Is anyone still integrating fixes for 2.3?
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group.
To post to this group, send email to rubyonra...@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-co...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
On Friday, 9 March 2012 at 11:38 AM, Steve Schwartz wrote:
Just to clarify for everyone, N and N-1 refer to the minor version number, right? As in, currently 3.2 for bug fixes and 3.1 for security fixes.-- Steve Schwartz
regards,
Kristian
On Friday, 9 March 2012 at 4:11 PM, kristian wrote:
so no security fixes for 3.0.x ? that comes at a big surprise andfeels like being in the rains.
Just to clarify for everyone, N and N-1 refer to the minor version number, right? As in, currently 3.2 for bug fixes and 3.1 for security fixes.-- Steve SchwartzExactly
So that means 3.0.12, released March 1, 2012 is out of maintenance, is that right? (no pun intended, I'm trying to ensure I can advise my clients accordingly).
In that case the back port was really easy, and so we did it. The next time a vulnerability comes up it may be just that simple, however you shouldn't be relying on that.Fundamentally we're not going to refuse to spend 10 minutes with git cherry-pick in order to 'stick with policy'. However if it's something hairy, we're not staking our reputation on it.
--