/
Optimizer life cycle

Optimizer life cycle

Introduction

This guide is intended for technical teams responsible for the deployment, operation, and maintenance of the Uanataca Optimizer solution in production environments. The article provides a detailed approach to release management, covering both major (LTS) and minor release planning, semantic release control, and vulnerability management. The operational plan described will take effect the 1st of April 2026 and will serve as a reference for the technical management and continuous improvement of the Uanataca Optimizer service. Although the controls and vulnerabilities verification is already in place, it is formalized in this article together with the new release planification.

Release plan

Major releases (LTS)

Major releases, also known as LTS (Long Term Support), are key milestones in the evolution of Optimizer. These releases ensure stability and long-term support for production environments and are carefully planned to incorporate relevant improvements and consolidate the most robust functionalities. In this way, a reliable foundation is established for the operation and future development of the service.

Features

  • Include structural improvements and new features previously tested in minor (latest) releases.

  • One LTS is released per year.

  • Each LTS is labeled as ‘stable’ and has a dedicated branch.

  • The maintenance period for each LTS will be 12 months from its publication or until the release of the next LTS releases.

  • During maintenance, security updates (CVE fixes) and bug fixes affecting service availability or stability will be published.

  • Fixes will be released as new images labeled as lts-patch, maintaining the same lifecycle as the original LTS releases.

  • LTS and lts-patch releases do not incorporate new features or configuration changes during their lifecycle.

  • At the end of the maintenance period, the release becomes EOL (End of Life) and stops receiving updates.

Minor releases (latest)

Minor releases, or latest, reflect the continuous and agile evolution of Optimizer, allowing for the frequent incorporation of new features, incremental adjustments, and performance improvements. These releases facilitate rapid adaptation to changing service needs, fostering constant innovation and agile problem resolution, although they do not have the extended support of LTS releases.

Features

  • Include incremental adjustments, new features, bug fixes, and performance improvements.

  • Released according to service needs.

  • Have a release branch identified as latest.

  • The “best effort” principle applies regarding security and support.

  • No support commitment or guaranteed timelines for vulnerability or bug resolution.

Vulnerability Management

LTS releases

Before the publication of each LTS releases, a vulnerability analysis is carried out following OWASP security best practices.

  • Vulnerabilities in dependencies analyzed.

  • Vulnerability monitoring tools for libraries are used during development.

  • The corresponding vulnerability analysis report will be distributed with each LTS releases.

  • During the LTS lifecycle, weekly vulnerability monitoring is maintained to ensure continued security and prevention.

Latest releases

Latest releases will have vulnerability monitoring of libraries during the development and creation phase to ensure they are released without known issues.

Response Times for Vulnerabilities in LTS releases

  • Critical vulnerabilities: resolved in less than 72 hours.

  • High vulnerabilities: resolved in less than 14 days.

  • Medium vulnerabilities: resolved in less than 40 days.

  • Low vulnerabilities: resolved as availability allows.

These response times are subject to the official availability of patches for the vulnerabilities found.

Communication and Availability of releases

All current releases will be available in an online repository.

LTS releases

Each new LTS release will be communicated in a timely manner via email, including the changelog, vulnerability report, and instructions for updating and migration.
If vulnerabilities are detected in an LTS releases, a communication will be sent detailing the vulnerability and, subsequently, another communication with the updated lts-patch releases and corresponding update instructions.

Latest releases

Each new latest release is published in the repository, including the changelog.

Version Management in Production

Version control in production is carried out using a semantic tagging system, following the X.Y.Z structure (https://semver.org/lang/es/).