Workflow Maintenance

Apply a Security Patch

Urgent workflow for patching a security vulnerability

maintenancesecuritypatching
CLAUDE.md

When applying a security patch:

  1. Assess the vulnerability: what’s the attack vector, severity (CVSS score), and exposure? Is it actively exploited?
  2. Identify affected code or dependencies.
  3. Apply the patch: update the dependency, fix the code, or apply the mitigation.
  4. Write a test that verifies the vulnerability is no longer exploitable.
  5. Run the full test suite to check for regressions.
  6. Deploy to production with urgency proportional to severity. Critical vulnerabilities should deploy same-day.
  7. After patching, review the codebase for similar patterns that might have the same vulnerability.

Copy this workflow into your CLAUDE.md or agent config file so your agent follows this process automatically.

get crystl