Reporting a Vulnerability

Log an OpenLink support case to report a possible vulnerability in Virtuoso detailing the nature of the vulnerability, even if you are uncertain whether the issue in question is an exploitable vulnerability.

Please add as much detail as possible in your report, including:

• version information from the binary using virtuoso-iodbc-t -?
• where you downloaded this binary from
• short description (or script) to demonstrate the issue

You should receive an acknowledgement within a business day, which may include requests for additional details.

Followups, including notification of a relevant patch, will be sent as appropriate.

Supported Versions

Virtuoso Commercial Edition follows a managed release and support lifecycle for production environments.

• Production deployments use certified General Availability (GA) releases, with regular maintenance and security updates for supported versions.
• New features and bug fixes are delivered in scheduled minor and patch releases after full QA and regression testing; engineering work is promoted to GA only when it meets enterprise-readiness criteria.
• At defined intervals, we conclude a development cycle and publish a new GA release. Customers receive release notes, upgrade guidance, and SLA-backed assistance via the customer support portal.

For specific version lifecycles and support windows, please refer to your support agreement or contact our sales / support team.