Thru Software Release Management

Software Updates and Maintenance

Continuous Integration and Continuous Deployment (CI/CD)

Thru utilizes a continuous integration and continuous deployment (CI/CD) software development lifecycle process. Most incremental updates and quick fixes do not require downtime of file transfer APIs (Application Programming Interfaces) and protocols connecting to Thru during the maintenance window.

Thru can update components independently and by using a drain mode to allow in-progress transfers to complete before that component is updated. All components are at least in parallel, so the service never needs to be down or completely halted.

Release Cadence

Software Releases NOT Requiring Downtime

Software releases not requiring downtime are deployed regularly during scheduled maintenance windows. Notifications are provided via:

• Thru's status page (http://status.thruinc.com )

• Emails to administrators at 1 hour before, at start, and end of maintenance

Maintenance durations depend on:

• Scope of updates

• Impact on integrating file transfer APIs and protocols

Software Releases Requiring Downtime

For any scheduled software release that requires downtime, Thru's Customer Success Team will provide tenants in the affected region(s) with a minimum of two (2) weeks advance notice. During this time, the Customer Success Team will communicate and coordinate details with those tenants to minimize impact.

Emergency Fixes

If emergency maintenance is required, the customer will receive two (2) hours of advance notice.

Thru’s 99.9% Service Level Agreement only applies to unplanned service outages. 

Software Lifecycle Management

Our software lifecycle utilizes GitHub for source control and Octopus Deploy for release management, enabling a controlled, automated process from development through production. Developers submit peer-reviewed pull requests to a protected mainline branch that auto-deploys code through incremental test environments, applying configurations via Octopus abstractions for consistent, reversible releases. User authentication and authorization are handled in secure proxy layers around the core system, with the HAProxy facade leveraging JSON Web Tokens, certificates, API keys, and rate limiting to validate sessions and block unauthorized requests without overburdening inner services, maximizing security and performance through this defense-in-depth approach.