ember-learn
Clarification on security page's update policy:
Page: https://emberjs.com/security
Towards the bottom, the page mentions that security patches are applied to All releases under maintenance, but it's not clear what all are the "releases under maintenance".
It'd be awesome if that could be clarified somewhere -- and what it means for folks who maybe would want to be a little conservative about their updates, maybe using Stable - 1 releases (being one release behind to get as many bug fixes as possible)?
My two cents on interpreting All releases under maintenance is all the current LTS releases (~ 54 weeks) and all the intervening releases between stable and the most recent LTS? Looking at the last security bug CVE-2015-7565. Looks like security was patched on multiple versions from LTS to stable?
This issue has been automatically marked stale. If this issue is something that still needs work, please add a comment and it will remain open, otherwise it will close in 7 days. You are welcome to open a new issue if you miss the window. Thanks!
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been automatically marked stale. If this issue is something that still needs work, please add a comment and it will remain open, otherwise it will close in 7 days. You are welcome to open a new issue if you miss the window. Thanks!
This issue has been automatically marked stale. If this issue is something that still needs work, please add a comment and it will remain open, otherwise it will close in 7 days. You are welcome to open a new issue if you miss the window. Thanks!
Update: the clarification is:
See the supported LTS releases: https://emberjs.com/releases/lts/ And (hopefully obviously) the current release.
@NullVoxPopuli would you do a PR that links to this or clarifies it? Thank you!
