Phoenix: LTS release?

Hi all,

Is there any “Long Term Support” (only bug fixes) release of Phoenix available?

What’s the frequency of major releases?

There has only been a single major release in phoenix so far. It was 1.0.0. Every release that only increases the last number is considered a bug fix release.

Feature releases (which increase the number in the middle) happen when the features are done. As far as I know there is no release or deprecation schedule for phoenix.

2 Likes

2018-11-08 1.4.0 https://github.com/phoenixframework/phoenix/releases/tag/v1.4.0
2017-07-28 1.3.0 https://github.com/phoenixframework/phoenix/releases/tag/v1.3.0
2016-06-23 1.2.0 https://github.com/phoenixframework/phoenix/releases/tag/v1.2.0
2015-12-16 1.1.0 https://github.com/phoenixframework/phoenix/releases/tag/v1.1.0
2015-08-28 1.0.0 https://github.com/phoenixframework/phoenix/releases/tag/v1.0.0

1 Like

OK!

Branch 1.3: Latest commit be1405f on 13 Jul 2018.
Branch 1.2: Latest commit ee1fa2a on 27 Jul 2017.

Then I understand that Phoenix < 1.4 is no longer being updated
… and it is a potential security vulnerability.

Thank you so much!

As phoenix is mostly a wrapper around plug and cowboy I do not consider phoenix the security problem. Just keep its dependencies up to date, that should suffice.

Anyway, you need to keep things up to date, and usually you can just bump from 1.x to 1.x+1 without any issues, since every elixir library should follow SemVer. Ofcourse there are migration guides, which explain how to move old deprecated things to the new shiny replacements, but they are optional. Also those migration guiides might move files around as happened with 1.1 to 1.2 (IIRC), but again, the old way to organize files from 1.0 should still work today (maybe you need to change some options which have other defaults today to make it actually work)

2 Likes

I don’t understand why people always assume that no changes is the same as not secure. One could argue about that if there were indeed security issues in phoenix codebase of those versions, but why update something if there’s no need to?

3 Likes

I understand that no further updates will be offered for Phoenix < 1.4.

It’s a matter of time before a security breach occurs.

I could be wrong.

The other way to view it is that there have been continuous updates since Phoenix 1.0, culminating in 1.4.

3 Likes

When you say that, it sounds like its meant negatively…

There is no LTS necessary as SemVer allows to bump to the next minor release and the code should not brake.

1 Like

I’m so sorry, it was not my intention.
It was a simple conclusion. (neutral/realistic).
Anyway, let me apologize.

2 Likes