From 608c24b744fb770daba89c5d81f1a367bbb8034f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Standa=20Luke=C5=A1?= Date: Sun, 1 Dec 2024 17:48:35 +0100 Subject: [PATCH 1/2] Drop support for 4.1 and 4.0, provide clear support timelines for other versions Update the security policy: * deprecate 4.0 and 4.1 releases, we will no longer guarantee security fixes * promise that users will always have at least 1 year to upgrade * old stable versions now have support expiration date in the table --- SECURITY.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 8fd8e2fbd3..a05c5ba11d 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -3,14 +3,15 @@ ## Supported Versions When it comes to security updates, we always support the current major version together with the latest preview version. -Any vulnerabilities that affect older versions will be considered on a case-by-case basis. +Each older stable version will continue to be supported for at least one year after the release of the subsequent stable version. +Any vulnerabilities that affect unsupported versions will be considered on a case-by-case basis. -| Version | Supported | -| ------- | ------------------ | -| 4.2.x | :white_check_mark: | -| 4.1.x | :white_check_mark: | -| 4.0.x | :white_check_mark: | -| < 4.0 | :x: | +| Version | Supported | Expires | +| ----------- | ------------------ | --------------- | +| 5.0 preview | :white_check_mark: | | +| 4.3 | :white_check_mark: | | +| 4.2 | :white_check_mark: | September 2025 | +| ≤ 4.1 | :x: | November 2024 | ## Reporting a Vulnerability From 4b74744657a8c6585f6877239e4330b4ab764533 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Herceg?= Date: Fri, 13 Dec 2024 18:09:10 +0100 Subject: [PATCH 2/2] Update SECURITY.md --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index a05c5ba11d..5f172b6346 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,7 +2,7 @@ ## Supported Versions -When it comes to security updates, we always support the current major version together with the latest preview version. +When it comes to security updates, we always support the current stable version together with the latest preview version. Each older stable version will continue to be supported for at least one year after the release of the subsequent stable version. Any vulnerabilities that affect unsupported versions will be considered on a case-by-case basis.