...
Current and the previous releases will receive active support and security updates by the core development team. As of 20232024, that means
Overview
- 4.x and v2.5.x v4 and v5 releases are maintained by the core development team.
- v5 is under development and will contain enhancements, bug fixes, and security fixes.
- v4 (v2.6 renamed) receives non-risky and important bug fixes, and security fixes. v2.5 receives non-risky and important bug fixes, and security fixes.
- Releases in v4 and v5 are linear, once a minor version number exists, no previous minor versions will be released. e.g. when v4.5.0 is released, there will be no more v4.4.* releases
- Releases three months old are labeled "expired" to encourage quarterly upgrades
- Previous releases before v4 are not supported
Advice for Implementers
- Implementers should upgrade to a stable recent build of their supported version which is at most 3 months old. and plan to upgrade quarterly.
- Security fixes will prompt a new container build and the builds are linear so it is important to stay current.
- The OS packages are in the container so it either requires a new container from Grouper or a new derived image to patch/upgrade the OS and related files.
...
- Before releasing all containers, security vulnerabilities listed in maven central will be addressed by upgrading those third party libraries.
- Once a newer Long Term Support (LTS) version is announced (e.g. an even major version), then the previous LTS version will be end of life in approximately six months.
- v2.5 will be was end-of-life on May 1, 2023.
- Supported versions will be released monthly or more frequently.
...