|
|
@@ -1,21 +0,0 @@
|
|
|
-= Spring Authorization Server Support Policy
|
|
|
-
|
|
|
-The Spring Authorization Server support offering provides the following support terms:
|
|
|
-
|
|
|
-* Releases are currently in the format of 0.x.y, where:
|
|
|
-** “x” contains new features and potentially breaking changes.
|
|
|
-** “y” contains new features and bug fixes and provides backward compatibility.
|
|
|
-* The Spring Authorization Server project will be supported for at least 3 years after the most recent 0.x.0 release is made available for download.
|
|
|
-* Security fixes will be provided for at least one year after the 0.x.0 release is made available for download. Security fixes will not be provided for updating versions to third-party libraries.
|
|
|
-* Feature support and bug fixes, excluding “Security fixes”, will be provided only for the latest 0.x.y release.
|
|
|
-* This support policy starts with version 0.2.0.
|
|
|
-* We will switch to the standard https://tanzu.vmware.com/support/oss[Spring OSS support policy] when the Spring Authorization Server project reaches version 1.0.0.
|
|
|
-
|
|
|
-An example can help us understand all of these points.
|
|
|
-Assume that 0.2.0 is released in August of 2021.
|
|
|
-This means that the Spring Authorization Server project is supported until at least August of 2024.
|
|
|
-If 0.3.0 is then released in May of 2022, the Spring Authorization Server project is supported until at least May of 2025.
|
|
|
-The 0.3.0 release may contain breaking changes from 0.2.0.
|
|
|
-If a bug is found, only 0.3.0 will be patched in a 0.3.1 release.
|
|
|
-If a security vulnerability is found, a 0.2.4 (assume 0.2.3 is latest) and 0.3.1 release will be provided to fix the security vulnerability.
|
|
|
-However, a vulnerability found in September of 2022 would be fixed in the 0.3.1 release but not the 0.2.3 release, because the vulnerability was discovered more than a year after the 0.2.0 release date.
|
Joe Grandja