Skip to content

Commit

Permalink
Clear up common questions releases
Browse files Browse the repository at this point in the history 
We often get asked about bug fixes for unsupported series, and NPM security release version scheme.

cc #47390, #39351, #47216

Co-authored-by: Eileen M. Uchitelle <eileencodes@users.noreply.github.com>
  • Loading branch information
@zzak @eileencodes
zzak and eileencodes committed Feb 16, 2023
1 parent 0614aa6 commit 168ed06
Showing 1 changed file with 22 additions and 3 deletions.
25 changes: 22 additions & 3 deletions guides/source/maintenance_policy.md
View file
Expand Up @@ -49,6 +49,10 @@ theoretical 1.2.2 patch release would be built from the 1-2-stable branch.
In special situations, where someone from the Core Team agrees to support more series,
they are included in the list of supported series.

For unsupported series, bug fixes may coincidentally land in a stable branch,
but won't be released in an official version. It is recommended to point your
application at the stable branch using Git for unsupported versions.

**Currently included series:** `7.1.Z`.

Security Issues
Expand All @@ -69,6 +73,11 @@ non-security related bugs resulting from a security patch may be published on a
release's x-y-stable branch, and will only be released as a new gem in
accordance with the Bug Fixes policy.

Security releases are cut from the last security release branch/tag. Otherwise
there could be breaking changes in the security release. A security release
should only contain the changes needed to ensure the app is secure so that it's
easier for applications to remain upgraded.

**Currently included series:** `7.1.Z`, `7.0.Z`, `6.1.Z`.

Severe Security Issues
Expand All @@ -85,6 +94,16 @@ Unsupported Release Series

When a release series is no longer supported, it's your own responsibility to
deal with bugs and security issues. We may provide backports of the fixes and
publish them to git, however there will be no new versions released. If you are
not comfortable maintaining your own versions, you should upgrade to a
supported version.
merge them, however there will be no new versions released. We
recommend to point your application at the stable branch using Git. If you are
not comfortable maintaining your own versions, you should upgrade to a supported
version.

NPM Packages
------------

Due to a constraint with npm, we are unable to use the 4th digit for security
releases of [NPM packages][] provided by Rails. This means that instead of the
equivalent gem version `7.0.1.4`, the NPM package will be versioned `7.0.1-4`.

[NPM packages]: https://www.npmjs.com/org/rails

0 comments on commit 168ed06

Please sign in to comment.