From 3bf8ce67a4cea58e4d4b5ac88482f91a075f6d59 Mon Sep 17 00:00:00 2001 From: Robert Newson Date: Fri, 2 Aug 2024 13:15:42 +0100 Subject: [PATCH] CVE backport policy --- src/docs/src/cve/index.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/docs/src/cve/index.rst b/src/docs/src/cve/index.rst index 8807d04a91f..9e5f9df1565 100644 --- a/src/docs/src/cve/index.rst +++ b/src/docs/src/cve/index.rst @@ -16,6 +16,13 @@ Security Issues / CVEs ====================== +In the event of a CVE, the Apache CouchDB project will publish a fix as +a patch to the current release series and its immediate predecessor only +(e.g, if the current release is 3.3.3 and the predecessor is 3.2.3, we +would publish a 3.3.4 release and a 3.2.4 release). + +Further backports may be published at our discretion. + .. toctree:: :maxdepth: 1 :glob: