Overview
The Gateway Release and Support Policy defines OpsRamp’s approach to release updates, operating system security maintenance, and lifecycle support for Gateway appliances. Its objective is to ensure a stable, secure, and high-performing environment through structured release cycles and proactive patch management.
This document outlines the release policy for OpsRamp Gateway installation images, explains how major, minor, and patch versions are distributed and maintained, and clarifies the handling of zero-day and critical OS-level vulnerabilities in relation to release timelines.
Release Cycle
OpsRamp regularly delivers Gateway firmware and application updates to address critical vulnerabilities, improve stability, and introduce new functionality.
Releases are categorized into three main types: Major, Minor, and Critical Patches.
| Release Type | Scope | Frequency | Includes OS Patches | Notification |
|---|---|---|---|---|
| Major Releases | Comprehensive updates that include OS patches, security updates, major new features, and system enhancements. These releases ensure compatibility with the latest technologies and long-term stability. | Every 6 months | Yes | 1 week before via CSTM |
| Minor Releases | Regular updates focused on application-level improvements, bug fixes, and incremental feature enhancements. | Every 2 months | No | 1 week before via CSTM |
| Critical Patches | Urgent patches addressing zero-day/critical vulnerabilities. Released as soon as validated through QA. | As needed | Yes | Post-release via CSTM |
Release Distribution and Upgrade Paths
OpsRamp Gateways are available in multiple deployment formats, including ISO, OVA, GCP, AWS, and Azure images.
Refer to the Gateway Support Matrix document for detailed platform availability and compatibility information.
Upgrades can be performed directly from the OpsRamp UI.
- Supported Upgrade Paths: Direct upgrades are supported from N-1 or N-2 versions to the latest (N).
- Outdated Versions: Gateways running versions older than N-2 must perform a Gateway Appliance Upgrade to regain compatibility and support.
- Firmware Lifecycle: When the underlying operating system (OS) reaches its end-of-life (EOL), OpsRamp releases a new Gateway version with updated firmware and the latest long-term support (LTS) OS. Customers must perform a Gateway Appliance Upgrade to transition to the new base OS.
Example: The current Gateway runs on Ubuntu 22.04 LTS, which reaches EOL in April 2027. A new Gateway version will be released before that date to maintain compliance and security.
Gateway Installation Image Availability
Major Releases
OpsRamp provides Gateway installation images only for major releases. These include:
- ISO images
- OVA images
- Cloud-supported images (for Classic Gateways only)
Examples of major release versions: 19.0.0, 20.0.0, 21.0.0, etc.
Minor and Patch Releases
- OpsRamp does not publish new installation images for minor or patch releases.
- Gateways running an existing gateway version can be upgraded to a minor or patch version(latest available in Opsramp Cloud) directly from the OpsRamp UI.
Vulnerability Handling Policy
1. Zero‑Day or Critical Vulnerabilities
Identification Timing: Any time
Expected Fix Timeline: A patch will be released as soon as the vendor provides an official patch, workaround, or mitigation guidance.
2. High‑Severity and Lower‑Severity Vulnerabilities
1. Identified and fix from the vendor is available 30 Days Before a Major Release
Expected Fix Timeline: The fix would be included in the upcoming major release.
2. Identified and fix from the vendor is available between the Release Cut‑off Date and the Release Date
Expected Fix Timeline: The fix would be scheduled for the following major release.
3. Identified and fix from the vendor is available at any Other Time
Expected Fix Timeline: The fix would be included in the upcoming major release.
Note
In the case of zero-day or critical OS-level vulnerabilities, OpsRamp may provide manual workaround steps for supported gateway versions when fixes are available. These fixes will also be included in the latest gateway releases.New Gateway Onboarding During Minor/Patch Cycles
When onboarding a new Gateway while the platform is operating under a minor or patch release:
- Download the latest available major version installation image (ISO/OVA/Cloud Images) from the OpsRamp UI.
- Install the Gateway and register it with the OpsRamp platform.
- Once registered, upgrade the Gateway to the required minor or patch version through the OpsRamp UI to obtain the latest enhancements and fixes.
This onboarding flow ensures:
- Customers always begin with a supported major baseline, and
- They smoothly transition to the latest available minor/patch release level without requiring additional installation images.
Versioning and Support Lifecycle
Relative Versioning
OpsRamp supports Gateways for the current major version (N) and the two preceding versions (N-1 and N-2). Versions older than N-2 are not eligible for support, patches, or updates. Here is the sample reference table:
| Relative Version | Description | Example |
|---|---|---|
| N | Current major release (latest) | 20.x.y (e.g., 20.1.0) |
| N-1 | One major release older | 19.x.y (e.g., 19.2.1) |
| N-2 | Two major releases older | 18.x.y (e.g., 18.3.0) |
| Unsupported | Older than N-2 | ≤17.x.y |
Version Numbering Convention
Each Gateway release follows a Major.Minor.Patch structure. For example,
| Component | Purpose | Example (19.2.1) |
|---|---|---|
| Major (N) | Defines release family and support eligibility | 19 |
| Minor | Represents feature enhancements within the major version | 2 |
| Patch | Represents maintenance updates or bug fixes | 1 |
Support Policy
OpsRamp provides technical and upgrade support for Gateways running N, N-1, or N-2 major versions.
- Fully Supported: All minor and patch releases within supported major versions.
- Unsupported: Gateways older than N-2 must be upgraded to receive patches, enhancements, and technical assistance.
- Security and Compliance: Staying within supported versions ensures continued protection from vulnerabilities and alignment with compliance frameworks.
Third-Party Software Policy
OpsRamp Gateways are delivered as hardened appliances with a validated, security-approved software stack. Installing third-party software on these Gateways is not supported and may void security compliance and product support.
Key Risks
- System Instability: Unapproved binaries can conflict with OpsRamp components, leading to crashes or failed upgrades.
- Performance Impact: Additional software consumes CPU, memory, and I/O resources, reducing the Gateway’s monitoring capacity.
- Security Risks: External packages bypass OpsRamp’s hardening and patch control, increasing vulnerability to threats
- Upgrade Failures: Unsupported software can block patch or version upgrades.
OpsRamp Recommendation
- Do not install or modify software directly on Gateways.
- Use supported integrations or external connectors for additional functionality.
Support and Patch Policy Matrix
The following table clarifies support eligibility and patch availability across different Gateway versions:
| Support Category | N (Current) | N-1 | N-2 | N-3 & Older |
|---|---|---|---|---|
| OS & kernel Security Patches (Zero-day & Critical) | Yes | Yes, manual steps involved | Yes, manual steps involved | No |
| Application Security Patches (Zero-day & Critical) | Yes | Yes, manual steps involved | Yes, manual steps involved | No |
| New Application Features or Enhancements | Yes | No | No | No |
| System Enhancements (incl. EOL Package Replacement) | Yes | No | No | No |
| Application Bug Fixes | Yes | No | No | No |
Note: Gateways running on end-of-life (EOL) operating systems are not eligible to receive any of the above listed support. OpsRamp strongly recommends running the latest gateway version on a supported operating system to continue receiving security updates, new feature & system enhancements, bug fixes and support.
Security Assurances
OpsRamp Gateways undergo rigorous hardening and continuous patch management to ensure compliance and operational integrity.
- Bundled Antivirus: ClamAV is included in Classic Gateways for malware protection.
- CIS & Linux Hardening: All Gateways are benchmarked against industry standards.
- OpsRamp-Controlled Patching: Security patches for OS and applications are delivered by OpsRamp under controlled release cycles.
- Audit Logging: Comprehensive audit logging ensures transparency and traceability.
- Regular OS Updates: Critical OS-level security patches are integrated during major releases and delivered as patches for supported versions.