From 2440fa35b6ad7e114c54bf9b74dbaa7f2b50fb5d Mon Sep 17 00:00:00 2001 From: Jeff Matthews Date: Wed, 27 Jan 2021 10:33:16 -0600 Subject: [PATCH 1/2] Added revisions from product and legal review --- src/release/policy/index.md | 76 ++++++++++++++++++++++++++----------- 1 file changed, 54 insertions(+), 22 deletions(-) diff --git a/src/release/policy/index.md b/src/release/policy/index.md index 8bf0f555d78..2b4330ed2ff 100644 --- a/src/release/policy/index.md +++ b/src/release/policy/index.md @@ -3,62 +3,94 @@ title: Release policy group: release --- -{{site.data.var.ee}} uses [semantic versioning](https://semver.org/) on the individual module level (for example magento/framework 101.1.1) but not for the Magento marketing version number. For example: +{{site.data.var.ee}} uses [semantic versioning](https://semver.org/) on the individual module level (for example magento/framework 101.1.1) but not for the {{site.data.var.ee}} marketing version number. For example: - **MAJOR release**—2 -- **MINOR release**—2.3 -- **PATCH release**—2.3.1 -- **SECURITY release**—2.3.2-p1 -- **Hot fix** +- **MINOR release**—2.4 +- **PATCH release**—2.4.1 + - **SECURITY release**—2.4.1-p1 + - Security bug fix + - Security enhancement +- **Hotfix** - **Individual patch** - **Custom patch** ## MINOR release -Magento releases a large, minor version of {{site.data.var.ee}} about once a year. +Adobe makes a minor version of {{site.data.var.ee}} available about once a year. The following guidelines apply to minor releases: -- Breaking changes are possible; code written for 2.2.x may no longer work with 2.3.x. For example, minor releases can introduce support for major system requirements and dependencies, such as PHP. -- Module versions can vary. For example, some module changes are introduced in a new patch whereas others are introduced in a major release. -- Minor releases can include new features that may require additional work from partners during upgrade to ensure compatibility. -- Minor releases can include fixes for security and compliance issues. +- Breaking changes are possible; code written for {{site.data.var.ee}} 2.2.x may no longer work with {{site.data.var.ee}} 2.3.x. For example, minor releases can introduce support for major system requirements and dependencies, such as PHP. +- Module versions can vary. For example, some module changes are introduced in a new patch whereas others are introduced in a minor release. +- Minor releases can include new features that may require additional work by you or your solution partner during upgrade to ensure compatibility. +- Minor releases can include fixes for security and quality issues. ## PATCH release -Patch releases are primarily focused on delivering security and quality enhancements on a regular basis to help you keep your sites performing at their peak. Magento releases security and functional patches for each supported release line of {{site.data.var.ee}} every quarter. +Patch releases are primarily focused on delivering security and quality fixes on a regular basis to help you keep your sites performing at their peak. Adobe typically makes Magento patch releases available for supported release lines of {{site.data.var.ee}} quarterly. The following guidelines apply to patch releases: -- All supported versions receive security fixes. -- Newer versions receive full functional fixes and enhancements. -- Changes that could break extensions or code compatibility are avoided. For example, code written for 2.2.0 should still work on 2.2.7. +- The latest-supported minor release will receive full functional quality fixes and enhancements. +- Changes that could break extensions or code compatibility are avoided. For example, code written for Magento 2.2.0 should still work on Magento 2.2.7. - On an exceptional basis, breaking changes or additional patches or hotfixes may be released to address security or compliance issues and high-impact quality issues. On the module level, these are mostly PATCH-level changes; sometimes MINOR-level changes. -- Patches may include new features as long as they are not expected to break other code. The new feature can be included in the core code or as an extension, such as Page Builder. +- Patch releases may include new features as long as they are not expected to break other code. The new feature can be included in core Magento code or as an extension, such as Magento Page Builder. ## SECURITY release -Security releases provide fixes for vulnerabilities that have been identified in previous quarterly patch releases. You can install time-sensitive security fixes without applying the hundreds of functional fixes and enhancements that a full quarterly patch release contains. These releases are appended with `-pN`, where N is the incremental patch version beginning with 1 (for example, 2.3.5-p1). These releases can also include hotfixes required to address critical issues that affect the Magento application. +**Security Bug Fix**: A software code change that resolves an identified security issue and delivers expected results in an affected product area. These fixes are generally backward compatible. -For general information about security releases, see [Introducing the New Security-only Patch Release](https://community.magento.com/t5/Magento-DevBlog/Introducing-the-New-Security-only-Patch-Release/ba-p/141287). For instructions on downloading and applying security patches, see [Install Magento using Composer]({{ site.baseurl }}/guides/v2.3/install-gde/composer.html). +**Security Enhancement**: A software improvement or configuration change to proactively improve security within the Magento application. These security enhancements help address security risks that impact the security posture of the Magento application but may be backward incompatible. -## Hot fix +With Security Patch releases, you can keep your site more secure without applying additional quality fixes and enhancements that are contained within a full quarterly patch release. Security Patch releases are appended with ‘-pN’, where N is the incremental patch version beginning with 1 (for example, 2.3.5-p1). Security Patch releases can also include hotfixes required to address critical issues that affect the Magento Commerce application. -Hot fixes are patches that contain high-impact security or quality fixes that affect a large number of Magento merchants. These fixes are applied to the next patch release for the applicable Magento minor version. Magento releases hot fixes as needed. +Each Security Patch release is based on the prior full patch release, hence it contains quality and security fixes from prior patch release and  security fixes created between the prior full Patch release and the Security Patch release. + +With the announcement of our [updated life cycle policy](https://magento.com/blog/updated-lifecycle-policy-magento-releases) [10/1/2020], our Security Patch releases are differentiated based on whether they are applicable to the latest-supported minor release or a part of a still-supported previous minor release line: + +- **Security Patch releases for the Latest-Supported Minor release**: + + - The Security Patch release for the latest-supported Minor release (currently Magento Commerce 2.4) includes: + + - Security bug fixes that have been created since the previous full Patch release. + + - These Security Patch releases can also include hotfixes required to address critical issues that may affect the Magento Commerce application. + + - The Security Patch release for the latest-supported Minor release (currently Magento Commerce 2.4) does not typically include security enhancements. Instead, these are included in the full comprehensive Patch release for the latest-supported Minor release. + +- **Security Patch releases for Supported Previous Minor releases**: + + - The Security Patch release for a previous Minor release that is still supported (currently Magento Commerce 2.3) includes: + + - Security bug fixes that have been created since the previous Patch or Security Patch release, as well as new security enhancements. + + - These Security Patch releases can also include hotfixes required to address critical issues that affect the Magento Commerce application. + + | | Security Bug | Security Enhancement | + |--------------------------------------------------------------------------------|--------------|----------------------| + | Security patch releases for the latest-supported minor release (currently 2.4) | X | | + | Security patch releases for previous, supported minor releases (currently 2.3) | X | X | + +For general information about security releases, see [Introducing the New Security-only Patch Release](https://community.magento.com/t5/Magento-DevBlog/Introducing-the-New-Security-only-Patch-Release/ba-p/141287). For instructions on downloading and applying security patches, see [Install Magento using Composer]({{ site.baseurl }}/guides/v2.3/install-gde/composer.html). + +## Hotfix + +Hotfixes are patches that contain high-impact security or quality fixes that affect a large number of Magento merchants. These fixes are applied to the next patch release for the applicable Magento minor version. Adobe releases hotfixes for {{site.data.var.ee}} as needed. {:.bs-callout-info} -Hot fixes can contain backward incompatible changes. +Hotfixes can contain backward incompatible changes. ## Individual patch -Individual patches contain low-impact quality fixes for a specific issue. These fixes are applied to the most recently supported minor version of Magento (for example, 2.4.x), but could be missing from the previous supported minor version of Magento (for example, 2.3.x). Magento releases individual patches as needed. +Individual patches contain low-impact quality fixes for a specific issue. These fixes are applied to the supported minor versions of {{site.data.var.ee}}. Adobe releases individual patches as needed for {{site.data.var.ee}} in accordance with our [Software Lifecycle Policy](https://magento.com/sites/default/files/magento-software-lifecycle-policy.pdf). {:.bs-callout-info} Individual patches do not contain backward incompatible changes. ## Custom patch -Created by non-Magento personnel to fix an issue or modify the Magento code for various reasons. Magento does not support custom patches. +Created by non-Adobe personnel to fix an issue or modify the {{site.data.var.ee}} code for various reasons. Adobe does not support custom {{site.data.var.ee}} patches. ### Related topics From 24633d07b679ecee6c99cd828fc9afc253a7cb9d Mon Sep 17 00:00:00 2001 From: Jeff Matthews Date: Wed, 27 Jan 2021 10:43:30 -0600 Subject: [PATCH 2/2] Fixed linting error --- src/release/policy/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/release/policy/index.md b/src/release/policy/index.md index 2b4330ed2ff..edcebdcb87d 100644 --- a/src/release/policy/index.md +++ b/src/release/policy/index.md @@ -33,7 +33,7 @@ Patch releases are primarily focused on delivering security and quality fixes on The following guidelines apply to patch releases: - The latest-supported minor release will receive full functional quality fixes and enhancements. -- Changes that could break extensions or code compatibility are avoided. For example, code written for Magento 2.2.0 should still work on Magento 2.2.7. +- Changes that could break extensions or code compatibility are avoided. For example, code written for Magento 2.2.0 should still work on Magento 2.2.7. - On an exceptional basis, breaking changes or additional patches or hotfixes may be released to address security or compliance issues and high-impact quality issues. On the module level, these are mostly PATCH-level changes; sometimes MINOR-level changes. - Patch releases may include new features as long as they are not expected to break other code. The new feature can be included in core Magento code or as an extension, such as Magento Page Builder.