Skip to main content
This page applies to self-hosted control planes. If you’re on Truefoundry’s managed SaaS, your control plane is automatically upgraded and maintained by the Truefoundry team—you don’t need to take any action.
Truefoundry ships 2–3 releases per week across AI Deploy, AI Gateway, Agent Registry, and MCP Gateway. You don’t need to track every release. Our release model gives you two clearly defined paths, both fully supported—the right one depends on how your team operates.
Every release is published to the Changelog—the single source of truth for what shipped, when, upgrade instructions, breaking changes, and required values.yaml updates. Track releases there or subscribe via your Customer Support Manager for direct notifications.

Release tracks

Stable

One designated release per quarter, maintained for 6 months. P0/P1 bugs and Critical/High CVEs are addressed via on-demand patches against your current Stable version.Choose Stable if you have change management, audit, compliance, or version-stability requirements.

Rolling

Upgrade monthly and stay within 3 months of the latest release. Fixes and new features arrive with every release—no separate patch requests needed.Choose Rolling if you have a staging environment and want new capabilities quickly.
RollingStable
Cadence2–3 releases per week. Upgrade monthly; stay within 3 months of latest.One designated release per quarter, maintained for 6 months.
Bug fixesShip naturally in the next release.Flag a P0/P1 to your Customer Support Manager. We ship an on-demand patch against your current Stable version.
Security fixesShip in regular releases. Staying current keeps you covered.Flag a CVE to your Customer Support Manager. We patch your Stable version within the SLA window.
Security SLA10 days · Critical (CVSS 9.0+)
30 days · High (CVSS 7.0–8.9)		10 days · Critical (CVSS 9.0+)
30 days · High (CVSS 7.0–8.9)
Triggered when you notify us. We don’t proactively monitor older versions.
Patch contentsAll features, fixes, and improvements bundled in each release.Cumulative—each maintenance patch bundles all fixes issued against that Stable version to date.

How upgrades work

You upgrade via your standard Helm / OCI deployment workflow. Release artifacts and notes are published per release, and your Customer Support Manager can support a scheduled upgrade if preferred. Self-hosted releases are usually a week behind our managed SaaS control plane. Each release in our changelog is tagged with a version number and date, and includes the upgrade instructions and any breaking changes or values.yaml updates required.
Release changelog page listing recent Truefoundry releases with version, date, and upgrade notes
The Truefoundry team can join a screen share during your upgrade window. Reach out to your Customer Support Manager to schedule.

Falling off a supported track

If you fall off your track—a Stable customer past 6 months, or a Rolling customer more than 3 months behind latest—you remain on best-effort support. We’ll still help where we can, but security SLAs and on-demand patches no longer apply until you upgrade back onto a supported version.

Compatibility

Compute plane dependencies

The control plane is compatible with older versions of the compute plane unless mentioned in the changelog. We do, however, maintain a recommended version for the different compute-plane components because that’s the most tested configuration. Track the dependencies at releases.truefoundry.com/control-plane-versions. This page lists the versions of ArgoCD, GPU Operator, and other addons that each control-plane version is tested with. Control plane dependencies matrix showing tested versions of ArgoCD, GPU Operator, and other compute-plane addons

Gateway plane dependencies

The control-plane chart has a dependency on the gateway-plane chart. Every control-plane version is compatible with the gateway plane that is part of the control-plane chart. You can find the gateway-plane version in the control-plane Chart.yaml file.
Newer control-plane versions are compatible with older gateway-plane versions unless mentioned in the changelog. However, newer features in the control plane might not be available in older gateway-plane versions.

Security patch SLAs

Truefoundry responds to reported security vulnerabilities based on CVSS severity. SLAs apply to both tracks and are triggered from the time you notify us.
  • 10 days — Critical (CVSS 9.0+)
  • 30 days — High (CVSS 7.0–8.9)
  • Medium and Low severity issues are addressed in regular releases without a separate SLA.
To receive a security fix, report the issue to your Customer Support Manager or through our support channel. We don’t proactively monitor older versions. For more on our broader security posture, see Security and Compliance.

Versioning

Truefoundry follows semantic versioning.
  • Major — incremented only on breaking changes. We provide advance notice and a migration path before any major version bump.
  • Minor — incremented with each release. Minor releases are backwards-compatible.
  • Patch — hotfix releases within a minor version, used for Stable maintenance patches.
Stable releases are labelled in the changelog. All other releases are standard rolling releases. For the current Stable version and the next designated Stable cut date, see the changelog or ask your Customer Support Manager.

Deprecation policy

When a feature is scheduled for removal, we provide 90 days of advance notice via the changelog and direct communication to affected customers. Deprecations are not introduced within a Stable maintenance window.

Notifications

Release notes are published to the changelog for every release. Stable cuts, security advisories, and deprecations are additionally communicated to customers via email.