Why we do not remove old releases

When a Silverstripe CMS version reaches end of life, we will no longer remove unsupported releases from github and packagist. Reasons why we keep out of support releases available:

  • Any users still on an unsupported release do not have their production deployments suddenly break
  • We don’t need to make as many changes to Travis config. Otherwise, if we did remove unsupported versions, then our automated build suite configuration, managed through TravisCI, would break if we did not update the config.

Downsides associated with keeping out of support branches:

  • Users mistakenly think the releases are still supported and keep using them in production despite potential security vulnerabilities
  • Existing PR’s to old branches and issues on old branches clutter up github
  • Existing PR to old branches may still get accidentally looked at and merged which is a waste of time

To mitigate these downsides, we may choose to close github PR’s and issues associated with out of support branches to reduce clutter. We may also retarget PR’s to branches that are still in support if the issue warrants it, such as a critical security vulnerability.