CINXE.COM

<!DOCTYPE html> <html lang="en-gb" dir="ltr"> <head> <meta charset="utf-8"> <meta name="twitter:description" content="1. Introduction This strategy document sets out what the community of Joomla users, from ordinary non-technical users through to high-level technical developers, can expect from the products that..."> <meta name="twitter:title" content="Joomla! Development Strategy"> <meta name="author" content="Production Leadership Team"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="apple-mobile-web-app-status-bar-style" content="blue"> <meta name="twitter:card" content="summary_large_image"> <meta name="twitter:site" content="@joomla"> <meta name="twitter:image" content="https://cdn.joomla.org/images/sharing/joomla-twitter-card.png"> <meta name="referrer" content="unsafe-url"> <meta property="og:description" content="1. Introduction This strategy document sets out what the community of Joomla users, from ordinary non-technical users through to high-level technical developers, can expect from the products that..."> <meta property="og:title" content="Joomla! Development Strategy"> <meta property="og:type" content="article"> <meta property="og:url" content="https://developer.joomla.org/development-strategy.html"> <meta property="og:site_name" content="Joomla! Developer Network™"> <meta property="og:image" content="https://cdn.joomla.org/images/sharing/joomla-org-og.jpg"> <meta name="generator" content="Joomla! - Open Source Content Management"> <title>Joomla! Development Strategy</title> <link href="/templates/joomla/images/apple-touch-icon-180x180.png" rel="apple-touch-icon" sizes="180x180"> <link href="/templates/joomla/images/apple-touch-icon-152x152.png" rel="apple-touch-icon" sizes="152x152"> <link href="/templates/joomla/images/apple-touch-icon-144x144.png" rel="apple-touch-icon" sizes="144x144"> <link href="/templates/joomla/images/apple-touch-icon-120x120.png" rel="apple-touch-icon" sizes="120x120"> <link href="/templates/joomla/images/apple-touch-icon-114x114.png" rel="apple-touch-icon" sizes="114x114"> <link href="/templates/joomla/images/apple-touch-icon-76x76.png" rel="apple-touch-icon" sizes="76x76"> <link href="/templates/joomla/images/apple-touch-icon-72x72.png" rel="apple-touch-icon" sizes="72x72"> <link href="/templates/joomla/images/apple-touch-icon-57x57.png" rel="apple-touch-icon" sizes="57x57"> <link href="/templates/joomla/images/apple-touch-icon.png" rel="apple-touch-icon"> <link href="https://developer.joomla.org/search.opensearch" rel="search" title="OpenSearch Joomla! Developer Network™" type="application/opensearchdescription+xml"> <link href="/templates/joomla/favicon.ico" rel="icon" type="image/vnd.microsoft.icon"> <link href="/media/system/css/joomla-fontawesome.min.css?dde9c780ad8e78890daeddcd06b19d2b" rel="stylesheet" /> <link href="https://cdn.joomla.org/template/css/template_4.0.9.min.css?dde9c780ad8e78890daeddcd06b19d2b" rel="stylesheet" /> <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;700&display=swap" rel="stylesheet" crossorigin="anonymous" /> <link href="/media/vendor/awesomplete/css/awesomplete.css?1.1.5" rel="stylesheet" /> <link href="/media/vendor/joomla-custom-elements/css/joomla-alert.min.css?0.2.0" rel="stylesheet" /> <link href="/media/templates/site/joomla/css/custom.css?dde9c780ad8e78890daeddcd06b19d2b" rel="stylesheet" /> <link href="/media/joomlarrssb/css/rrssb.css?dde9c780ad8e78890daeddcd06b19d2b" rel="stylesheet" /> <link href="/media/joomlarrssb/css/joomla.css?dde9c780ad8e78890daeddcd06b19d2b" rel="stylesheet" /> <script src="/media/templates/site/joomla/js/blockadblock.js?3.2.1" defer></script> <script src="/media/templates/site/joomla/js/js.cookie.js?2.1.4" defer></script> <script src="/media/vendor/jquery/js/jquery.min.js?3.7.1"></script> <script src="/media/legacy/js/jquery-noconflict.min.js?647005fc12b79b3ca2bb30c059899d5994e3e34d"></script> <script src="/media/vendor/skipto/js/skipto.min.js?4.1.7" defer></script> <script src="/media/templates/site/joomla/js/template.js?dde9c780ad8e78890daeddcd06b19d2b" defer></script> <script src="/media/mod_menu/js/menu-es5.min.js?dde9c780ad8e78890daeddcd06b19d2b" nomodule defer></script> <script type="application/json" class="joomla-script-options new">{"skipto-settings":{"settings":{"skipTo":{"enableActions":false,"enableHeadingLevelShortcuts":false,"accesskey":"9","displayOption":"popup","buttonLabel":"Keyboard Navigation","buttonTooltipAccesskey":"Access key is $key","landmarkGroupLabel":"Landmarks","headingGroupLabel":"Page Outline","mofnGroupLabel":" ($m of $n)","headingLevelLabel":"Heading level","mainLabel":"Main","searchLabel":"Search","navLabel":"Navigation","regionLabel":"Region","asideLabel":"Aside","footerLabel":"Footer","headerLabel":"Header","formLabel":"Form","msgNoLandmarksFound":"No landmarks to skip to","msgNoHeadingsFound":"No headings to skip to","headings":"h1, h2, h3","landmarks":"main, nav, search, aside, header, footer, form","attachElement":".navigation"}}},"joomla.jtext":{"MOD_FINDER_SEARCH_VALUE":"Search …","JLIB_JS_AJAX_ERROR_OTHER":"An error has occurred while fetching the JSON data: HTTP %s status code.","JLIB_JS_AJAX_ERROR_PARSE":"A parse error has occurred while processing the following JSON data:<br><code style=\"color:inherit;white-space:pre-wrap;padding:0;margin:0;border:0;background:inherit;\">%s<\/code>","ERROR":"Error","MESSAGE":"Message","NOTICE":"Notice","WARNING":"Warning","JCLOSE":"Close","JOK":"OK","JOPEN":"Open"},"finder-search":{"url":"\/component\/finder\/?task=suggestions.suggest&format=json&tmpl=component&Itemid=435"},"system.paths":{"root":"","rootFull":"https:\/\/developer.joomla.org\/","base":"","baseFull":"https:\/\/developer.joomla.org\/"},"csrf.token":"28c5cfff58f1e7a80952590feb5d9da3"}</script> <script src="/media/system/js/core.min.js?37ffe4186289eba9c5df81bea44080aff77b9684"></script> <script src="/media/vendor/bootstrap/js/bootstrap-es5.min.js?5.3.2" nomodule defer></script> <script src="/media/com_finder/js/finder-es5.min.js?e6d3d1f535e33b5641e406eb08d15093e7038cc2" nomodule defer></script> <script src="/media/system/js/messages-es5.min.js?c29829fd2432533d05b15b771f86c6637708bd9d" nomodule defer></script> <script src="/media/vendor/bootstrap/js/collapse.min.js?5.3.2" type="module"></script> <script src="/media/vendor/bootstrap/js/dropdown.min.js?5.3.2" type="module"></script> <script src="/media/vendor/awesomplete/js/awesomplete.min.js?1.1.5" defer></script> <script src="/media/com_finder/js/finder.min.js?a2c3894d062787a266d59d457ffba5481b639f64" type="module"></script> <script src="/media/system/js/messages.min.js?7f7aa28ac8e8d42145850e8b45b3bc82ff9a6411" type="module"></script> <script src="/media/joomlarrssb/js/rrssb.min.js?dde9c780ad8e78890daeddcd06b19d2b"></script> <script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"https:\/\/developer.joomla.org\/","name":"Home"}},{"@type":"ListItem","position":2,"item":{"@id":"https:\/\/developer.joomla.org\/news.html","name":"News"}},{"@type":"ListItem","position":3,"item":{"name":"Joomla! Development Strategy"}}]}</script> <script> var _prum = [['id', '59300ad15992c776ad970068'], ['mark', 'firstbyte', (new Date()).getTime()]]; (function() { var s = document.getElementsByTagName('script')[0] , p = document.createElement('script'); p.async = 'async'; p.src = 'https://rum-static.pingdom.net/prum.min.js'; s.parentNode.insertBefore(p, s); })(); </script> </head> <body class="site com_content view-article layout-blog task-display itemid-465">  <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-WJ36D4" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-WJ36D4');</script>   <nav class="navigation" role="navigation" aria-label="Cross Site Menu"> <div id="mega-menu" class="navbar navbar-expand-md py-md-1"> <div class="container-xxl"> <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#primaryMenu" aria-controls="primaryMenu" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div class="navbar-collapse collapse" id="primaryMenu"> <ul id="nav-joomla" class="navbar-nav"> <li class="dropdown"> <button type="button" class="btn dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> <span dir="ltr"><span aria-hidden="true" class="fab fa-joomla"></span> Joomla!<sup>®</sup></span> <span class="caret"></span> </button> <ul class="dropdown-menu"> <li class="dropdown-item nav-header"><span>About us</span></li> <li> <a class="dropdown-item" href="https://www.joomla.org"> <span aria-hidden="true" class="icon-joomla"></span> Joomla Home </a> </li> <li><a class="dropdown-item" href="https://www.joomla.org/about-joomla.html">What is Joomla?</a></li> <li><a class="dropdown-item" href="https://www.joomla.org/core-features.html">Benefits & Features</a></li> <li><a class="dropdown-item" href="https://www.joomla.org/about-joomla/the-project.html">Project & Leadership</a></li> <li><a class="dropdown-item" href="https://tm.joomla.org">Trademark & Licensing</a></li> <li><a class="dropdown-item" href="https://joomlafoundation.org">The Joomla Foundation</a></li> <li class="dropdown-divider"></li> <li class="dropdown-item nav-header"><span>Support us</span></li> <li><a class="dropdown-item" href="https://www.joomla.org/contribute-to-joomla.html">Contribute</a></li> <li><a class="dropdown-item" href="https://www.joomla.org/sponsor.html">Sponsor</a></li> <li><a class="dropdown-item" href="https://www.joomla.org/about-joomla/partners.html">Partner</a></li> <li><a class="dropdown-item" href="https://shop.joomla.org">Shop</a></li> </ul> </li> <li class="dropdown"> <button type="button" class="btn dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Download & Extend <span class="caret"></span> </button> <ul class="dropdown-menu"> <li><a class="dropdown-item" href="https://downloads.joomla.org">Downloads</a></li> <li><a class="dropdown-item" href="https://extensions.joomla.org">Extensions</a></li> <li><a class="dropdown-item" href="https://community.joomla.org/translations.html">Languages</a></li> <li><a class="dropdown-item" href="https://launch.joomla.org">Get a free site</a></li> <li><a class="dropdown-item" href="https://domains.joomla.org">Get a domain</a></li> </ul> </li> <li class="dropdown"> <button type="button" class="btn dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Discover & Learn <span class="caret"></span> </button> <ul class="dropdown-menu"> <li><a class="dropdown-item" href="https://docs.joomla.org">Documentation</a></li> <li><a class="dropdown-item" href="https://community.joomla.org/joomla-training.html">Training</a></li> <li><a class="dropdown-item" href="https://certification.joomla.org">Certification</a></li> <li><a class="dropdown-item" href="https://showcase.joomla.org">Site Showcase</a></li> <li><a class="dropdown-item" href="https://www.joomla.org/announcements.html">Announcements</a></li> <li><a class="dropdown-item" href="https://community.joomla.org/blogs.html">Blogs</a></li> <li><a class="dropdown-item" href="https://magazine.joomla.org">Magazine</a></li> </ul> </li> <li class="dropdown"> <button type="button" class="btn dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Community & Support <span class="caret"></span> </button> <ul class="dropdown-menu"> <li><a class="dropdown-item" href="https://community.joomla.org">Community Portal</a></li> <li><a class="dropdown-item" href="https://community.joomla.org/events.html">Events</a></li> <li><a class="dropdown-item" href="https://community.joomla.org/user-groups.html">User Groups</a></li> <li><a class="dropdown-item" href="https://forum.joomla.org">Forum</a></li> <li><a class="dropdown-item" href="https://community.joomla.org/service-providers-directory.html">Service Providers Directory</a></li> <li><a class="dropdown-item" href="https://volunteers.joomla.org">Volunteers Portal</a></li> <li><a class="dropdown-item" href="https://extensions.joomla.org/vulnerable-extensions/vulnerable/">Vulnerable Extensions List</a></li> </ul> </li> <li class="dropdown"> <button type="button" class="btn dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Developer Resources <span class="caret"></span> </button> <ul class="dropdown-menu"> <li><a class="dropdown-item" href="https://developer.joomla.org">Developer Network</a></li> <li><a class="dropdown-item" href="https://developer.joomla.org/security.html">Security Centre</a></li> <li><a class="dropdown-item" href="https://issues.joomla.org">Issue Tracker</a></li> <li><a class="dropdown-item" href="https://github.com/joomla">GitHub</a></li> <li><a class="dropdown-item" href="https://api.joomla.org">API Documentation</a></li> <li><a class="dropdown-item" href="https://framework.joomla.org"><span dir="ltr">Joomla!</span> Framework</a></li> </ul> </li> </ul> <div id="nav-search" class="navbar-search float-md-end"> <form class="mod-finder js-finder-searchform form-search" action="/search.html" method="get" role="search"> <label for="mod-finder-searchword84" class="visually-hidden finder">Search</label><input type="text" name="q" id="mod-finder-searchword84" class="js-finder-search-query form-control" value="" placeholder="Search …"> </form> </div> </div> </div> </div> </nav>  <header class="header"> <div class="container-md"> <div class="row"> <div class="col-md-7"> <h1 class="page-title"> <a href="/"> <img height="50px;" src="https://cdn.joomla.org/images/joomla-colours-logo.svg" alt="Joomla!" class="site-logo me-2 mb-1"> Developer Network™ </a> </h1> </div> <div class="col-md-5"> <div class="btn-toolbar pt-md-1 row"> <div class="btn-group col-6"> <a href="https://downloads.joomla.org/" class="btn btn-lg btn-warning">Download</a> </div> <div class="btn-group col-6"> <a href="https://launch.joomla.org" class="btn btn-lg btn-primary">Launch<span aria-hidden="true" class="icon-rocket"></span></a> </div> </div> </div> </div> </div> </header> <nav class="subnav-wrapper" aria-label="Primary Menu"> <div class="subnav"> <div class="container-md"> <ul class="mod-menu mod-list nav nav-pills"> <li class="nav-item item-435 default"><a href="/" class="nav-link">Home</a></li><li class="nav-item item-465 current active"><a href="/news.html" class="nav-link" aria-current="location">News</a></li><li class="nav-item item-743"><a href="/roadmap.html" class="nav-link">Project Roadmap</a></li><li class="nav-item item-479 parent"><a href="/cms.html" class="nav-link">CMS</a></li><li class="nav-item item-478 parent"><a href="/framework.html" class="nav-link">Framework</a></li><li class="nav-item item-480 parent"><a href="/tracker.html" class="nav-link">Tracker</a></li><li class="nav-item item-482 parent"><a href="/about.html" class="nav-link">About</a></li><li class="nav-item item-516"><a href="/security.html" class="nav-link">Security</a></li></ul> </div> </div> </nav>  <div class="body"> <div class="container"> <div class="row"> <main id="content" class="col-md-9">  <div id="system-message-container" aria-live="polite"></div> <div class="com-content-article item-page" itemscope itemtype="https://schema.org/Article"> <meta itemprop="inLanguage" content="en-GB"> <div class="page-header"> <h1> News </h1> </div> <div class="page-header"> <h2 itemprop="headline"> Joomla! Development Strategy </h2> </div> <dl class="article-info text-muted"> <dt class="article-info-term"> Details </dt> <dd class="published"> <span class="icon-calendar icon-fw" aria-hidden="true"></span> <time datetime="2014-04-25T16:57:00+00:00" itemprop="datePublished"> Published: 25 April 2014 </time> </dd> </dl> <div itemprop="articleBody" class="com-content-article__body"> <div class="share-container"> <ul class="rrssb-buttons clearfix"> <li class="rrssb-facebook"> <a href="https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fjoom.la%2FhCA" class="popup"> <span class="rrssb-icon"> <svg xmlns="http://www.w3.org/2000/svg" preserveAspectRatio="xMidYMid" width="29" height="29" viewBox="0 0 29 29"> <path d="M26.4 0H2.6C1.714 0 0 1.715 0 2.6v23.8c0 .884 1.715 2.6 2.6 2.6h12.393V17.988h-3.996v-3.98h3.997v-3.062c0-3.746 2.835-5.97 6.177-5.97 1.6 0 2.444.173 2.845.226v3.792H21.18c-1.817 0-2.156.9-2.156 2.168v2.847h5.045l-.66 3.978h-4.386V29H26.4c.884 0 2.6-1.716 2.6-2.6V2.6c0-.885-1.716-2.6-2.6-2.6z" class="cls-2" fill-rule="evenodd" /> </svg> </span> <span class="rrssb-text">facebook</span> </a> </li> <li class="rrssb-twitter"> <a href="https://twitter.com/intent/tweet?text=Joomla%21+Development+Strategy%3A+https%3A%2F%2Fjoom.la%2FhCA" class="popup"> <span class="rrssb-icon"> <svg xmlns="http://www.w3.org/2000/svg" width="28" height="28" viewBox="0 0 28 28"> <path d="M24.253 8.756C24.69 17.08 18.297 24.182 9.97 24.62c-3.122.162-6.22-.646-8.86-2.32 2.702.18 5.375-.648 7.507-2.32-2.072-.248-3.818-1.662-4.49-3.64.802.13 1.62.077 2.4-.154-2.482-.466-4.312-2.586-4.412-5.11.688.276 1.426.408 2.168.387-2.135-1.65-2.73-4.62-1.394-6.965C5.574 7.816 9.54 9.84 13.802 10.07c-.842-2.738.694-5.64 3.434-6.48 2.018-.624 4.212.043 5.546 1.682 1.186-.213 2.318-.662 3.33-1.317-.386 1.256-1.248 2.312-2.4 2.942 1.048-.106 2.07-.394 3.02-.85-.458 1.182-1.343 2.15-2.48 2.71z" /> </svg> </span> <span class="rrssb-text">twitter</span> </a> </li> <li class="rrssb-linkedin"> <a href="http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fjoom.la%2FhCA&title=Joomla%21+Development+Strategy&summary=1.+Introduction+This+strategy+document+sets+out+wh..." class="popup"> <span class="rrssb-icon"> <svg xmlns="http://www.w3.org/2000/svg" width="28" height="28" viewBox="0 0 28 28"> <path d="M25.424 15.887v8.447h-4.896v-7.882c0-1.98-.71-3.33-2.48-3.33-1.354 0-2.158.91-2.514 1.802-.13.315-.162.753-.162 1.194v8.216h-4.9s.067-13.35 0-14.73h4.9v2.087c-.01.017-.023.033-.033.05h.032v-.05c.65-1.002 1.812-2.435 4.414-2.435 3.222 0 5.638 2.106 5.638 6.632zM5.348 2.5c-1.676 0-2.772 1.093-2.772 2.54 0 1.42 1.066 2.538 2.717 2.546h.032c1.71 0 2.77-1.132 2.77-2.546C8.056 3.593 7.02 2.5 5.344 2.5h.005zm-2.48 21.834h4.896V9.604H2.867v14.73z" /> </svg> </span> <span class="rrssb-text">linkedin</span> </a> </li> <li class="rrssb-pinterest"> <a href="https://pinterest.com/pin/create/button/?url=https%3A%2F%2Fjoom.la%2FhCA&media=https%3A%2F%2Fcdn.joomla.org%2Fimages%2Fjoomla-org-og.jpg&description=Joomla%21+Development+Strategy"> <span class="rrssb-icon"> <svg xmlns="http://www.w3.org/2000/svg" width="28" height="28" viewBox="0 0 28 28"> <path d="M14.02 1.57c-7.06 0-12.784 5.723-12.784 12.785S6.96 27.14 14.02 27.14c7.062 0 12.786-5.725 12.786-12.785 0-7.06-5.724-12.785-12.785-12.785zm1.24 17.085c-1.16-.09-1.648-.666-2.558-1.22-.5 2.627-1.113 5.146-2.925 6.46-.56-3.972.822-6.952 1.462-10.117-1.094-1.84.13-5.545 2.437-4.632 2.837 1.123-2.458 6.842 1.1 7.557 3.71.744 5.226-6.44 2.924-8.775-3.324-3.374-9.677-.077-8.896 4.754.19 1.178 1.408 1.538.49 3.168-2.13-.472-2.764-2.15-2.683-4.388.132-3.662 3.292-6.227 6.46-6.582 4.008-.448 7.772 1.474 8.29 5.24.58 4.254-1.815 8.864-6.1 8.532v.003z" /> </svg> </span> <span class="rrssb-text">pinterest</span> </a> </li> </ul> </div> <h2>1. Introduction</h2> <p>This strategy document sets out what the community of Joomla users, from ordinary non-technical users through to high-level technical developers, can expect from the products that come under the umbrella of the Joomla project.</p> <p>This is primarily about how we approach and manage change: how we adapt, develop and grow our products in an ever-changing technological landscape; how we communicate to our users and contributors what to expect from our products as they change from one release to the next; and how we guide our contributors towards making the future changes that we want as a community.</p> <p>The stakeholders in our project have widely varying needs and a balance must be struck between, at one extreme, those for whom any change is unwelcome and all shades to the other extreme of those who thrive on continuous change. Change is essential if our products are to remain relevant to their intended users, so our goal is to manage that change in such a way that we minimise the disruption it can cause.</p> <p>Since the Joomla project is responsible for more than one product, this strategy is written to be as generic as possible and to allow new products to be added to our portfolio without forcing any extensive re-writes.</p> <p>This strategy builds on the substantial practical experience of a lot of people over the many years since the project's foundation. The reasoning behind what is written here, and the lessons learned in leading up to it, is outside the scope of the document itself and reference should be made to other sources for that commentary.</p> <h3>1.1 Executive Summary</h3> <p>This document is necessarily rather long because there is a lot of detail that needs to be covered, which means that unfortunately, many people will not read all of it. Recognising that reality, this section attempts to summarise what you need to know and point you to the appropriate sections for additional information.</p> <p>These are the key points of this strategy:</p> <ul> <li>The version numbering scheme is your key to understanding the degree of change inherent in a release. The version number is in three parts separated by dots: [major].[minor].[patch]. For example, 2.5.18 has a major number of 2, a minor number of 5 and a patch number of 18. A release which increments the major number is referred to as a major release; one that increments only the minor number is a minor release; and one that increments only the patch number is a patch release. Refer to our <a href="#release_policy">Release Policy</a> for further details.</li> <li>A release is said to be "backward compatible" with an earlier release if your system continues to work correctly when updated to that release even when other parts of your system were not updated at the same time. However, there are limits to what is covered by backward compatibility and you should read the <a href="#backward_compatibility">Backward Compatibility Policy</a> for the full details.</li> <li>A major release is the only kind of release where backward compatibility can be intentionally broken. A minor release may add new features and capabilities but it must be backward compatible with the release it replaces. Patch releases are for bug and security fixes only and will not break backward compatibility.</li> <li>Releases are either supported or they are not supported. When we say that a release is supported, we mean that all major issues and most minor issues will be addressed in a subsequent release. Refer to <a href="#support_policy">Support Policy</a> for further information.</li> <li>Within each major series, only the most recent minor release is supported. As soon as a new minor release is made, support for the previous minor release is ended.</li> <li>A major series may be declared end-of-life (and hence become unsupported) only after at least 2 years have elapsed since the most recent minor release in that series. What this means is that each time a minor release is made it resets the support clock for that series, thus ensuring that a major series will enjoy extended life for as long as there is sufficient interest in producing minor releases for it. Patch releases do not reset the support clock.</li> <li>There will always be a supported upgrade path from one version to any other subsequent version. By clearly defining what that upgrade path is, users can be more certain of a successful upgrade and developers will know exactly which upgrade paths must be tested. Refer to the <a href="#upgrade_policy">Upgrade Policy</a> for full details.</li> <li>We take security very seriously and we have a special team, the JSST, who review all reported issues and take the necessary action to mitigate or fix each confirmed issue. Refer to <a href="#security_policy">Security Policy</a> for further information.</li> <li>We welcome contributions, individual, collaborative or corporate, that will enhance our products for the benefit of the community. Refer to our <a href="#contributor_policy">Contributor Policy</a> for full details.</li> </ul> <h3>1.2 Mission</h3> <p>Our mission is to provide a flexible platform for digital publishing and collaboration.</p> <h3>1.3 Goals</h3> <p>To offer a stable and reliable platform for our current and future user base.</p> <p>To make innovation available to users and developers on a manageable basis.</p> <p>To make it easy for developers to contribute code to the project at any time.</p> <h3>1.4 Principles</h3> <p>Joomla tries to follow the slogan “power through simplicity” for all its developments. For this, we have five major principles inherent to the Joomla development strategy aimed at achieving our goals:</p> <h4>1.4.1 Stable master branches</h4> <p>It is critical to our mission that the master branch of each major version of a Joomla product is always stable and ready for a release within a short time. This is supported by our <a href="#contributor_policy">Contributor Policy</a>.</p> <h4>1.4.2 Predictable, incremental software releases</h4> <p>This is supported by our <a href="#release_policy">Release Policy</a> and <a href="#support_policy">Support Policy</a>.</p> <h4>1.4.3 Strong backward compatibility support</h4> <p>Backward compatibility for any software platform is a high priority. This is supported by our <a href="#backward_compatibility">Backward Compatibility Policy</a> and our <a href="#upgrade_policy">Upgrade Policy</a>.</p> <h4>1.4.4 Sound security policy</h4> <p>This is supported by our <a href="#security_policy">Security Policy</a>.</p> <h4>1.4.5 Open development process</h4> <p>Our development process is designed to be open and accessible for anyone who wishes to participate. We strive to create an environment where people work together to solve problems and bring innovative, fresh ideas to life in the software we produce.</p> <h2><a id="contributor_policy"></a>2. Contributor Policy</h2> <p>The following is a summary of the minimum requirements that must be met for code contributions to be considered for inclusion in a Joomla product.</p> <h3>2.1 Coding standards</h3> <p>All code submitted for merging must comply with the latest <a href="https://github.com/joomla/coding-standards#joomla-coding-standards">Coding Standards</a>.</p> <h3>2.2 Automated tests</h3> <p>Automated tests are used to isolate specific parts or features of the software and ensure that they behave correctly. All existing tests must pass before new code can be merged.</p> <h3>2.3 Additional tests for all new API classes and methods</h3> <p>Any new methods or classes added to an API must be accompanied by working unit tests to verify their correct behavior. This serves to help guarantee that not only the current code works, but that future changes do not cause an unstable master branch. Where appropriate, system tests should be created to verify expected behavior.</p> <h3>2.4 Documentation for all changes and additions to the code base</h3> <p>All classes and methods added to the code base must include thorough docblocks in the source code and explanatory text in the README.md file. Additional requirements, such as requirements for end user documentation, may be found in the CONTRIBUTING.md file.</p> <h3>2.5 Additional requirements for specific Joomla products</h3> <p>Contributions to a Joomla product such as the CMS might have additional requirements to those stated above. These could, for example, include help screens, language keys and a testable upgrade path. See the appropriate CONTRIBUTING.md for full details of any additional requirements.</p> <h2><a id="release_policy"></a>3. Release Policy</h2> <p>The Release Policy describes how each release fits into an overall release life-cycle and defines the milestones that it must reach during that life-cycle.</p> <h3>3.1 Software release life-cycle</h3> <p>The software release life cycle is composed of distinct phases and milestones that express the software's maturity as it advances from planning to development to release and support. Not every release will go through every possible phase. For example, patch releases will generally omit the alpha, beta and release candidate milestones.</p> <h4>3.1.1 Planning phase</h4> <p>The planning phase consists mostly of discussion with little or no actual software likely to be available. An idea for a new feature may take its first tentative steps towards implementation with the publication of a Request for Comments (RFC) document on one of the developer mailing lists. An RFC is a discussion of an idea and its potential implementation with an invitation for the wider community to get involved in further discussion, feedback and refinement of the idea.</p> <p>During the planning phase some code snippets or proof-of-concept implementations may be produced to demonstrate feasibility or to elicit further feedback and assessment of the idea.</p> <p>Releases made during this phase are sometimes referred to as “pre-alpha” releases.</p> <h4>3.1.2 Development and testing phase</h4> <p>During this phase software is being actively written, tested and documented according to the plan. This may be coordinated by a Production Working Group, particularly for the larger features, although it might also be an individual or small group effort with no project coordination.</p> <p>During this phase releases will be made that are labelled “alpha”, “beta” and “release candidate”.</p> <p>Although releases made during this phase may carry version numbers, these are subject to change up until the software enters the release phase.</p> <h4>3.1.3 Release phase</h4> <p>Software enters the release phase when the first "general availability" release becomes available. In this phase the code is considered to be of production quality and suitable for use by general users.</p> <p>Releases during this phase are subject to the version numbering scheme which mandates semantic versioning as explained in <a href="#version_numbering">3.3 Version numbering</a>.</p> <h3>3.2 Software milestones</h3> <p>There are four milestones in the Joomla Release Life Cycle: alpha, beta, release candidate, and general availability.</p> <h4>3.2.1 Alpha</h4> <p>The alpha milestone signifies that there is new technology in the software that is ready for testing, but that the software is not feature complete. Alpha software may also be used to demonstrate a possible combination of features to see if they work together successfully. Some features may be removed in later milestones.</p> <p>The target audience for an alpha release is the development community including third-party developers who may be affected by core changes or new features.</p> <p>Alpha software is not suitable for production environments.</p> <h4>3.2.2 Beta</h4> <p>The beta milestone is considered feature complete, but is still not considered suitable for production environments. The software is intended to be tested thoroughly for regressions, security and stability problems.</p> <p>Third-party extension developers should be testing their products against all beta releases and reporting any issues on the Issue Tracker. Waiting for a release candidate is too late.</p> <h4>3.2.3 Release Candidate (RC)</h4> <p>The purpose of a release candidate is to test the final packaging and release process to ensure that everything is ready for the software to move into the release phase with the first general availability release.</p> <p>It is important that third-party extension developers carry out final tests on all release candidates and report any bugs immediately. However, only significant “show stopper” bugs involving core software or the included extensions will be fixed in the release candidates. Issues that only affect third-party software will not be fixed at this stage. No features will be added or removed. A final decision on version number will have been made.</p> <p>Release candidates are considered complete and suitable for production environments, however they should only be deployed in production by knowledgeable people who understand the risks. A release candidate has the potential to be relabelled as a general availability release unless critical problems emerge.</p> <h4>3.2.4 General Availability (GA)</h4> <p>The general availability milestone indicates that the release is very stable and appropriate for end users.</p> <h3><a id="version_numbering"></a>3.3. Version numbering</h3> <p>A software release is the distribution of software code, documentation, and support materials. Each release carries a version identifier which is structured to give readers an idea of how it relates to other releases.</p> <p>Joomla strictly follows <a href="http://semver.org/spec/v2.0.0.html">Semantic Versioning (2.0.0)</a> and this document also uses the terminology defined there.</p> <p>In summary, the version identifiers for Joomla follow a three level numerical convention where the levels are defined by change significance.</p> <pre>major.minor[.patch]</pre> <p>where</p> <ol> <li>An increment in the major version identifier indicates a break in backward compatibility.</li> <li>An increment in the minor version identifier indicates the addition of new features or a significant change to existing features.</li> <li>An increment in the patch version identifier indicates that bugs have been fixed.</li> </ol> <p>Refer to the <a href="http://semver.org/spec/v2.0.0.html">SemVer</a> documentation for full details. Refer to <a href="#backward_compatibility">Backward Compatibility</a> for further information about what constitutes backward compatibility in our products.</p> <h2><a id="support_policy"></a>4. Support Policy</h2> <p>Support for software that the Joomla project officially distributes is subject to this Support Policy which sets out what you can expect in the way of bug and security fixes for each release of the software. In summary, only the latest minor release within a major series is supported. After at least two years of support with no further minor releases, the code may be declared end-of-life and hence unsupported.</p> <h3>4.1 Issue severity</h3> <p>All software contains bugs, but different bugs will elicit a different level of response on their discovery depending on the severity of the issue as reported. Bugs (often referred to as issues) are classified according to the following scale:</p> <table class="table table-bordered table-striped"> <thead> <tr> <th colspan="2">Priority</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>P1</td> <td>Major</td> <td>Issues which cause software to stop functioning (eg. PHP errors) or security issues classified as Critical or High.</td> </tr> <tr> <td>P2</td> <td>High</td> <td>Issues that seriously impede the operation of the software (eg. PHP notices, slow behaviour) or security issues classified as Moderate or Low.</td> </tr> <tr> <td>P3</td> <td>Normal</td> <td>Normal bug.</td> </tr> <tr> <td>P4</td> <td>Low</td> <td>Low level bug or annoyance.</td> </tr> </tbody> </table> <p>See the <a href="#security_policy">Security Policy</a> for a definition of the security levels.</p> <h3>4.2 Support definition</h3> <p>When a release is supported it means that all P1 and P2 bugs and most P3 and P4 bugs will be given due consideration and subsequently addressed. Mostly this will be done by issuing a patch release, however in some cases the issue may be addressed in the next minor or major release instead.</p> <p>For the CMS, whenever a new release is made there will always be a supported upgrade path. See <a href="#upgrade_policy">Upgrade Policy</a> .</p> <h3><a id="supported_releases"></a>4.3 Supported releases</h3> <p>Software goes through a life cycle of development, release, improvement, and support. These four steps are in a constant evolving state until the software reaches an announced EOL (end-of-life). All major versions will have a projected life cycle of 4 years or longer from its initial release date. Determining how long a major release will be supported takes into account the date of its first release, its release roadmap and the following factors.</p> <ul> <li>A major series will have an initial active development period of no less than 2 years, immediately followed by 2 years of support. Minor releases during the active development period will not affect EOL (end-of-life). (Predictable EOL)</li> <li>During the initial active development period of 2 years, a major series will have a roadmap of milestones. Near the end of the active development period, the roadmap for a major series may become an estimated calendar of future minor release dates if applicable.</li> <li>After the initial active development period, each new minor version release will reset the 2 year support clock for the major series. Minor releases after the initial active development period will affect the end-of-life date. (Estimated EOL)</li> <li>The latest minor release is the only supported version for that major series.</li> <li>Support for a minor release ends immediately when it is superseded by a new minor release in the same major series. (Example: Support for 3.3 will end as soon as 3.4 is released.)</li> <li>The Production Department Leadership will give at least 6 months notice of the estimated last minor release in a major series. This notice will be part of the roadmap as a soft target date of the final minor version release.</li> <li>A final EOL (end-of-life) announcement for a major series will occur 18 months after the last minor version for the major series has been released. At this point, you will have 6 months of support remaining until the major series is EOL and no longer supported.</li> </ul> <h4>4.3.1 Predictable EOL (end-of-life) for major versions</h4> <p>For a period of 2 years during the initial active development period, all major versions will have a predictable EOL (end-of-life) date. Minor releases during this period will not affect the end-of-life date.</p> <h4>4.3.2 Estimated EOL (end-of-life) for major versions</h4> <p>After the initial active development period of a major version, each new minor release will continue to reset a 2-year support clock. When a major version is out of its active development period, the EOL (end-of-life) date will become an estimated date. Minor releases may go on indefinitely.</p> <p>Refer to a major version’s roadmap for minor version releases after the initial active development period has ended. The major version’s roadmap may help determine planned future minor releases and their time frames if applicable.</p> <h4>4.3.3 Announcement of EOL (end-of-life) for major versions</h4> <p>The EOL (end-of-life) will be published so there is at least 6 months notice that a major version will reach end-of-life. The support period may, at the discretion of the Production Department Leadership, be extended indefinitely beyond the initial minor release 2-year period. All major releases declared to be EOL (end-of-life) will no longer be maintained by the Joomla project for either stability or security issues. Unofficial support for any unsupported software may be continued by the wider community but the Joomla project is under no obligation to assist such support in any way.</p> <h4>4.3.4 Patch releases for a minor version</h4> <p>Patch releases will not reset the support clock, nor affect the projected EOL (end-of-life) date.</p> <h4>4.3.5 Examples</h4> <ol> <li>Version 4.0 is released and will initially be given a support period of 2 years, plus the 2 years remaining in its initial development life cycle from its date of its release.</li> <ol> <li>4.1 is released 2 months after 4.0. 4.0 will no longer be supported and 4.1 will become the supported version.</li> <li>The end-of-life date will not change, even if 4.1 is the only minor version released in the 2 year active development period.</li> </ol> <li>Version 4.8 is released 2 years and 10 months after the initial major version release of 4.0.</li> <ol> <li>Version 4.8 is 10 months past the initial active development cycle of 2 years.</li> <li>Version 4.8 will have support for a period of 2 years from the release of this minor version.</li> <li>Major version 4 now has a total support release life of 4 years and 10 months from its initial release to its estimated end-of-life.</li> </ol> </ol> <p>Example chart of major version EOL (end-of-life) with time frames exaggerated.</p> <table class="table table-bordered table-striped"> <thead> <tr> <th>Release Date</th> <th>{Major}.{Minor}</th> <th>Remaining Development Life Cycle</th> <th>Major version<br />EOL (end-of-life)</th> </tr> </thead> <tbody> <tr> <td>January 2015</td> <td>4.0</td> <td>2 years</td> <td>January 2019 (Predictable)</td> </tr> <tr> <td>March 2015</td> <td>4.1</td> <td>22 months</td> <td>January 2019 (Predictable)</td> </tr> <tr> <td>December 2015</td> <td>4.2</td> <td>13 months</td> <td>January 2019 (Predictable)</td> </tr> <tr> <td>May 2016</td> <td>5.0</td> <td>2 years</td> <td>May 2020 (Predictable)</td> </tr> <tr> <td>December 2016</td> <td>4.3</td> <td>1 month</td> <td>January 2019 (Predictable)</td> </tr> <tr> <td>September 2017</td> <td>4.4</td> <td>0</td> <td>September 2019 (Estimated)</td> </tr> <tr> <td>December 2017</td> <td>5.1</td> <td>17 months</td> <td>May 2020 (Predictable)</td> </tr> <tr> <td>March 2018</td> <td>4.5</td> <td>0</td> <td>March 2020 (Estimated)</td> </tr> <tr> <td>June 2018</td> <td>5.2</td> <td>11 months</td> <td>May 2020 (Predictable)</td> </tr> <tr> <td>August 2019</td> <td>4.6</td> <td>0</td> <td>August 2021 (Estimated)</td> </tr> </tbody> </table> <h3>4.4 Development releases</h3> <p>All Alpha, Beta and Release Candidate releases (defined in SemVer as "pre-releases") must always be regarded as unsupported. It is entirely possible that these releases may contain serious bugs, security issues, forwards and backwards incompatibilities, entire features that are subsequently withdrawn, and so on. There will be no supported update or migration paths from a development release to any other release.</p> <h2><a id="upgrade_policy"></a>5. Upgrade Policy</h2> <p>This policy does not apply to the Joomla Framework.</p> <p>The goal for upgrading from one version of a product to any subsequent version will always be to make it is as simple and painless as possible. However, since it is not realistically possible to support direct upgrades from one arbitrary version to any other arbitrary version, this policy sets out the minimal upgrade path that will be supported.</p> <p>It is important to have this supported upgrade path because testing of this path should be carried out during the development of any new release and will be a requirement for acceptance of the code. Third-party extension developers should also be aware that this is the supported upgrade path so that they can ensure that their products can also be upgraded/migrated along the same path.</p> <p>An upgrade becomes a migration when there are significant backward-compatibility breaks either in the code, the data or the underlying platform (eg. PHP or MySQL) that make it difficult or impossible to upgrade a site "in-place". Instead, a new site with the later software needs to be installed, possibly on a more up-to-date platform. Then the data, configuration information and possibly some software is copied across to the newer site, with any required transformations applied.</p> <p>Although ideally migrations should be simple one-click affairs, they are significantly more complex due to the break in compatibility and it may be that users will need to follow a series of manual steps in order to successfully migrate a site.</p> <p>In summary, the supported upgrade path is always to first upgrade to the current fully-patched minor release in the major series currently in use, followed by a migration to the latest fully-patched minor release in the next sequential major series.</p> <h3>5.1 Patch releases</h3> <p>Patch releases must be capable of being applied by an automatic process with a very high probability of success.</p> <p>The supported upgrade path to the next sequential minor or major release assumes that all patches within the currently installed minor series have been applied.</p> <h3>5.2 Minor releases</h3> <p>Minor releases should be capable of being applied by a "one-click" upgrade process with a high probability of success. Since new features may have been added it is possible that a minor release will also introduce new bugs that will subsequently be addressed in patch releases. A minor release may reduce stability whereas a patch release should always increase it. Consequently, minor releases should normally be handled by a human who can run follow-up tests to ensure that the upgrade was successful.</p> <p>The supported upgrade path to the next sequential minor or major release assumes that all patches for the currently installed minor release have been applied. Once the currently installed minor release has been fully patched, the site can be upgraded to the next sequential minor release. Minor releases must be applied in sequence. For example, a site currently on release 4.3 cannot be upgraded directly to 4.6 without first upgrading to 4.4 and then to 4.5. These steps can, of course, be hidden behind a user interface so that the user is unaware of them.</p> <h3>5.3 Major releases</h3> <p>The release of a new major version effectively creates a temporary fork which persists until the older branch reaches end of life. During the period when both branches are supported, the supported upgrade/migration path will be from the current fully-patched minor release in the older branch to the current fully-patched minor release in the later branch. In the event that the upgrade/migration is not to the next sequential major release then the upgrade/migration must be carried out in stages without omitting the intermediate major versions.</p> <h3>5.4 Example upgrade/migration path</h3> <p>As an example, suppose that the current fully-patched supported releases are 4.3.8, 5.6.3 and 6.3.5. Assume also that the latest patch for the 4.2 minor release was 4.2.18. We have a site on 4.2.9 which is to be migrated to the latest 6.3.5 release. Then the supported upgrade/migration path comprises the following sequence of individual upgrade/migration steps:-</p> <p>1. Apply patches from 4.2.9 to 4.2.18 (the latest patch version in the current minor series).</p> <p>2. Upgrade from 4.2.18 to 4.3.8 (the latest minor version in the current major series).</p> <p>3. Migrate from 4.3.8 to 5.6.3 (the latest minor version in the next sequential major series).</p> <p>4. Migrate from 5.6.3 to 6.3.5 (the latest minor version in the latest major series).</p> <p>Note that migrations from end of life releases are not, by definition, supported. However, it is highly likely that the last supported migration path will continue to work.</p> <h2><a id="backward_compatibility"></a>6. Backward Compatibility Policy</h2> <p>The Joomla project seeks to maintain backward compatibility as long as possible and full backward compatibility can be expected within a major series. Backward compatibility may only be broken when a new major series is started.</p> <p>Clean, maintainable code is important, but as time progresses the need to maintain backward compatibility makes software more complex and less maintainable. This technical debt (see, for example: <a href="http://martinfowler.com/bliki/TechnicalDebt.html">http://martinfowler.com/bliki/TechnicalDebt.html</a>) can only be relieved in the first release of a new major series.</p> <p>Sometimes the best way to continue development is to drop support for some element. This process of deprecation must be handled carefully as it can lead to backward compatibility issues.</p> <h3>6.1 Applicability</h3> <p>The backward compatibility policy can only apply to certain aspects of the software and it is important that these are defined so that everyone is clear can understand the limits of that promise. In general, backward compatibility applies to, where applicable:</p> <h4>6.1.1 PHP</h4> <p>All PHP code in the /libraries folder which is not flagged as private is considered to be part of the Joomla API and subject to backwards compatibility constraints. This may be extended to include other PHP code, such as component classes, in the future.</p> <h4>6.1.2 JavaScript</h4> <p>All JavaScript functions and classes that are not flagged as private.</p> <h4>6.1.3 Database schemata</h4> <p>All database schema changes must be accompanied by a conversion script that can be executed to losslessly convert from the old schema to the new one.</p> <h4>6.1.4 XML schemata</h4> <p>Adding new entities and attributes is generally acceptable; changing or deleting them is not.</p> <h4>6.1.5 JSON schemata</h4> <p>Adding new entities is generally acceptable; changing or deleting them is not.</p> <h4>6.1.6 Language keys</h4> <p>Changing or deleting a language key is considered a backwards compatibility break. Adding new ones is not. Substantially changing the meaning associated with a language key is a compatibility break. Rephrasing something for a more accurate description or proper en-GB grammar is not.</p> <h4>6.1.7 Rendered markup</h4> <p>For the time being, rendered markup is not subject to our backwards compatibility promise. We will try not to change markup in such a way that a site might render differently, but we can't promise not to break anything at the present time. We will work on defining ways in which we might make a backwards compatibility promise for markup in the future, but we do not currently have a satisfactory consensus on a workable standard.</p> <h4>6.1.8 URLs</h4> <p>Any change to a URL that will give a 404 (or some other error) where it previously gave a 200 is a break in backwards compatibility. However, if the change results in a redirect to a new URL (which gives a 200) then that is acceptable.</p> <p>In general, if a URL is changed then provided the new URL delivers the exact same resource rendered in the same way then that is not considered to be a break in backwards compatibility. For example, changing the order of the arguments in the query part of a URL is not considered to be a break.</p> <p>Individual products may have backward compatibility constraints additional to those listed above. These will be documented in the appropriate README.md.</p> <h3>6.2 Deprecation</h3> <p>An element can be marked as being deprecated in a new minor release or the first release of a new major version. Advice on how to amend code that is currently using an element that is marked as deprecated MUST be added to the documentation.</p> <p>Previously deprecated elements that are no longer used in the product itself MUST be removed in the first version of a new major series but MUST NOT be removed in a minor or patch release.</p> <p>For example, code that is deprecated in version 10.1 will be scheduled for removal in version 11.0.0. Code that is deprecated in 11.0.0 cannot be removed until the release of version 12.0.0.</p> <p>Code that is deprecated will have a @deprecated tag added to the appropriate docblock and it will be noted in the release notes.</p> <p>The Production Department Leadership may elect to defer the removal of deprecated elements if deemed appropriate.</p> <h3>6.3 Regressions</h3> <p>There will no doubt be occasions when a release unintentionally breaks backward compatibility. If one or more such backward compatibility regressions are found within a major series they will be fixed by making a patch release as soon as possible after their discovery.</p> <h3>6.4 Minimum technical requirements</h3> <p>The minimum technical requirements, such as PHP version, database version, etc., can only be increased for the first release of a new major version.</p> <h3>6.5 Downgrading</h3> <p>Downgrading a Joomla product is not supported. Changes brought about during an upgrade may be irreversible. So if you experience an issue following an upgrade, you should restore from a backup copy made immediately prior to the upgrade.</p> <p>Downgrading an element that a Joomla product depends on is also not supported. For example, whilst moving the product to a new host with a lower version of the web server, the database engine, or PHP would normally be expected to work, provided the dependent element is still within the minimum requirements for the product, this cannot be guaranteed because in some cases data used by the product may depend on some property of the dependent element that cannot be reversed. For example, downgrading an encryption library would tend to be problematical.</p> <p>Similarly, migrating across dependent element types is also not supported. For example, moving from Postgres to MySQL or vice versa, is not supported. There may be third-party tools available which are able to perform such a migration, but these are outside the scope of our support policy.</p> <h2><a id="security_policy"></a>7. Security Policy</h2> <p>The team of developers and security experts tasked with implementing the Joomla Project Security Policy is the Joomla Security Strike Team (JSST). The JSST is tasked with investigating and responding to reported core vulnerabilities, executing core code reviews before software releases, providing a public presence regarding security issues, and helping the public to better understand Joomla security issues.</p> <h3>7.1 Security announcements</h3> <p>Joomla is a member of oCERT (along with a number of other security conscious software companies and organisations). Those reporting security issues may do so through oCERT or the JSST directly, but either way the JSST will make reasonable effort to work within the oCERT guidelines.</p> <h3>7.2 Public responses</h3> <p>We appreciate the efforts of people finding and reporting security issues but we encourage reporters to hold back information until Joomla releases a patched version of the software. Reporters that do so will be credited on the official vulnerability report.<br /> <br /> The project does not disclose proof-of-concept information to demonstrate vulnerabilities and reporters are encouraged to do the same. Where a reporter feels strongly that proof-of-concept instructions should be published, they are encouraged to hold that information for an additional period of at least 4 weeks after the release of the patched version of the software.<br /> <br /> The JSST will be available to answer questions and/or validate any Joomla security related articles at the publisher’s request.</p> <h3>7.3 Security releases</h3> <p>Unless the threat level dictates otherwise, security patches will be rolled into the next available release of the software subject to oCERT guidelines and best practice.</p> <h3>7.4 Vulnerability threat levels</h3> <p>There are two main details that contribute to a vulnerability’s priority or "threat level": impact and severity. The following tables provide generic guidelines for how vulnerabilities may be assessed. In practice each vulnerability will be assessed for damage potential and ranked accordingly.</p> <h4>7.4.1 Impact</h4> <table class="table table-bordered table-striped"> <thead> <tr> <th>Level</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>Critical</td> <td>“0-day" attacks, and attacks where site control is compromised (allows attacker to take control over site).</td> </tr> <tr> <td>High</td> <td>SQL injection attacks, remote file include attacks, and other attack vectors where site data is compromised.</td> </tr> <tr> <td>Moderate</td> <td>XSS attacks, write ACL violations (editing or creating of content where not allowed).</td> </tr> <tr> <td>Low</td> <td>Read ACL violations (reading of content where not allowed).</td> </tr> </tbody> </table> <h4>7.4.2 Severity</h4> <table class="table table-bordered table-striped"> <thead> <tr> <th>Level</th> <th>Description</th> <th>Release Fix</th> </tr> </thead> <tbody> <tr> <td>Critical</td> <td>VERY easy to perform. Relies on no outside information (TRUE 0-day attack).</td> <td>As soon as possible</td> </tr> <tr> <td>High</td> <td>Moderately easy to perform. May rely on readily available outside information.</td> <td>Per oCERT guidelines</td> </tr> <tr> <td>Moderate</td> <td>Not easy to perform. May rely on sensitive information.</td> <td>Per oCERT guidelines</td> </tr> <tr> <td>Low</td> <td>Difficult to perform. Relies on sensitive information or requires special circumstances to perform.</td> <td>Per oCERT guidelines</td> </tr> </tbody> </table> <h2>Appendix A: Example life cycle</h2> <p>For following example is provided to help understand how it all works:</p> <table class="table table-bordered table-striped"> <thead> <tr> <th>Date</th> <th>Release Notes</th> </tr> </thead> <tbody> <tr> <td>3.3.0</td> <td>New minor version; includes new features.</td> </tr> <tr> <td>3.3.1 to 3.3.7</td> <td>Seven patch versions fixing bugs approximately once a month; no new features.</td> </tr> <tr> <td>3.4.0</td> <td>New features plus several bug patches merged; trigger new minor release.</td> </tr> <tr> <td>3.4.1 to 3.4.3</td> <td>Bug fix releases about two months apart.</td> </tr> <tr> <td>3.4.4</td> <td>Critical security fix released two days after 3.4.3</td> </tr> <tr> <td>3.5.0</td> <td>New features ready and merged; released about a month after 3.4.3</td> </tr> <tr> <td>3.5.1 to 3.5.2</td> <td>Bug fix releases.</td> </tr> <tr> <td>4.0.0-Alpha1</td> <td>Team working on new features break compatibility with <strong>3.x</strong>. triggers a major version increment; alpha process started.</td> </tr> <tr> <td>3.5.3 to 3.5.7</td> <td>Bug fix releases</td> </tr> <tr> <td>4.0.0-Beta1 to 4.0.0-Beta4</td> <td>Feature complete testing release for version 4.0</td> </tr> <tr> <td>3.5.8</td> <td>Bug fixing continues for 3.5</td> </tr> <tr> <td>4.0.0-RC's to 4.0.0-GA</td> <td>Release candidates pass final testing and 4.0-GA is released</td> </tr> <tr> <td>3.5.9</td> <td>Bug fix release.</td> </tr> <tr> <td>4.0.1 to 4.0.3</td> <td>The inevitable bug swarm after a new major version hit.</td> </tr> <tr> <td>4.1.0</td> <td>New feature in the <strong>4.x</strong> series; trigger minor version increment.</td> </tr> <tr> <td>4.1.1 to 4.1.9</td> <td>Regular bug fix releases.</td> </tr> <tr> <td>4.2.0</td> <td>New features merged plus some bug and low priority security fixes.</td> </tr> <tr> <td>3.6.0</td> <td>Some minor new feature released for <strong>3.x</strong></td> </tr> <tr> <td>4.3 to 4.7</td> <td>Many new features released over a period of time.</td> </tr> <tr> <td>3.6.1</td> <td>Minor bug fixes; Production Department Leadership sees noticeable reduction of interest in the <strong>3.x</strong> series; announces that the next minor release of <strong>3.x</strong> will go onto Long Term Support</td> </tr> <tr> <td>4.8.0</td> <td>New features for <strong>4.x</strong></td> </tr> <tr> <td>3.7.0</td> <td>LTS version release; no new features; security and major bug support only.</td> </tr> <tr> <td>4.9.0</td> <td>New features for <strong>4.x</strong></td> </tr> <tr> <td>3.7.1 and 4.9.1</td> <td>Security patch for vulnerability in both the <strong>3.x</strong> and <strong>4.x</strong> versions.</td> </tr> <tr> <td>...</td> <td>Time passes</td> </tr> <tr> <td>3.7.4</td> <td>Released 18 months after 3.7.0; support technically continues for the next six months but no issues require attention; software reaches end of life two years after the release of 3.7.0.</td> </tr> </tbody> </table> <h2>Document Revision History</h2> <p>13 March 2014 — Formally approved for adoption by the Production Leadership Team.</p> </div> <nav class="pagenavigation" aria-label="Page Navigation"> <span class="pagination ms-0"> <a class="btn btn-sm btn-secondary previous" href="/news/587-faq-s-for-joomla-s-improved-release-cycle.html" rel="prev"> <span class="visually-hidden"> Previous article: FAQ's for Joomla's Improved Release Cycle </span> <span class="icon-chevron-left" aria-hidden="true"></span> <span aria-hidden="true">Prev</span> </a> <a class="btn btn-sm btn-secondary next" href="/news/584-joomla-improved-release-cycle-for-the-people-by-the-people.html" rel="next"> <span class="visually-hidden"> Next article: Joomla! Improved Release Cycle: For the People by the People </span> <span aria-hidden="true">Next</span> <span class="icon-chevron-right" aria-hidden="true"></span> </a> </span> </nav> </div> <nav class="mod-breadcrumbs__wrapper" aria-label="Breadcrumbs"> <ol class="mod-breadcrumbs breadcrumb px-3 py-2"> <li class="mod-breadcrumbs__here float-start"> You are here:   </li> <li class="mod-breadcrumbs__item breadcrumb-item"><a href="/" class="pathway"><span>Home</span></a></li><li class="mod-breadcrumbs__item breadcrumb-item"><a href="/news.html" class="pathway"><span>News</span></a></li><li class="mod-breadcrumbs__item breadcrumb-item active"><span>Joomla! Development Strategy</span></li> </ol> </nav>  </main> <aside class="col-md-3 sidebar-right">  <div class="moduletable "> <div id="mod-custom119" class="mod-custom custom"> <h3>Joomla! CMS</h3> <ul class="nav menu flex-column nav-tabs"> <li class="nav-item"><a class="nav-link" href="https://downloads.joomla.org/latest">Current Release <span class="float-end float-md-none float-lg-end"><img src="/images/joomla-logo.png" alt="Joomla! CMS 3" /> 4<strong>.x</strong></span></a></li> <li class="nav-item"><a class="nav-link" href="https://issues.joomla.org">View known Issues</a></li> <li class="nav-item"><a class="nav-link" href="https://github.com/joomla/joomla-cms#build-status" target="_blank" rel="noopener noreferrer">Development Status</a></li> <li class="nav-item"><a class="nav-link" href="/nightly-builds.html">Download Nightly builds</a></li> </ul> <h3>Joomla! Framework</h3> <ul class="nav menu flex-column nav-tabs"> <li class="nav-item"><a class="nav-link" href="https://framework.joomla.org">Current Release <span class="float-end float-md-none float-lg-end"><img src="/images/joomla-framework.png" alt="Joomla! Framework Logo" /> 2<strong>.x</strong></span></a></li> <li class="nav-item"><a class="nav-link" href="https://framework.joomla.org/status">Development Status</a></li> </ul></div> </div> <div class="moduletable "> <h3 >Resources</h3> <ul class="mod-menu mod-list nav flex-column nav-tabs"> <li class="nav-item item-474"><a href="/development-strategy.html" class="nav-link">Development Strategy</a></li><li class="nav-item item-565"><a href="/security-centre.html" class="nav-link">Security Announcements</a></li><li class="nav-item item-736"><a href="/security/contact-the-team.html" class="nav-link">Report Security Issues</a></li><li class="nav-item item-685"><a href="/about/stats.html" class="nav-link">Usage Statistics</a></li><li class="nav-item item-687"><a href="/about/stats/api.html" class="nav-link">Statistics API Documentation</a></li><li class="nav-item item-466"><a href="https://api.joomla.org" class="nav-link">Joomla! API Documentation</a></li><li class="nav-item item-467"><a href="/coding-standards.html" class="nav-link">Coding Standards Manual</a></li><li class="nav-item item-662"><a href="/joomlacode-archive.html" class="nav-link">JoomlaCode Archive</a></li></ul> </div> <div class="moduletable "> <h3 >Mailing Lists</h3> <ul class="mod-menu mod-list nav flex-column nav-tabs"> <li class="nav-item item-748"><a href="https://community.joomla.org/joomla-developer-network-newsletter.html" class="nav-link">Developer Network Newsletter</a></li><li class="nav-item item-469"><a href="https://groups.google.com/group/joomla-dev-general" class="nav-link"> General Extensions Mailing</a></li><li class="nav-item item-470"><a href="https://groups.google.com/group/joomla-dev-cms" class="nav-link">CMS Mailing</a></li><li class="nav-item item-471"><a href="https://groups.google.com/group/joomla-dev-framework" class="nav-link">Framework Mailing</a></li><li class="nav-item item-514"><a href="https://groups.google.com/group/joomla-docs" class="nav-link">Documentation Mailing</a></li></ul> </div>  </aside> </div> </div> </div>  <footer class="footer text-center"> <div class="container"> <hr /> <div class="social"> <ul class="soc"> <li><a href="https://twitter.com/joomla" target="_blank" rel="noopener" title="Joomla! on Twitter"><span aria-hidden="true" class="fab fa-twitter"></span><span class="visually-hidden">Joomla! on Twitter</span></a></li> <li><a href="https://www.facebook.com/joomla" target="_blank" rel="noopener" title="Joomla! on Facebook"><span aria-hidden="true" class="fab fa-facebook"></span><span class="visually-hidden">Joomla! on Facebook</span></a></li> <li><a href="https://www.youtube.com/user/joomla" target="_blank" rel="noopener" title="Joomla! on YouTube"><span aria-hidden="true" class="fab fa-youtube"></span><span class="visually-hidden">Joomla! on YouTube</span></a></li> <li><a href="https://www.linkedin.com/company/joomla" target="_blank" rel="noopener" title="Joomla! on LinkedIn"><span aria-hidden="true" class="fab fa-linkedin"></span><span class="visually-hidden">Joomla! on LinkedIn</span></a></li> <li><a href="https://www.pinterest.com/joomla" target="_blank" rel="noopener" title="Joomla! on Pinterest"><span aria-hidden="true" class="fab fa-pinterest"></span><span class="visually-hidden">Joomla! on Pinterest</span></a></li> <li><a href="https://www.instagram.com/joomlaofficial/" target="_blank" rel="noopener" title="Joomla! on Instagram"><span aria-hidden="true" class="fab fa-instagram"></span><span class="visually-hidden">Joomla! on Instagram</span></a></li> <li><a href="https://github.com/joomla" target="_blank" rel="noopener" title="Joomla! on GitHub"><span aria-hidden="true" class="fab fa-github"></span><span class="visually-hidden">Joomla! on GitHub</span></a></li> </ul> </div> <div class="footer-menu"> <nav class="navbar navbar-expand"> <div class="container-fluid"> <ul class="navbar-nav mx-auto flex-wrap"> <li class="nav-item"><a class="nav-link" href="https://www.joomla.org"><span>Home</span></a></li> <li class="nav-item"><a class="nav-link" href="https://www.joomla.org/about-joomla.html"><span>About</span></a></li> <li class="nav-item"><a class="nav-link" href="https://community.joomla.org"><span>Community</span></a></li> <li class="nav-item"><a class="nav-link" href="https://forum.joomla.org"><span>Forum</span></a></li> <li class="nav-item"><a class="nav-link" href="https://extensions.joomla.org"><span>Extensions</span></a></li> <li class="nav-item"><a class="nav-link" href="https://community.joomla.org/service-providers-directory.html"><span>Services</span></a></li> <li class="nav-item"><a class="nav-link" href="https://docs.joomla.org"><span>Docs</span></a></li> <li class="nav-item"><a class="nav-link" href="https://developer.joomla.org"><span>Developer</span></a></li> <li class="nav-item"><a class="nav-link" href="https://community.joomla.org/the-joomla-shop.html"><span>Shop</span></a></li> </ul> </div> </nav> <nav class="navbar navbar-expand"> <div class="container-fluid"> <ul class="navbar-nav mx-auto flex-wrap"> <li class="nav-item"><a class="nav-link" href="https://www.joomla.org/accessibility-statement.html">Accessibility Statement</a></li> <li class="nav-item"><a class="nav-link" href="https://www.joomla.org/privacy-policy.html">Privacy Policy</a></li> <li class="nav-item"><a class="nav-link" href="https://www.joomla.org/cookie-policy.html">Cookie Policy</a></li> <li class="nav-item"><a class="nav-link" href="https://community.joomla.org/sponsorship-campaigns.html">Sponsor Joomla! with $5</a></li> <li class="nav-item"><a class="nav-link" href="https://joomla.crowdin.com" target="_blank" rel="noopener">Help Translate</a></li> <li class="nav-item"><a class="nav-link" href="https://github.com/joomla/joomla-websites/issues/new?title=[jdev]%20&body=Please%20describe%20the%20problem%20or%20your%20issue">Report an Issue</a></li> <li class="nav-item"><a class="nav-link" href="/component/content/article/586-joomla-development-strategy.html?layout=blog&Itemid=&catid=8">Log in</a></li> </ul> </div> </nav> <p class="copyright">© 2005 - 2024 <a href="https://opensourcematters.org">Open Source Matters, Inc.</a> All Rights Reserved.</p> <div class="hosting"> <div class="hosting-image"><a href="https://www.rochen.com/joomla-hosting" rel="noopener" target="_blank"><img class="rochen" src="https://cdn.joomla.org/rochen/rochen_footer_logo_white.svg" alt="Rochen" /></a></div> <div class="hosting-text"><a href="https://www.rochen.com/joomla-hosting" rel="noopener" target="_blank"><span dir="ltr">Joomla!</span> Hosting by Rochen</a></div> </div> </div> <div id="adblock-msg" class="alert alert-danger d-none"> <button class="btn-close" data-bs-dismiss="alert" href="#"><span class="visually-hidden">Close</span></button> <span class="fa fa-triangle-exclamation"></span> We have detected that you are using an ad blocker. The Joomla! Project relies on revenue from these advertisements so please consider disabling the ad blocker for this domain. </div> </div> </footer> </body> </html>