TEST_CODEOWNERS/rails
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Merge pull request #47394 from zzak/security-releases-plus-npm

Browse Source 
Clear up common questions releases
This commit is contained in:
zzak 2023-02-16 10:17:17 +09:00 committed by GitHub
commit fa746dab43
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
guides/source/maintenance_policy.md
View File

@ -49,6 +49,10 @@ theoretical 1.2.2 patch release would be built from the 1-2-stable branch.
In special situations, where someone from the Core Team agrees to support more series,
they are included in the list of supported series.
For unsupported series, bug fixes may coincidentally land in a stable branch,
but won't be released in an official version. It is recommended to point your
application at the stable branch using Git for unsupported versions.
**Currently included series:** `7.1.Z`.
Security Issues
@ -69,6 +73,11 @@ non-security related bugs resulting from a security patch may be published on a
release's x-y-stable branch, and will only be released as a new gem in
accordance with the Bug Fixes policy.
Security releases are cut from the last security release branch/tag. Otherwise
there could be breaking changes in the security release. A security release
should only contain the changes needed to ensure the app is secure so that it's
easier for applications to remain upgraded.
**Currently included series:** `7.1.Z`, `7.0.Z`, `6.1.Z`.
Severe Security Issues
@ -85,6 +94,16 @@ Unsupported Release Series
When a release series is no longer supported, it's your own responsibility to
deal with bugs and security issues. We may provide backports of the fixes and
publish them to git, however there will be no new versions released. If you are
not comfortable maintaining your own versions, you should upgrade to a
supported version.
merge them, however there will be no new versions released. We
recommend to point your application at the stable branch using Git. If you are
not comfortable maintaining your own versions, you should upgrade to a supported
version.
NPM Packages
------------
Due to a constraint with npm, we are unable to use the 4th digit for security
releases of [NPM packages][] provided by Rails. This means that instead of the
equivalent gem version `7.0.1.4`, the NPM package will be versioned `7.0.1-4`.
[NPM packages]: https://www.npmjs.com/org/rails