Devs - We have an unfortunate situation where we may need to break our commitment, previously communicated, to support at least two Releases. i.e. The current one and the last one.
We previously communicated that we would only look at fixes for the last two releases. Thus, if you are following along, our release 1.9.0 and our release 1.8.4 are - by our internal policy - the two valid releases that we show on the download list. This means that when we get a report of a critical issue, we fix the current release, and we fix the one before that. We move all other releases to the archive. They are not fixed. If there is a published CVE then the CVE details are public and likely exist in previous Releases and, therefore, well known to the world. We urge everyone to patch and to update to keep your data and your deployments safe. Always. So... Unless we can get a 1.8.5 out immediately, I am PROPOSING and thereby giving NOTICE now that we should be removing 1.8.4 from our "valid release" designation in the next 10 days. By implication, we already moved 1.7.x to EOL when we released 1.9.0. I hope everyone is following along well. If you disagree with this, please comment now. If you want to help Victor get 1.8.5 out, you can contact him on this list. I would like to facilitate a situation which is better. James