In our recent Town Hall, Andy and Franz shared exciting news regarding their versioning and Expanded Security Maintenance (ESM) plans. This blog post will dive into the details of these updates, explaining their significance for users and the future of Concrete.
ESM (Expanded Security Maintenance) and Security Updates for Version 8
We have officially announced that we will continue to provide security updates for Concrete Version 8 through 2024. This means that users who are currently running sites on Version 8 can rest assured that they will receive security updates and support for an additional 14 months. It's worth noting that if your site is on Version 8, you may need to find a host that runs PHP 7.4 LTS, but this transition is relatively straightforward.
Concrete Version 9 for New Features
While Concrete encourages users to build new sites on Concrete Version 9, which is actively developed and receives new features, we understand that migrating existing sites can be a significant undertaking. Therefore, we are committed to providing security updates for Version 8 to ensure that existing sites remain safe and functional. Users relying on this ESM version can expect extended, stable, and secure support. This emphasis on backward compatibility ensures that websites built on Version 8.5.12 will remain dependable for an extended period, even as new versions are introduced.
Structured Release Model
Concrete is transitioning to a more structured release model, still aligning with the principles of semantic versioning. Under this model:
- Major Versions (e.g., Version 9, 10) will be released when they are thoroughly tested and ready to deliver substantial improvements and innovations.
- Minor Versions (e.g., Version 9.1, 9.2) will follow a biannual release schedule. These updates will introduce new features and enhancements while maintaining compatibility with existing functionality.
- Patch Versions (e.g., Version 9.2.1, 9.2.2) will be released monthly, ensuring that users benefit from a predictable update schedule. These releases will primarily focus on bug fixes and minor improvements.
- ESM Designation The last minor version of a Concrete release before a major version will be designated as the ESM version. For example, Version 8.5.12 is the last minor version of Version 8 before Version 9 was released, making it an ESM version. Concrete will continue to provide patch releases for ESM versions for an extended period, typically at least three years, to ensure stability and security.
Conclusion
Concrete is embracing a more structured and predictable release model, ensuring that users have access to security updates, new features, and bug fixes on a regular basis. This approach aims to make the upgrade process smoother and less daunting, providing a better experience for all Concrete users.
11/7/23 Edits
This blog post was edited to change references of "(LTS) Long Term Support" to "(ESM) Expanded Security Maintenance." We will not be able to port every possible security related bug fix that we might deliver on v9.x to v8.x. Our focus will continue to be on any security issues that the Concrete Core Team deems "Critical" (potentially granting privileged access to an external actor.) This is the same policy that we described a year ago in this blog post:
https://www.concretecms.org/about/project-news/security/security-support-concrete-v8x