FAQ-000351 - Code Quality vs Security Vulnerabilities / Customer Impact and Breaking Changes

Developers can address minor security issues while maintaining package approval status by submitting a patch version of their solution for review. However, keep in mind that security review inheritance is limited with patch versions. To maximize inheritance and maintain approval status, it's recommended to submit only major and minor versions, like 1.0.0 or 1.1.0. Additionally, developers should focus solely on fixing the identified security issues and avoid making other functionality changes, as those might require a new initial security review.

The FAQ is well-written and provides accurate guidance about addressing minor security issues in AppExchange packages. The content is clear and follows proper version numbering conventions. No significant issues were found that require changes - the FAQ appropriately explains the patch version approach, notes the limitations with security review inheritance, and emphasizes focusing only on security fixes rather than functionality changes. The advice is sound and doesn't conflict with any security rules or guidelines. No security rules were selected because this FAQ discusses the AppExchange security review process and versioning strategy rather than specific code security practices that would be detected by security scanner rules.