tonyair
/
silverstripe-framework
mirror of https://github.com/silverstripe/silverstripe-framework
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #8893 from open-sausages/pulls/4/docs-critical-security-fixes 

DOCS Limited "critical security fixes" release lines
This commit is contained in:
Robbie Averill 2019-04-02 13:14:14 +13:00 committed by GitHub
parent 26ff24067b af7e055574
commit d816989f2e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/en/05_Contributing/04_Release_Process.md
View File

@ -41,8 +41,9 @@ At any point in time, the core development team will support a set of releases t
* API changes and major new features are applied to the master branch, to be included in the next major release
* New APIs can be applied to the current minor release of major releases in "active development", but should usually be marked as "internal" APIs until they're considered stable
* Enhancements are applied to the next minor release of major releases in "active development"
* Non-critical bugfixes are applied to all supported minor releases of major releases in "active development" or "full support"
* Critical bugfixes and security fixes are applied to the all minor releases of major releases in "active development", "full support" or "limited support"
* Non-critical bugfixes and all security fixes are applied to all supported minor releases of major releases in "active development" or "full support"
* Critical bugfixes and [critical security fixes](#severity-rating) are applied to the all minor releases of major releases in "active development", "full support" or "limited support"
* [Non-critical security fixes](#severity-rating) are backported to releases in "limited support" on a best effort basis
* Any patches applied to older minor releases are merged up regularly to newer minor releases (in the same major release)
* Any patches applied to older major releases are merged up regularly to newer major releases
@ -144,6 +145,7 @@ webserver access logs (if a hack is suspected), any other services and web packa
Each [security release](http://www.silverstripe.org/security-releases/) includes an overall severity rating and one for
each vulnerability. The rating indicates how important an update is.
It follows the [Common Vulnerability Scoring System (CVSS)](https://www.first.org/cvss).
This rating determines which release lines are targetd with security fixes.
| Severity | CVSS | Description |
|---------------|------|-------------|