August 5, 2019 Fabien Potencier

As of Symfony 5.0, we are changing the way we manage security issues for standard releases. A standard release is any minor version that is not a LTS release: so, versions X.0, X.1, x.2, and x.3.

For these standard releases, we will align the EOM (end of maintenance) date with the EOL (end of life) date. So, instead of having 14 months of security fixes, we will only have 8 months.

For instance, Symfony 4.3 EOM date is January 2020 and EOL date is July 2020. With the new rules, EOL would have been January 2020. Symfony 5.0 will be the first release to implement the change: EOM and EOL dates will be July 2020.

We are making this change as backporting (or forwardporting) security issue patches on these versions proved to be difficult and time consuming (the code might have diverged a lot from the previous LTS but also from the current maintained minor version). We think that this extra time spent doing that is not worth it as projects following standard versions upgrade fast.

To be clear, this change does not affect LTS releases (4.4, 5.4, ...).

The "Release Process" page in the documentation has been updated accordingly.