Compose Database Version Lifecycle
About maintenance, updates, and deprecations of Compose database versions
About this document
Compose has procedures and processes for maintaining, updating, and retiring databases that cover the lifetime of any database. This document explains timelines for security patching and deprecation.
Databases versions with identified vulnerabilities that have the potential to affect the stability and integrity of the Compose platform will be required to upgrade with urgency. At the discovery of an identified vulnerability by Compose, the team will classify the vulnerability as Critical, High, Medium, or Low. Account owners of databases running on Compose with identified Critical or High security vulnerabilities will be notified via account owner email of the deployment with the vulnerability and the classification of these vulnerabilities.
Deployments running versions with Critical vulnerabilities: Compose will provide a 4 day grace period for the account owner to upgrade the deployment to the next stable version. After which, Compose will automatically upgrade the database.
Deployments running versions with High vulnerabilities: Compose will provide a 30 day grace period for the account owner to upgrade the deployment to the next stable version. After which, Compose will automatically upgrade the database.
Deployments running versions with Medium vulnerabilities: Compose will provide a 90 day grace period for the account owner to upgrade the deployment to the next stable version. After which, Compose will automatically upgrade the database.
Deployments running versions with Low vulnerabilities: Compose will provide a 180 day grace period for the account owner to upgrade the deployment to the next stable version. After which, Compose will automatically upgrade the database.
Database versions with identified Critical or High security vulnerabilities will be immediately removed from any provisioning abilities. Any backups which attempt a restore into a version with a security vulnerability will immediately upgrade to the latest version.
Each database has major and minor versions. Compose tags the most up-to-date and stable versions available as preferred. A preferred version is the default when you provision a new deployment unless another available version is specified.
Compose set out to have all users running the most current minor version of any major version. To this end, minor version upgrades are automated.
When a minor version of a database is released on Compose, there is a 7-day window where the newest version is available, but is not yet the preferred version. Databases on previous minor versions have up to 7 days to upgrade before a new minor version is auto-upgraded.
After 7 days, the new minor version will be marked “preferred”. Once a new minor version is available, users can no longer provision previous minor versions.
From their introduction on Compose, we set out to support any major version of a database for at least 3 years.
When a database version is deprecated or marked end of life by the open source project owners, the version will no longer be supported on Compose.
There will be a six-month transition window for the deprecation of major versions.
At the beginning of the period, we seek to contact users affected by the deprecation. During the six month transition window, users are able to initiate an upgrade to a supported major version. Existing deployments will continue to run as normal.
Backups of deprecated versions
Restoration of existing databases into new deployments of the deprecated major version is available during the six month deprecation, although we recommend upgrading to a non-deprecated major version as soon as possible.
At the end of the transition window, deprecated major versions cannot be deployed on Compose. We will reduce the connections to the database to 0 and take a final backup. Access to databases that are running a deprecated version is removed. The backup is available to be restored into a new supported database version.
Updated almost 3 years ago