HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Backporting to the current stable release

LincLinc Detroit Admin

There have been a number of questions about backporting things to 2.2 lately so I thought I'd try to clarify how I think about that process.

When we backport:

  • Security issues rated a "medium" threat or higher.
  • A fatal error or SQL error (including strict mode) can be triggered under normal usage.
  • An issue that affects public use of the software (i.e. normal users experience and regularly notice it as an issue).
  • It's a simple fix blocking a plugin or theme author (e.g. add an event or fix an argument).
  • It's related to SSO or other third-party integration compatibility. These change frequently so we should stay on top of this.

We do not backport enhancements, refactors, or new features.

You can help us by noting in a PR if it seems like a good candidate for backporting. Please always target PRs against master regardless.

When a security fix is added, release will follow within the week (or sooner for high-priority fixes).

When multiple non-security issues have been backported, we'll use our best judgement to time the release. This timeframe should typically not exceed 3 months. Weigh quantity with priority and whether the release represents a compelling upgrade for most current administrators. This should be seen as a fairly high threshold to cross. The open source community is encouraged to chime in to request a release when they see fixes stacking up that warrant it.

Sign In or Register to comment.