> > So that means 3.0.12, released March 1, 2012 is out of maintenance, is > that right? (no pun intended, I'm trying to ensure I can advise my clients > accordingly). > > > In that case the back port was really easy, and so we did it. The next > time a vulnerability comes up it may be just that simple, however you > shouldn't be relying on that. > > Fundamentally we're not going to refuse to spend 10 minutes with git > cherry-pick in order to 'stick with policy'. However if it's something > hairy, we're not staking our reputation on it. >
It makes sense; thanks for clarifying this! -- Thibaut -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-core/-/D__noVkWabIJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
