...
When a CVE is identified, the security team requires a private, expedited release process to address the issue. Users also need a release that is constrained to fixing only the CVE to minimize upgrade risk and downtime. Therefore, when a security release is required, the security team will review the proposed patch privately with a minimum of two (2) LGTMs required per our release principles. The patch will be forward merged to every impacted regular and LTS release currently supported – incrementing the security patch number. The security team will then create a release candidate for each security release and vote on each release candidate according to the community's bylaws. Security issues should be reported to security@apache.org
Release | Type | Release Date | EOL |
---|---|---|---|
4.9.0 | Regular | 25 July 2016 | |
4.9.1.0 | LTS | 15 December 2016 | 1 July 2018 |
4.9.2.0 | LTS | 6 January 2017 | 1 July 2018 |
4.9.3.0 | LTS | 11 September 2017 | 1 July 2018 |
4.11.0.0 | LTS | 12 February 2018 | 1 July 2019 |
4.11.1.0 | LTS | 2 July 2018 | |
4.11.2.0 | LTS | 26 November 2018 | |
4.11.3.0 | LTS | 13 Jul 2019 | |
4.12.0.0 | Regular | 4 April 2019 | |
4.13.0.0 | LTS | 24 September 2019 | 1 May 2021 |
4.13.1.0 | LTS | 2 May 2020 | 1 May 2021 |
4.14.0.0 | LTS | 26 May 2020 | 1 Jan 2022 |
4.14.1.0 | LTS | 3 March 2020 | 1 Jan 2022 |
4.15.0.0 | LTS | 19 Jan 2021 | 1 July 2022 |
4.15.1.0 | LTS | 1 July 2022 | |
4.15.2.0 | LTS | 1 July 2022 | |
4.16.0.0 | LTS | 15 November 2021 | 1 June 2023 |
4.16.1.0 | LTS | 1 June 2023 | |
4.17.0.0 | LTS | 7 June 2022 | 1 Jan 2024 |
4.17.1.0 | LTS | 1 Jan 2024 |
Notes:
...