Skip to content

Release And Bugfixing Strategy #353

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rfelber merged 7 commits into from
Apr 10, 2021
Merged

Release And Bugfixing Strategy #353

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
fcc9b5e
Release And Bugfixing Strategy
nigthknight Mar 30, 2021
b2b92c7
Adding SECURITY.md template to explain our project specific support s…
rfelber Mar 30, 2021
c784226
Moved support explanations to security.md.
rfelber Mar 31, 2021
1a4ff41
Merge branch 'main' into doc/update-and-support-strategy
rfelber Apr 2, 2021
7ceeb5c
Fixing typos.
rfelber Apr 10, 2021
84f95ab
Merge branch 'main' into doc/update-and-support-strategy
rfelber Apr 10, 2021
c57f06d
Fixing typos.
rfelber Apr 10, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 17 additions & 2 deletions CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@
- [GitHub Flow](#github-flow)
- [How to work with GitHub Flow](#how-to-work-with-github-flow)
- [Working with Forks and Pull Requests](#working-with-forks-and-pull-requests)
- [Working with Issues / How to Contribute in Issues](#working-with-issues--how-to-contribute-in-issues)
- [Bugfixing and Security Fixing Released Features](#bugfixing-and-security-fixing-released-features)
- [Working with Issues - How to Contribute in Issues](#working-with-issues---how-to-contribute-in-issues)
- [How to Write Commit Messages](#how-to-write-commit-messages)
- [Code of Conduct](#code-of-conduct)

Expand Down Expand Up @@ -54,7 +55,21 @@ When you are done, you can convert it to a standard *Pull Request* (or create on

Generally the _secureCodeBox_ project follows the standard [GitHub Pull request process](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests).

## Working with Issues/How to Contribute in Issues
## Bugfixing and Security Fixing Released Features

For bugfixes and security fixes of the current release please follow the following workflow:
- For the minor release
- Checkout current minor release branch (e.g. v2.5.x) or create if not existent from latest git tag
- Create a bugfix branch from release branch
- Fix Bug
- Create PR to release branch
- Generate new semver release
- For the main branch:
- Create a bugfix branch from `main` branch
- Cherry-Pick Bugfix and commit to bugfix branch
- Create PR to `main` branch

## Working with Issues - How to Contribute in Issues

It is mandatory to open an issue, if the task takes longer than one hour.
Before you open an issue please verify there is no existing one covering your issue.
Expand Down
35 changes: 35 additions & 0 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# Security Policy

## Supported Versions
Our _release cycle_ for new features (minior [semver](https://semver.org/) update)
is roughly every two weeks (we will usually make a new release after each review).

| Version | Security Fixes* | Supported** |
| ------- | ------------------ | ------------------ |
| 2.6.x-alpha1 | :white_check_mark: | :white_check_mark: |
| 2.5.x | :white_check_mark: | :white_check_mark: |
| <= 2.4.x | :x: | :x: |
| < 2.0 | :x: | :x: |

### Major Release (Semver)
_Upcoming major updates_ will come with a time window in which both _major versions_ (starting with v2.x.x)
will receive security updates and bugfixes. The concrete support intervall will be probably a couple of months
and will be published when the next major version will be released.

### Minor Release/Feature Releases (Semver)
We currently plan to provide support for the _latest minor [semver](https://semver.org/)_ release only.

### Patch Release/Bugfix/Security Fix
We try to make bugfixes and high severity fixes available as patch release for the current minor release
as early as possible.

## Extended (Enterprise) Support
If you are interested in extended support for older versions with security updates of our project
please get in touch with the project team via Slack or email <[email protected]>.

## Reporting a Vulnerability
You have found a vulnerability in the project that shouldn't be disclosed as public issue before it's fixed?
Please get in touch with the project team via Slack or email <[email protected]>.

You can expect a fast reaction within the next days.
We will keep you updated about the next steps and inform you if the vulnerability is accepted and when its fixed or if its ordeclined somehow.