories, and CVE reporting please visit https://www.inrupt.com/security.
All Inrupt products and services undergo a suite of functional and nonfunctional testing, regression testing, and formal security reviews. Inrupt uses standard and customary tooling for testing for safety and security. Details on our policies and processes are available upon request.
The Enterprise Solid Server utilizes an Inrupt ESS License. Details on the license are available upon request.
All Inrupt Developer Tools are licensed under the MIT License.
The Data Wallet is licensed under the Apache License 2.o.
To be notified of any amendments made to this policy, please subscribe to the Inrupt Product Mailing List. All Customers with existing agreements with Inrupt will be notified automatically.
