Django security releases issued: 4.0.4, 3.2.13, and 2.2.28

[Mariusz Felisiak]

Details are available on the Django project weblog:

https://www.djangoproject.com/weblog/2022/apr/11/security-releases/

[Wim Feijen]

Hi,

Thanks for the release!

This has not directly to do with the security release, but I have a question about this remark: "Django 2.2 has reached the end of extended support. The final security release (2.2.28) was issued today. "

As I understood it, Django 2.2 will be supported until the end of April, meaning the 30th of April will be the last day of support. Because the Django release cycle is once every eight months, and years are divided into four parts, so the support windows runs up to 1 May. Am I correct in this? Our internal update policies are based on this assumption, so it matters a lot to us.

Thanks for your clarification,

Wim

Op maandag 11 april 2022 om 09:57:16 UTC+2 schreef Mariusz Felisiak:

[Adam Johnson]

As I understood it, Django 2.2 will be supported until the end of April, meaning the 30th of April will be the last day of support. Because the Django release cycle is once every eight months, and years are divided into four parts, so the support windows runs up to 1 May. Am I correct in this? Our internal update policies are based on this assumption, so it matters a lot to us.

I think the answer here is: we don't commit to which day in the month is the day that support ends.

Carlton summarized this on Twitter ( https://mobile.twitter.com/carltongibson/status/1501097294954905600 ) recently:

PSA: If you need to know the **exact** day LTS support ends, you waited too long.

Django 2.2 is EOL next month folks.

Typically security/bugfix releases are monthly, near the start of the month. So announcing this release as the end of support is to be expected.

My personal advice is to not use LTS releases, and upgrade to each new feature version. There's not really a huge difference in stability, and you'll reduce the risk by upgrading more frequently.

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/1e932359-0072-4ba0-96ae-a76bbbc25245n%40googlegroups.com.

[אורי‎]

Hi,

Even if you decide to use only LTS releases, it's about time you upgrade to 3.2. There may be possibly another security patch of Django 2.2 released before the end of the month (April 30), but from my experience even security patches are applied not more than once a month, and therefore it's not expected to release another security patch this month (April). You can still use Django 2.2 at least until April 30, or even later, but if you want to use a supported version then it's time to upgrade. The next time a security patch is released, and it's not released to 2.2, then it will definitely be the time to upgrade to at least Django 3.2.

Uri Rodberg, Speedy Net.

אורי

u...@speedy.net

--