mirror of https://github.com/rails/rails
Merge pull request #47394 from zzak/security-releases-plus-npm
Clear up common questions releases
This commit is contained in:
commit
fa746dab43
|
@ -49,6 +49,10 @@ theoretical 1.2.2 patch release would be built from the 1-2-stable branch.
|
|||
In special situations, where someone from the Core Team agrees to support more series,
|
||||
they are included in the list of supported series.
|
||||
|
||||
For unsupported series, bug fixes may coincidentally land in a stable branch,
|
||||
but won't be released in an official version. It is recommended to point your
|
||||
application at the stable branch using Git for unsupported versions.
|
||||
|
||||
**Currently included series:** `7.1.Z`.
|
||||
|
||||
Security Issues
|
||||
|
@ -69,6 +73,11 @@ non-security related bugs resulting from a security patch may be published on a
|
|||
release's x-y-stable branch, and will only be released as a new gem in
|
||||
accordance with the Bug Fixes policy.
|
||||
|
||||
Security releases are cut from the last security release branch/tag. Otherwise
|
||||
there could be breaking changes in the security release. A security release
|
||||
should only contain the changes needed to ensure the app is secure so that it's
|
||||
easier for applications to remain upgraded.
|
||||
|
||||
**Currently included series:** `7.1.Z`, `7.0.Z`, `6.1.Z`.
|
||||
|
||||
Severe Security Issues
|
||||
|
@ -85,6 +94,16 @@ Unsupported Release Series
|
|||
|
||||
When a release series is no longer supported, it's your own responsibility to
|
||||
deal with bugs and security issues. We may provide backports of the fixes and
|
||||
publish them to git, however there will be no new versions released. If you are
|
||||
not comfortable maintaining your own versions, you should upgrade to a
|
||||
supported version.
|
||||
merge them, however there will be no new versions released. We
|
||||
recommend to point your application at the stable branch using Git. If you are
|
||||
not comfortable maintaining your own versions, you should upgrade to a supported
|
||||
version.
|
||||
|
||||
NPM Packages
|
||||
------------
|
||||
|
||||
Due to a constraint with npm, we are unable to use the 4th digit for security
|
||||
releases of [NPM packages][] provided by Rails. This means that instead of the
|
||||
equivalent gem version `7.0.1.4`, the NPM package will be versioned `7.0.1-4`.
|
||||
|
||||
[NPM packages]: https://www.npmjs.com/org/rails
|
Loading…
Reference in New Issue