Re: Django security releases issued: 4.0.4, 3.2.13, and 2.2.28

[אורי]

Hi,

Even if you decide to use only LTS releases, it's about time you upgrade to
3.2. There may be possibly another security patch of Django 2.2 released
before the end of the month (April 30), but from my experience even
security patches are applied not more than once a month, and therefore it's
not expected to release another security patch this month (April). You can
still use Django 2.2 at least until April 30, or even later, but if you
want to use a supported version then it's time to upgrade. The next time a
security patch is released, and it's not released to 2.2, then it will
definitely be the time to upgrade to at least Django 3.2.

Uri Rodberg, Speedy Net.
אורי
u...@speedy.net


On Mon, Apr 11, 2022 at 12:09 PM Wim Feijen  wrote:

> Hi,
>
> Thanks for the release!
>
> This has not directly to do with the security release, but I have a
> question about this remark: "Django 2.2 has reached the end of extended
> support. The final security release (2.2.28) was issued today. "
>
> As I understood it, Django 2.2 will be supported until the end of April,
> meaning the 30th of April will be the last day of support. Because the
> Django release cycle is once every eight months, and years are divided into
> four parts, so the support windows runs up to 1 May. Am I correct in this?
> Our internal update policies are based on this assumption, so it matters a
> lot to us.
>
> Thanks for your clarification,
>
> Wim
>
> Op maandag 11 april 2022 om 09:57:16 UTC+2 schreef Mariusz Felisiak:
>
>> Details are available on the Django project weblog:
>>
>> https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/1e932359-0072-4ba0-96ae-a76bbbc25245n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGZhYkfKpsbxX8yMo6MhrHFsrNEqJc3FO3TZONPS%3DxO1A%40mail.gmail.com.

Re: Django security releases issued: 4.0.4, 3.2.13, and 2.2.28

['Adam Johnson' via Django developers (Contributions to Django itself)]

>
> As I understood it, Django 2.2 will be supported until the end of April,
> meaning the 30th of April will be the last day of support. Because the
> Django release cycle is once every eight months, and years are divided into
> four parts, so the support windows runs up to 1 May. Am I correct in this?
> Our internal update policies are based on this assumption, so it matters a
> lot to us.


I think the answer here is: we don't commit to which day in the month is
the day that support ends.

Carlton summarized this on Twitter (
https://mobile.twitter.com/carltongibson/status/1501097294954905600 )
recently:

PSA: If you need to know the **exact** day LTS support ends, you waited too
> long.
>
> Django 2.2 is EOL next month folks.
>

Typically security/bugfix releases are monthly, near the start of the
month. So announcing this release as the end of support is to be expected.

My personal advice is to not use LTS releases, and upgrade to each new
feature version. There's not really a huge difference in stability, and
you'll reduce the risk by upgrading more frequently.

On Mon, Apr 11, 2022 at 10:09 AM Wim Feijen  wrote:

> Hi,
>
> Thanks for the release!
>
> This has not directly to do with the security release, but I have a
> question about this remark: "Django 2.2 has reached the end of extended
> support. The final security release (2.2.28) was issued today. "
>
> As I understood it, Django 2.2 will be supported until the end of April,
> meaning the 30th of April will be the last day of support. Because the
> Django release cycle is once every eight months, and years are divided into
> four parts, so the support windows runs up to 1 May. Am I correct in this?
> Our internal update policies are based on this assumption, so it matters a
> lot to us.
>
> Thanks for your clarification,
>
> Wim
>
> Op maandag 11 april 2022 om 09:57:16 UTC+2 schreef Mariusz Felisiak:
>
>> Details are available on the Django project weblog:
>>
>> https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/1e932359-0072-4ba0-96ae-a76bbbc25245n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAMyDDM2LKGWGUekzuOTc%2BR8FGGZBwV93AOv4WGfsgoy-S_CFtQ%40mail.gmail.com.

Re: Django security releases issued: 4.0.4, 3.2.13, and 2.2.28

[Wim Feijen]

Hi, 

Thanks for the release!

This has not directly to do with the security release, but I have a 
question about this remark: "Django 2.2 has reached the end of extended 
support. The final security release (2.2.28) was issued today. "

As I understood it, Django 2.2 will be supported until the end of April, 
meaning the 30th of April will be the last day of support. Because the 
Django release cycle is once every eight months, and years are divided into 
four parts, so the support windows runs up to 1 May. Am I correct in this? 
Our internal update policies are based on this assumption, so it matters a 
lot to us. 

Thanks for your clarification,

Wim

Op maandag 11 april 2022 om 09:57:16 UTC+2 schreef Mariusz Felisiak:

> Details are available on the Django project weblog:
>
> https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/1e932359-0072-4ba0-96ae-a76bbbc25245n%40googlegroups.com.

Django security releases issued: 4.0.4, 3.2.13, and 2.2.28

[Mariusz Felisiak]

Details are available on the Django project weblog:

https://www.djangoproject.com/weblog/2022/apr/11/security-releases/

--
You received this message because you are subscribed to the Google Groups "Django 
developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/ff3a4a17-2a7e-7215-a5d1-ec4a17b79636%40gmail.com.