Originally posted on silverstripe.org
SilverStripe has published security releases for many years, with a well defined security release process. Each security issue we’ve identified was assigned an identifier, and a severity rating. Both of these were custom markers which we’ve applied based on our context. We’re adjusting this to be more in-line with large open source projects, which are depended on by thousands of organisations around the globe. We are also taking this opportunity to redefine how security fixes are handled in “Limited Support” release lines such as SilverStripe 3.x.