# Upgrades and Patch Management ### Upgrades and Patch Management CertiNext follows a structured and predictable approach to **upgrades and patch management**, balancing platform stability with the need to evolve functionality and security over time. The upgrade model differs between **cloud-hosted deployments** and **on-premises deployments**, reflecting the shared-responsibility nature of each model. *** #### Upgrade Scope and Version Policy Across all deployment models, CertiNext follows these general principles: * **Minor version upgrades** (feature enhancements, improvements, and non-breaking changes) are covered as part of standard upgrades during the lifecycle of the product, unless contractually agreed otherwise. * **Major version upgrades** (architecture changes, breaking changes, or significant platform shifts) are not automatically included and are handled separately. * **Upgrade and patch support is typically provided up to the immediately previous major version** of the product. Versions older than this may require an upgrade before patches can be applied. * All upgrades follow backward-compatibility guidelines where feasible, especially for APIs and automation workflows. This approach ensures platform stability while allowing customers to plan upgrades in a controlled manner. *** #### Security Patches and Commercial Considerations (On-Prem) Security is a continuously evolving domain, and the security posture at the time of deployment may differ significantly over time due to: * Newly discovered vulnerabilities * Changes in threat models * Evolving regulatory and compliance requirements For **on-premises deployments**: * Security-related patches are typically **covered functionally**, but may involve **additional commercials**, depending on scope and effort. * This reflects the ongoing nature of security hardening and the variability of customer environments. * Any commercial impact is discussed transparently before patch delivery. This ensures customers receive appropriate security remediation without compromising long-term sustainability. *** #### Cloud-Hosted Deployments (SaaS) For **cloud-hosted CertiNext deployments**, upgrades and patches are **fully managed by the CertiNext operations team**. Key characteristics: * Regular application, OS, and database patching * Continuous monitoring and proactive remediation * Use of a **sandbox environment** to validate: * Application upgrades * Security patches * OS and database updates * Only after successful validation are changes promoted to **production environments** This approach minimizes operational risk and ensures platform stability while maintaining strong security posture. *** #### On-Premises Deployments For **on-premises deployments**, upgrade and patch activities are guided by the **customer’s patching and maintenance schedule**. In this model: * CertiNext provides the upgrade or patch artifacts and guidance * Deployment timing is coordinated with customer IT and operations teams * Customers retain control over: * Maintenance windows * Change management approvals * Environment-specific testing This aligns CertiNext operations with enterprise IT governance and change control processes. *** #### Planned Downtime and Communication For both deployment models: * Planned upgrades or patches that require downtime are communicated in advance * Maintenance windows are scheduled to minimize operational impact * Clear rollback procedures are defined where applicable *** #### Summary CertiNext’s upgrade and patch management approach is designed to be **predictable, transparent, and aligned with enterprise operational realities**: * Minor upgrades are included as part of standard lifecycle support * Security patches for on-prem may involve additional commercials due to evolving security requirements * Support is generally limited to the current and immediately previous major versions * Cloud deployments benefit from fully managed, tested, and regularly applied upgrades * On-prem deployments follow customer-defined patching schedules This model ensures CertiNext remains secure, stable, and evolvable while respecting customer control and contractual boundaries. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.certinext.io/documentation/deployment-and-operations/upgrades-and-patch-management.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.