We’re combining patch and security releases

Security releases are an important part of modern software delivery. Historically, GitLab committed to one security release a month, with patch releases delivered additionally throughout the month as they became available. We recognize that this has been a suboptimal user experience and the majority of users would prefer a more defined schedule and structure for these releases to make planning for them easier. To address these concerns, starting in April, we will combine patch and security releases along with a more frequent patch release schedule. Planned patch releases will now happen twice a month – on the second and fourth Wednesdays – and will contain security and bug fixes. For more details, see the patch release section on our Releases page in the GitLab Handbook. What does this change mean for you? In April, we will rebrand ‘patch’ and ‘security’ releases and combine them into ‘patch’ releases, following semantic versioning standards. Additionally, we have doubled the number of planned patch releases we will deliver each month. There will now be two planned patch releases for every GitLab minor version, which may contain both bug and security fixes. We will be able to deliver fixes to users sooner and improve the overall UX of security releases by operating on a regular schedule. Subscribers to the security email list will continue to receive their notifications as usual and the release blog posts will continue to publish regularly, likely with some minor changes to the template to highlight security fixes. If you have any questions about the change or would like to give feedback, please post a comment on our feedback issue.