.. _release-model: =================== Fleio release model =================== Fleio is following the `continuous delivery `_ software engineering approach. .. _development-process: Development process =================== We follow these principles in software development and releases: * prioritize bug fixing * peer developer review on each code commit * automatic testing and continuous integration on each commit * automatic deployment to internal staging servers on each commit * manual testing on each commit and comprehensive manual testing before each release * automatic shippable build on every commit * button-push automated public releases * frequent releases * we follow **continuous delivery**, not continuous deployment. Fleio does not upgrade your installation automatically. You must explicitly initiate any upgrade. It is recommended that you test each release in a staging environment before upgrading your production server. An internal license (to be used as development/staging license, not allowed for production use) is included for this purpose with each purchased license. .. _security-measures: Security measures ================= The principles of our development process are also focused on security. Any security issue reported has the highest priority. Code review is also focused on potential security issues. Automatic tests include rogue authentication and authorization scenarios. Vulnerabilities are first exposed in an automatic tests, before the actual fix. Following software development best practices, regression defects are automatically discovered by our ever-growing set of tests. The automatic tests and build jobs, part of the development pipeline, enables us to ship a release at any time. This leads to timely releases of any urgent fix. Additional security steps include: * Our GitLab pipeline that runs on each code commit includes audit jobs of all third party software. The audit jobs fail if there are known vulnerabilities in third parties. * Each monthly release includes one or more tasks to upgrade third party software. * `SAST `_ jobs run on backend and frontend code on each commit. Jobs fail when issues are discovered in the code. * Blackbox and whitebox penetration tests are periodically performed by a third party company. Monthly releases ================ Fleio has two monthly releases: * one **BETA** release in the first part of the month. The beta version numbers usually have a trailing ``.0`` (e.g. ``2020.12.0``). Beta versions are not recommended for production use. * a **STABLE** release follows about a week after the beta release. Stable versions end with ``.1``, ``.2`` etc. (e.g. ``2020.12.1``) and are recommended for production. Other versions may be released the same month if there are urgent and important bug fixes to ship. .. important:: **The scheduled monthly releases are the only way we ship security and bug fixes.** Owned licenses include a period of one year of updates and technical support starting on the purchase date. **Bug fixes are not back-ported** to older versions, regardless if you have an owned or leased license. To keep up with the latest development it is recommended that you purchase an updates-package and keep close to the latest Fleio version. With an owned license you are entitled, however, to use an older version indefinitely (any version released during an updates-included period).