Versions Compared

Old Version 37

changes.mady.by.user Chris Hyzer (upenn.edu)

Saved on

compared with

New Version 38

changes.mady.by.user Chris Hyzer (upenn.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Grouper development team strives to maintain permanent backward compatibility of the core API / WS across all releases.

Support

Current and the previous one minor release releases will receive active support and security updates by the core development team. As of April 2021November 2022, that means the 2.56.x, 2.45.x releases are maintained by the core development team.   Implementers  v2.6 receives enhancements, bug fixes, and security fixes.  v2.5 receives non-risky and important bug fixes, and security fixes.  Implementers should upgrade to a stable recent build of their supported version which is at most 3 months old.  Security fixes will prompt a new container build and the builds are linear so it is important to stay current.  In addition, the OS packages are in the container so it either requires a new container from Grouper or a new subimage to patch/upgrade the OS and related files.

Before releasing all containers, security vulnerabilities listed in maven central will be addressed by upgrading those third party libraries.

Note: v2.5 + (while it is a supported version) will be updated at least monthly.  The v2.4 container is not receiving regular updates and requires a subimage build to get OS updates.  will be end-of-life on May 1, 2023.

Supported versions will be released monthly or more frequently.


Panel

References used in writing this policy

-Shibboleth Project: https://wiki.shibboleth.net/confluence/display/SHIB2/ProductVersioning

-Linux Kernel Project: https://www.kernel.org/category/releases.html

-Samba Project: http://www.samba.org/samba/devel/

...

Grouper 2.5+ packaging and versioning


Suggestion for "semantic versioning" (potential for future)

There is a suggestion to adopt semantic versioning.

The development, upgrades, and releases are not really going to change, but the numbering of the versions will change.

Here is the suggestion:

v2.5.67 (or whatever release we are on) will be renamed v3.0.0

v2.6.19 (or whatever release we are on) will be renamed v4.0.0

v2.7.0 will be named v5.0.0

previously discussed v3.0.0 will be named v6.0.0

We will stop using a fourth number.  We currently use the fourth number for a container release where the maven version does not change, but we will just use the next third number, and skip that version in Maven.  For instance, container version v4.2.23 might be using Maven version v4.2.21.  And if thats the case, we will skip in maven to v4.2.24 so we do not re-use that container version.

This only applies to versions which are in Long Term Support (LTS).  The latest Grouper major version has new enhancements until it is complete and stable.  the major version will not be incremented until the enhancements are done (e.g. over a year).

For instance if this is an LTS version: v3.1.6
3 = major version (incompatible changes will bump this number)
1 = minor version (backwards compatible changes)
6 = patch (backwards compatible bug/security fixes)

For instance if this is the enhancement version: v5.1.6
5 = major version (will stay at 5)
1 = minor version (incompatible changes or backwards compatible changes)
6 = patch (backwards compatible bug/security fixes)

If there is a security fix in an LTS version that causes incompatible changes, it will be documented.  For instance if we need to change a 3rd party library we will do so in a way that is the least risky and disruptive, but it might require some configuration changes or change in functionality.  The defaults for all configuration should not change.

  • Incrementing a major version will have upgrade instructions. 
    • These will be the list of instructions of all the minor versions up to the current version of the next major version.
    • e.g. when upgrading from v3.5.13 → v4.8.21
      • Follow instructions for v3.6?, v3.7?, v4.0, v4.1, v4.2, ... , v4.8
  • Incrementing a minor version of an LTS version will generally have no upgrade instructions
  • Incrementing a minor version of an enhancement version might have upgrade instructions
  • Incrementing a patch version will not have any upgrade instructions

The release path for a major version is still linear. 

  • For instance, if you are on v3.5.13, and there is a security fix
    • If the latest v3 version is v3.8.4, and this is backwards compatible, the fix will be released in v3.8.5
    • If the latest v3 version is v3.8.4, and this is not backwards compatible, the fix will be released in v3.9.0