# KodeMed GmbH — Update & Lifecycle Policy **Version**: 1.0 **Effective**: 2026-03-01 **Audience**: IT Administrators, CTOs, DevOps, Sales Managers --- ## 1. Versioning Scheme KodeMed uses a date-based, unified versioning scheme across all components: ``` YYYY.M.D.BUILD ``` | Segment | Meaning | Example | |---------|-------------------------------|-----------| | YYYY | Release year | 2026 | | M | Release month (no leading 0) | 3 | | D | Release day (no leading 0) | 15 | | BUILD | Sequential build number | 78200 | All components (Server, DataServer, GrouperServer, CodingUI, Interface DLL, CodingClient) share the same version number within a release. This guarantees compatibility — matching version numbers are always safe to deploy together. **Example**: `2026.3.15.78200` = built on March 15, 2026, build #78200. --- ## 2. Release Channels | Channel | Purpose | Stability | Support Duration | |-----------|-----------------------------------|-----------------|------------------| | **Stable** | Latest features + fixes | Production-ready | Until next Stable release | | **LTS** | Long-term support, critical fixes only | Maximum stability | 18 months from release | | **Hotfix** | Emergency security/bug patches | Targeted fix | Applied to current Stable + active LTS | - **Stable** receives all new features, improvements, and bug fixes. - **LTS** is cut from Stable once per year and receives only security patches and critical bug fixes. - **Hotfix** releases are issued as needed for critical vulnerabilities or data-loss bugs. --- ## 3. Release Cadence | Release Type | Frequency | Content | |----------------------|-------------------------------|----------------------------------------------| | **Feature Release** | Quarterly (Q1, Q2, Q3, Q4) | New features, catalog updates, improvements | | **Maintenance Release** | Monthly | Bug fixes, performance, minor improvements | | **Hotfix** | As needed (target: < 48h) | Critical security or data-integrity fixes | | **Catalog Update** | Annually (follows BFS/SwissDRG schedule) | ICD-10, CHOP, DRG catalog data | Catalog updates (ICD-10-GM, CHOP, SwissDRG, TARPSY, ST Reha) follow the Swiss Federal Statistical Office (BFS) publication schedule and are included in the corresponding quarterly release. --- ## 4. Update Delivery ### Server Components (Linux) | Method | Details | |----------------|------------------------------------------------------| | **Docker images** | Published to private Harbor registry | | **Image tags** | `stable`, `lts`, `YYYY.M.D.BUILD`, `latest` | | **Trivy scanning** | Every image scanned for CVEs before publication | | **Image signing** | Cosign signatures for supply-chain integrity | ```bash # Pull latest stable docker pull harbor.mieresit.com/kodemed/kodemed-server:stable docker pull harbor.mieresit.com/kodemed/kodemed-dataserver:stable docker pull harbor.mieresit.com/kodemed/kodemed-grouper-server:stable docker pull harbor.mieresit.com/kodemed/kodemed-ui:stable ``` ### Client Components (Windows) | Method | Details | |-------------------|---------------------------------------------------| | **Installer** | Self-contained `.exe` installer (no admin rights) | | **Auto-update** | Planned — checks for updates on startup | | **Manual update** | Download from customer portal, run installer | | **COM DLL** | Bundled with CodingClient installer | --- ## 5. Compatibility Guarantees ### API Backward Compatibility - REST API endpoints maintain backward compatibility within a major version year. - Deprecated endpoints are announced at least **6 months** before removal. - New fields added to API responses are always **additive** (existing fields are never removed or renamed without deprecation notice). ### Data Format Compatibility - SpiGes XML: supports current version (1.5) and one prior version (1.4) with automatic namespace normalization. - BFS `.dat` format: full backward compatibility maintained. - Database migrations are forward-only and included in each release. ### Breaking Change Policy - Breaking changes are only introduced in **annual feature releases** (Q1). - A migration guide is published with every breaking change. - At least **3 months advance notice** is given via release notes and email notification. --- ## 6. Update Process ### Server Update (Docker) ```bash # 1. Pull new images docker compose pull # 2. Restart services (zero-downtime with rolling update) docker compose up -d # 3. Verify health curl -s https://your-server/actuator/health | jq .status ``` Database migrations run automatically on startup. No manual SQL scripts required. ### Server Update (Kubernetes / OpenShift) ```bash # Update image tags in deployment kubectl set image deployment/kodemed-server \ kodemed-server=harbor.mieresit.com/kodemed/kodemed-server:2026.3.15.78200 # Or with Helm (set per-service image tags) helm upgrade kodemed ./charts/kodemed \ --set server.image.tag=2026.3.15.78200 \ --set dataserver.image.tag=2026.3.15.78200 \ --set grouper.image.tag=2026.3.15.78200 \ --set ui.image.tag=2026.3.15.78200 ``` ### Client Update (Windows) 1. Download the new `KodeMed.CodingClient-YYYY.M.D.BUILD.exe` from the customer portal. 2. Close the running CodingClient (system tray → Exit). 3. Run the installer — it overwrites the previous version in place. 4. Restart CodingClient. > **Note**: Auto-update functionality is planned for a future release. Until then, client updates are manual. --- ## 7. Rollback Procedure ### Server Rollback (Docker) ```bash # Roll back to previous version docker compose down # Edit docker-compose.yml to use previous image tag, or: docker pull harbor.mieresit.com/kodemed/kodemed-server:2026.2.13.78139 docker compose up -d ``` ### Database Migration Rollback - Each migration has a corresponding rollback script. - Rollback command: `java -jar kodemed-server.jar --spring.flyway.target=` - **Important**: Always back up the database before upgrading. ### Client Rollback (Windows) - Keep the previous installer `.exe` as a backup. - Uninstall current version, reinstall previous version. --- ## 8. Support Tiers | Feature | Standard | Premium | Enterprise | |----------------------------|------------------|------------------|------------------| | **Stable releases** | Yes | Yes | Yes | | **LTS releases** | — | Yes | Yes | | **Hotfix delivery** | Next business day | Same day | < 4 hours | | **Response time (critical)** | 8 business hours | 4 business hours | 1 hour (24/7) | | **Response time (high)** | 2 business days | 1 business day | 4 business hours | | **Response time (normal)** | 5 business days | 2 business days | 1 business day | | **Dedicated contact** | — | — | Yes | | **On-site support** | — | — | Yes | | **Custom integrations** | — | — | Yes | | **Catalog update support** | Email notification | Assisted update | Managed update | All tiers include: - Access to the customer portal (documentation, downloads, release notes) - Email support (support@kodemed.com) - Security advisory notifications --- ## 9. End-of-Life (EOL) Policy | Phase | Timeline | What Happens | |----------------------|---------------------------------|-----------------------------------------------| | **Active Support** | Current Stable + current LTS | Full bug fixes, features, security patches | | **Security-Only** | Previous Stable (6 months) | Security patches only, no new features | | **EOL Announced** | 12 months before EOL date | Email + portal notification to all customers | | **End of Life** | After EOL date | No further updates, patches, or support | ### LTS Lifecycle - LTS releases receive security and critical bug fixes for **18 months**. - After 18 months, the LTS version reaches End of Life. - Customers are notified **12 months** before LTS EOL to plan migration. ### Migration Assistance - A migration guide is published for every major version transition. - Premium and Enterprise customers receive assisted migration support. --- ## 10. Security Updates ### CVE Response Times | Severity | CVSS Score | Response Target | |------------|------------|--------------------------------------| | **Critical** | 9.0–10.0 | Hotfix within **24 hours** | | **High** | 7.0–8.9 | Hotfix within **72 hours** | | **Medium** | 4.0–6.9 | Included in next maintenance release | | **Low** | 0.1–3.9 | Included in next quarterly release | ### Security Scanning - **Trivy**: All Docker images scanned on every build. Images with Critical CVEs are blocked from publication. - **Dependency scanning**: Maven (Java) and npm (React) dependencies checked weekly. - **OWASP**: OWASP dependency-check integrated into CI pipeline. ### Security Advisory Process 1. Vulnerability discovered or reported. 2. Triage and CVSS scoring within **4 hours**. 3. Fix developed and tested. 4. Hotfix published (for Critical/High) or queued for next release. 5. Security advisory published to customer portal and emailed to all contacts. ### Responsible Disclosure Security vulnerabilities can be reported to **security@kodemed.com**. We follow a 90-day responsible disclosure policy. --- ## Contact | Channel | Address | |------------------|----------------------------| | General inquiries | info@kodemed.com | | Technical support | support@kodemed.com | | Security reports | security@kodemed.com | | Customer portal | https://portal.kodemed.com | | Website | https://www.kodemed.com | --- *KodeMed GmbH · Switzerland* *This document is subject to change. The latest version is always available on the customer portal.*