docs(security): add end of life of branch section

2026-05-17 18:35:07 +00:00 · 2022-01-01 15:06:51 +01:00
parent 78ed3f92ee
commit bd31a9f564
1 changed files with 17 additions and 7 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,16 +2,26 @@

 ## Supported Versions and Branches

-| Version | Branch | Supported          |
-| ------- | ------ | ------------------ |
-| 4.x     | v4.x   | :white_check_mark: |
-| 3.x     | v3.x   | :white_check_mark: |
-| 2.x     | v2.x   | :x:                |
-| 1.1.x   | v1.1.x | :x:                |
-| < 1.x   |        | :x:                |
+We only support 2 major versions for security patches
+
+| Version | Branch | Supported          | Specific Tags |
+| ------- | ------ | ------------------ | ------------- |
+| 4.x     | v4.x   | :white_check_mark: | v4            |
+| 3.x     | v3.x   | :white_check_mark: |               |
+| < 2.x   |        | :x:                | v2.x, v1.1.x  |

 A GitHub repository can used one of the available branches as action inside its workflows.

+### End of Life of a branch
+
+When a branch is not supported anymore, the following process occurs
+
+- Since `v4.x` branch, the branch will be deleted 2 major versions after
+  - So `v4.x` branch will be deleted when `v7.x` branch will have its first release
+  - prefer the `v4` tag to `v4.x` branch as reference in our workflow, 
+- Before `v4.x` branch, the branch will be converted into a tag when the support is dropped
+  - So `v3.x` branch will be converted as tag when `v5.x` branch will have its first release
+
 ## Reporting a Vulnerability

 You can report a Vulnerability by [my email](mailto:romain.lespinasse@gmail.com).