Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product

Backporting to the current stable release

LincLinc Director of DevelopmentDetroit Vanilla Staff
edited November 2015 in Development

There have been a number of questions about backporting things to 2.2 lately so I thought I'd try to clarify how I think about that process.

When we backport:

  • Security issues rated a "medium" threat or higher.
  • A fatal error or SQL error (including strict mode) can be triggered under normal usage.
  • An issue that affects public use of the software (i.e. normal users experience and regularly notice it as an issue).
  • It's a simple fix blocking a plugin or theme author (e.g. add an event or fix an argument).
  • It's related to SSO or other third-party integration compatibility. These change frequently so we should stay on top of this.

We do not backport enhancements, refactors, or new features.

You can help us by noting in a PR if it seems like a good candidate for backporting. Please always target PRs against master regardless.

When a security fix is added, release will follow within the week (or sooner for high-priority fixes).

When multiple non-security issues have been backported, we'll use our best judgement to time the release. This timeframe should typically not exceed 3 months. Weigh quantity with priority and whether the release represents a compelling upgrade for most current administrators. This should be seen as a fairly high threshold to cross. The open source community is encouraged to chime in to request a release when they see fixes stacking up that warrant it.

Sign In or Register to comment.