Blog Documentation Book a Demo
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Backporting to the current stable release

LincLinc Admin
edited November 2015 in Community Addons & Development

There have been a number of questions about backporting things to 2.2 lately so I thought I'd try to clarify how I think about that process.

When we backport:

  • Security issues rated a "medium" threat or higher.
  • A fatal error or SQL error (including strict mode) can be triggered under normal usage.
  • An issue that affects public use of the software (i.e. normal users experience and regularly notice it as an issue).
  • It's a simple fix blocking a plugin or theme author (e.g. add an event or fix an argument).
  • It's related to SSO or other third-party integration compatibility. These change frequently so we should stay on top of this.

We do not backport enhancements, refactors, or new features.

You can help us by noting in a PR if it seems like a good candidate for backporting. Please always target PRs against master regardless.

When a security fix is added, release will follow within the week (or sooner for high-priority fixes).

When multiple non-security issues have been backported, we'll use our best judgement to time the release. This timeframe should typically not exceed 3 months. Weigh quantity with priority and whether the release represents a compelling upgrade for most current administrators. This should be seen as a fairly high threshold to cross. The open source community is encouraged to chime in to request a release when they see fixes stacking up that warrant it.

Sign In or Register to comment.