mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Update 02_Release_Process.md
Typos. Spelling. 404 errors for framework and cms milestones links to github(line 13).
This commit is contained in:
parent
21e891e28c
commit
54b0b1fd4e
@ -2,7 +2,7 @@ summary: Describes the process followed for "core" releases.
|
||||
|
||||
# Release Process
|
||||
|
||||
Describes the process followed for "core" releases (mainly the `framework` and `cms` modules).
|
||||
This page describes the process followed for "core" releases (mainly the `framework` and `cms` modules).
|
||||
|
||||
## Release Maintainer
|
||||
|
||||
@ -19,13 +19,13 @@ Release dates are usually not published prior to the release, but you can get a
|
||||
reviewing the release milestone on github.com. Releases will be
|
||||
announced on the [release announcements mailing list](http://groups.google.com/group/silverstripe-announce).
|
||||
|
||||
Releases of the *cms* and *framework* modules are coupled at the moment, they follow the same numbering scheme.
|
||||
Releases of the *cms* and *framework* modules are coupled at the moment, and they follow the same numbering scheme.
|
||||
|
||||
## Release Numbering
|
||||
|
||||
SilverStripe follows [Semantic Versioning](http://semver.org).
|
||||
|
||||
Note: Until November 2014, the project didn't adhere to Semantic Versioning. Instead. a "minor release" in semver terminology
|
||||
Note: Until November 2014, the project didn't adhere to Semantic Versioning. Instead, a "minor release" in semver terminology
|
||||
was treated as a "major release" in SilverStripe. For example, the *3.1.0* release contained API breaking changes, and
|
||||
the *3.1.1* release contained new features rather than just bugfixes.
|
||||
|
||||
@ -43,7 +43,7 @@ patch release
|
||||
## Deprecation
|
||||
|
||||
Needs of developers (both on core framework and custom projects) can outgrow the capabilities
|
||||
of a certain API. Existing APIs might turn out to be hard to understand, maintain, test or stabilize.
|
||||
of a certain API. Existing APIs might turn out to be hard to understand, maintain, test or stabilise.
|
||||
In these cases, it is best practice to "refactor" these APIs into something more useful.
|
||||
SilverStripe acknowledges that developers have built a lot of code on top of existing APIs,
|
||||
so we strive for giving ample warning on any upcoming changes through a "deprecation cycle".
|
||||
@ -53,14 +53,14 @@ How to deprecate an API:
|
||||
* Add a `@deprecated` item to the docblock tag, with a `{@link <class>}` item pointing to the new API to use.
|
||||
* Update the deprecated code to throw a `[api:Deprecation::notice()]` error.
|
||||
* Both the docblock and error message should contain the **target version** where the functionality is removed.
|
||||
So if you're committing the change to a *3.1* minor release, the target version will be *4.0*.
|
||||
So, if you're committing the change to a *3.1* minor release, the target version will be *4.0*.
|
||||
* Deprecations should not be committed to patch releases
|
||||
* Deprecations should just be committed to pre-release branches, ideally before they enter the "beta" phase.
|
||||
* Deprecations should only be committed to pre-release branches, ideally before they enter the "beta" phase.
|
||||
If deprecations are introduced after this point, their target version needs to be increased by one.
|
||||
* Make sure that the old deprecated function works by calling the new function - don't have duplicated code!
|
||||
* The commit message should contain an `API` prefix (see ["commit message format"](code#commit-messages))
|
||||
* Document the change in the [changelog](/changelogs) for the next release
|
||||
* Deprecated APIs can be removed after developers had a chance to react to the changes. As a rule of thumb, leave the
|
||||
* Deprecated APIs can be removed after developers have had a chance to react to the changes. As a rule of thumb, leave the
|
||||
code with the deprecation warning in for at least three micro releases. Only remove code in a minor or major release.
|
||||
* Exceptions to the deprecation cycle are APIs that have been moved into their own module, and continue to work with the
|
||||
new minor release. These changes can be performed in a single minor release without a deprecation period.
|
||||
@ -77,8 +77,8 @@ Here's an example for replacing `Director::isDev()` with a (theoretical) `Env::i
|
||||
return Env::is_dev();
|
||||
}
|
||||
|
||||
This change could be committed to a minor release like *3.2.0*, and stays deprecated in all following minor releases
|
||||
(e.g. *3.3.0*, *3.4.0*), until a new major release (e.g. *4.0.0*) where it gets removed from the codebase.
|
||||
This change could be committed to a minor release like *3.2.0*, and remains deprecated in all subsequent minor releases
|
||||
(e.g. *3.3.0*, *3.4.0*), until a new major release (e.g. *4.0.0*), at which point it gets removed from the codebase.
|
||||
|
||||
## Security Releases
|
||||
|
||||
@ -99,7 +99,7 @@ previous major release (if applicable).
|
||||
[new release](http://silverstripe.org/security-releases/) publically.
|
||||
|
||||
You can help us determine the problem and speed up responses by providing us with more information on how to reproduce
|
||||
the issue: SilverStripe version (incl. any installed modules), PHP/webserver version and configuration, anonymized
|
||||
the issue: SilverStripe version (incl. any installed modules), PHP/webserver version and configuration, anonymised
|
||||
webserver access logs (if a hack is suspected), any other services and web packages running on the same server.
|
||||
|
||||
### Severity rating
|
||||
@ -109,7 +109,7 @@ each vulnerability. The rating indicates how important an update is:
|
||||
|
||||
| Severity | Description |
|
||||
|---------------|-------------|
|
||||
| **Critical** | Critical releases require immediate actions. Such vulnerabilities allow attackers to take control of your site and you should upgrade on the day of release. *Example: Directory traversal, privilege escalation* |
|
||||
| **Critical** | Critical releases require immediate action. Such vulnerabilities allow attackers to take control of your site and you should upgrade on the day of release. *Example: Directory traversal, privilege escalation* |
|
||||
| **Important** | Important releases should be evaluated immediately. These issues allow an attacker to compromise a site's data and should be fixed within days. *Example: SQL injection.* |
|
||||
| **Moderate** | Releases of moderate severity should be applied as soon as possible. They allow the unauthorized editing or creation of content. *Examples: Cross Site Scripting (XSS) in template helpers.* |
|
||||
| **Low** | Low risk releases fix information disclosure and read-only privilege escalation vulnerabilities. These updates should also be applied as soon as possible, but with an impact-dependent priority. *Example: Exposure of the core version number, Cross Site Scripting (XSS) limited to the admin interface.* |
|
||||
| **Low** | Low risk releases fix information disclosure and read-only privilege escalation vulnerabilities. These updates should also be applied as soon as possible, but according to an impact-dependent priority. *Example: Exposure of the core version number, Cross Site Scripting (XSS) limited to the admin interface.* |
|
||||
|
Loading…
Reference in New Issue
Block a user