About this document
Compose has procedures and processes for maintaining, updating and retiring databases that cover the lifetime of any database. This document explains what those procedures and processes are and how they apply to databases and their users
Absent existing maintenance window arrangements, Compose designates daily, the hour of 3am to 4am at the local time of the deployment's datacenter as a scheduled maintenance window.
Each database has major and minor versions. Compose deals with changes in each separately.
From their introduction on Compose, we set out to support any major version of a database for at least 3 years. If a database version is deprecated or marked end of life by the open source project owners, we will move to immediately deprecate that version on Compose.
Deprecation of Major Versions
When a major version is deprecated, a six-month transition window is opened for current users of that deprecated version. During the transition window, users will be able to initiate an upgrade to a supported major version. Backups from deprecated versions of a database will be restorable on Compose during the transition period to enable a smooth transition.
Deprecated major versions cannot be deployed as new deployments on Compose.
At the end of the six-month transition window, we will reduce the connections to the database to 0 and take a final backup. This backup will be available to be restored into a new supported database version.
Compose set out to have all users running the most current minor version of any major version. To this end, minor version upgrades will be automated.
When a minor version of a database is made available on Compose, databases on previous minor versions have up to 7 days to upgrade before a new minor version is auto-upgraded. These automatic upgrades will happen during designed 3 am maintenance windows at the location of the datacenter.
Once a new minor version is available, we will no longer provision previous minor versions.
Databases versions with identified vulnerabilities that have the potential to affect the stability and integrity of the Compose platform will be required to upgrade with urgency. At the discovery of an identified vulnerability by Compose, the team will classify the vulnerability as Critical, High, or Low. Account owners of databases running on Compose with identified Critical or High security vulnerabilities will be notified via account owner email of the deployment with the vulnerability and the classification of these vulnerabilities.
Deployments running versions with Critical vulnerabilities: Compose will upgrade the deployment to the next stable version in the first scheduled maintenance window after a patch is available from the open source community.
Deployments running versions with High vulnerabilities: Compose will provide a 7 day grace period for the account owner to upgrade the deployment to the next stable version. After which, Compose will automatically upgrade the database at the next designated maintenance window.
Database versions with identified Critical or high security vulnerabilities will be immediately removed from any provisioning abilities. Any backups which attempt a restore into a version with a security vulnerability will immediately upgrade to the latest version.