Provider: InfraFastlane
Covered products: Campaign Operations Playbook for Confluence; Content Workflow Templates for Confluence
Effective date: May 1, 2026
Version: 0.2
1. Scope and Purpose
If a confirmed vulnerability affects a covered product, we aim to notify customers in a way that is accurate, concrete, and action-oriented. The notice should help customers understand the affected versions, severity, fix status, and whether they need to do anything.
2. Covered Products
| Product | Current purpose |
|---|---|
| Campaign Operations Playbook for Confluence | Provides structured campaign planning, launch, reporting, and retrospective workflow content inside Confluence. |
| Content Workflow Templates for Confluence | Provides structured content intake, briefing, planning, review, publishing, and performance workflow content inside Confluence. |
3. Information We Aim to Include
| Topic | What we aim to provide |
|---|---|
| Affected product | The covered Marketplace app affected by the vulnerability. |
| Affected versions | The app version or versions affected by the vulnerability. |
| Nature of vulnerability | A short explanation of the issue and its potential impact. |
| Severity | A severity statement, potentially using CVSS-oriented language where appropriate. |
| Source of discovery | How the issue was identified. |
| Investigation | What we reviewed to confirm scope and impact. |
| Remediation | What we changed to fix or mitigate the issue. |
| Real-world impact | Whether there is evidence of exploitation or customer impact. |
| Customer action | What customers need to do, or a clear statement that no action is required. |
4. Communication Principles
- be honest
- be thorough
- use plain language where possible
- separate confirmed facts from open investigation items
- state clearly whether customer action is required
5. Customer-Facing Notification Template
Hello, We are writing to inform you of a security vulnerability that was recently identified in [affected product name]. Affected versions: [List affected version or versions.] What the vulnerability means: [Describe the issue, the likely impact, and the relevant time period.] Severity: [State the severity rating or severity category.] How we found it: [Explain how the vulnerability was identified.] What we investigated: [Summarize the scope review and impact assessment.] What we changed: [Describe the remediation or mitigation that has been applied.] Customer impact: [State whether exploitation or customer impact is known, likely, unlikely, or still under investigation.] What you need to do: [If no action is required, say that directly. If action is required, list the steps clearly.] If you have any questions, please contact:SupportSincerely, InfraFastlane
6. Product Notes for the Current App Portfolio
Campaign Operations Playbook for Confluence
The current version is a cloud-based Forge app with a static Custom UI, no external backend, no external egress, and no Confluence read or write scopes.
Content Workflow Templates for Confluence
The current version follows the same low-permission model. It is intended to let users browse, search, preview, and copy workflow content without automatically creating, editing, deleting, reading, exporting, or analyzing customer Confluence pages.
7. Related Pages