tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #8893 from open-sausages/pulls/4/docs-critical-security-fixes

Browse Source 
DOCS Limited "critical security fixes" release lines
This commit is contained in:
Robbie Averill 2019-04-02 13:14:14 +13:00 committed by GitHub
commit d816989f2e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/en/05_Contributing/04_Release_Process.md
View File

@ -41,8 +41,9 @@ At any point in time, the core development team will support a set of releases t
* API changes and major new features are applied to the master branch, to be included in the next major release * API changes and major new features are applied to the master branch, to be included in the next major release
* New APIs can be applied to the current minor release of major releases in "active development", but should usually be marked as "internal" APIs until they're considered stable * New APIs can be applied to the current minor release of major releases in "active development", but should usually be marked as "internal" APIs until they're considered stable
* Enhancements are applied to the next minor release of major releases in "active development" * Enhancements are applied to the next minor release of major releases in "active development"
* Non-critical bugfixes are applied to all supported minor releases of major releases in "active development" or "full support" * Non-critical bugfixes and all security fixes are applied to all supported minor releases of major releases in "active development" or "full support"
* Critical bugfixes and security fixes are applied to the all minor releases of major releases in "active development", "full support" or "limited support" * Critical bugfixes and [critical security fixes](#severity-rating) are applied to the all minor releases of major releases in "active development", "full support" or "limited support"
* [Non-critical security fixes](#severity-rating) are backported to releases in "limited support" on a best effort basis
* Any patches applied to older minor releases are merged up regularly to newer minor releases (in the same major release) * Any patches applied to older minor releases are merged up regularly to newer minor releases (in the same major release)
* Any patches applied to older major releases are merged up regularly to newer major releases * Any patches applied to older major releases are merged up regularly to newer major releases
@ -144,6 +145,7 @@ webserver access logs (if a hack is suspected), any other services and web packa
Each [security release](http://www.silverstripe.org/security-releases/) includes an overall severity rating and one for Each [security release](http://www.silverstripe.org/security-releases/) includes an overall severity rating and one for
each vulnerability. The rating indicates how important an update is. each vulnerability. The rating indicates how important an update is.
It follows the [Common Vulnerability Scoring System (CVSS)](https://www.first.org/cvss). It follows the [Common Vulnerability Scoring System (CVSS)](https://www.first.org/cvss).
This rating determines which release lines are targetd with security fixes.
| Severity | CVSS | Description | | Severity | CVSS | Description |
|---------------|------|-------------| |---------------|------|-------------|