Pulse Secure will apply fixes for product security vulnerabilities to all software releases which have not exceeded the End of Engineering (EOE) or End of Life (EOL) milestones. For more information applicable software release and milestones, please refer to the "Software" section on the EOL policy
- End of Engineering - Pulse Secure will no longer perform any updates, patches, hotfixes, or security patches for the appliance.
- End of Life - Last date to receive contracted service for the product
As of September 2019, the following software releases will continue to receive security vulnerability patches:
- 8.1RX (Only for SA4500 and SA6500FIPS device) until February 2020
- 8.3RX (MAG devices) until December 2021
- 9.0RX (PSA devices) until October 2019
- 9.1RX (PSA devices) until November 2020
All security vulnerabilities are evaluated based on the Common Vulnerability Scoring System (CVSS) Version 3.0 specification. If the CVSS Base score is 3 or higher, the fix will be applied to all software releases that have not exceeded the End of Engineering (EOE) milestone.
For legacy customers (running SA / IC / MAG):
Pulse Secure will continue to provide fixes for product security vulnerabilities until the hardware exceeds the End of Life (EOL) milestone. For more information, please refer to the "Appliance" section of the EOL policy
All aspects of this process are subject to change without notice and on a case-by-case basis.