-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
3
-
Problem Definition
For almost every vulnerability Issue there is often the problem that it has been closed because it has been fixed, but the fix version is a release version beyond the LTS version. Because the Issue is closed no one knows if there will be a LTS fix coming or not. And if not, why? Or if, when it will be shipped.
Could you make this more transparent? A lot of people are starting otherwise asking in the comment for a LTS fix, without any response. The handling for LTS fixes of vulnerabilities is very diffuse. Sometimes there is no statement for a LTS fix at all, so you hope when upgrading the minor version of a LTS will solve it, but you never know.
This is not helpful to keep/build the trust in the application.
Suggested Solution
You could extend your workflow in order to illustrate there is still bugfixing going on for a LTS, by another status, for example...
Workaround
None
- Mentioned in
[JRASERVER-73182] documentation of Vulnerability fixes for LTS versions
UIS | Original: 6 | New: 3 |
UIS | Original: 9 | New: 6 |
UIS | Original: 6 | New: 9 |
UIS | Original: 9 | New: 6 |
Remote Link | New: This issue links to "Page (Confluence)" [ 708625 ] |
Remote Link | New: This issue links to "Page (Confluence)" [ 698278 ] |
Description |
Original:
For almost every vulnerability Issue there is often the problem that it has been closed because it has been fixed, but the fix version is a release version beyond the LTS version. Because the Issue is closed no one knows if there will be a LTS fix coming or not. And if not, why? Or if, when it will be shipped. Could you make this more transparent. A lot of people are starting otherwise asking in the comment for a LTS fix, without any response. The handling for LTS fixes of vulnerabilities is very diffuse. Sometimes there is no statement for a LTS fix at all, so you hope when upgrading the minor version of a LTS will solve it, but you never know. This is not helpful to keep/build the trust in the application.
You could extend your workflow in order to illustrate there is still bugfixing going on for a LTS, by another status, for example... |
New:
h3. Problem Definition
For almost every vulnerability Issue there is often the problem that it has been closed because it has been fixed, but the fix version is a release version beyond the LTS version. Because the Issue is closed no one knows if there will be a LTS fix coming or not. _And if not, why? Or if, when it will be shipped._ Could you make this more transparent? A lot of people are starting otherwise asking in the comment for a LTS fix, without any response. The handling for LTS fixes of vulnerabilities is very diffuse. Sometimes there is no statement for a LTS fix at all, so you hope when upgrading the minor version of a LTS will solve it, but you never know. This is not helpful to keep/build the trust in the application. h3. Suggested Solution You could extend your workflow in order to illustrate there is still bugfixing going on for a LTS, by another status, for example... h3. Workaround None |
UIS | Original: 6 | New: 9 |
Assignee | Original: Tomasz Prus [ a803384f6b1d ] | New: Daria Shatsylo [ 500376cac1e1 ] |
UIS | Original: 3 | New: 6 |