From 42019514f10d2ccacd17a9c45f2071f0fbead366 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Mon, 29 Jan 2024 17:32:00 -0500 Subject: [PATCH] Update support policy --- SUPPORT_POLICY.adoc | 21 ++------------------- 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/SUPPORT_POLICY.adoc b/SUPPORT_POLICY.adoc index 0925d2dd..6cb63e9b 100644 --- a/SUPPORT_POLICY.adoc +++ b/SUPPORT_POLICY.adoc @@ -1,21 +1,4 @@ = Spring Authorization Server Support Policy -The Spring Authorization Server support offering provides the following support terms: - -* Releases are currently in the format of 0.x.y, where: -** “x” contains new features and potentially breaking changes. -** “y” contains new features and bug fixes and provides backward compatibility. -* The Spring Authorization Server project will be supported for at least 3 years after the most recent 0.x.0 release is made available for download. -* Security fixes will be provided for at least one year after the 0.x.0 release is made available for download. Security fixes will not be provided for updating versions to third-party libraries. -* Feature support and bug fixes, excluding “Security fixes”, will be provided only for the latest 0.x.y release. -* This support policy starts with version 0.2.0. -* We will switch to the standard https://tanzu.vmware.com/support/oss[Spring OSS support policy] when the Spring Authorization Server project reaches version 1.0.0. - -An example can help us understand all of these points. -Assume that 0.2.0 is released in August of 2021. -This means that the Spring Authorization Server project is supported until at least August of 2024. -If 0.3.0 is then released in May of 2022, the Spring Authorization Server project is supported until at least May of 2025. -The 0.3.0 release may contain breaking changes from 0.2.0. -If a bug is found, only 0.3.0 will be patched in a 0.3.1 release. -If a security vulnerability is found, a 0.2.4 (assume 0.2.3 is latest) and 0.3.1 release will be provided to fix the security vulnerability. -However, a vulnerability found in September of 2022 would be fixed in the 0.3.1 release but not the 0.2.3 release, because the vulnerability was discovered more than a year after the 0.2.0 release date. +The Spring Authorization Server project provides software support through the https://tanzu.vmware.com/support/oss[VMware Tanzu OSS support policy]. +https://tanzu.vmware.com/spring-runtime[Commercial support], which offers an extended support period, is also available from VMware.