Fleio release model¶
Fleio is following the continuous delivery software engineering approach.
Development process¶
We follow these principles in software development and releases:
prioritize bug fixing
peer developer review on each code commit
automatic testing and continuous integration on each commit
automatic deployment to internal staging servers on each commit
manual testing on each commit and comprehensive manual testing before each release
automatic shippable build on every commit
button-push automated public releases
frequent releases
we follow continuous delivery, not continuous deployment. Fleio does not upgrade your installation automatically. You must explicitly initiate any upgrade. It is recommended that you test each release in a staging environment before upgrading your production server. An internal license (to be used as development/staging license, not allowed for production use) is included for this purpose with each purchased license.
Security measures¶
The principles of our development process are also focused on security. Any security issue reported has the highest priority. Code review is also focused on potential security issues. Automatic tests include rogue authentication and authorization scenarios. Vulnerabilities are first exposed in an automatic tests, before the actual fix. Following software development best practices, regression defects are automatically discovered by our ever-growing set of tests.
The automatic tests and build jobs, part of the development pipeline, enables us to ship a release at any time. This leads to timely releases of any urgent fix.
Additional security steps include:
Our GitLab pipeline that runs on each code commit includes audit jobs of all third party software. The audit jobs fail if there are known vulnerabilities in third parties.
Each monthly release includes one or more tasks to upgrade third party software.
SAST jobs run on backend and frontend code on each commit. Jobs fail when issues are discovered in the code.
Blackbox and whitebox penetration tests are periodically performed by a third party company.
Monthly releases¶
Fleio has two monthly releases:
one BETA release in the first part of the month. The beta version numbers usually have a trailing
.0
(e.g.2020.12.0
). Beta versions are not recommended for production use.a STABLE release follows about a week after the beta release. Stable versions end with
.1
,.2
etc. (e.g.2020.12.1
) and are recommended for production.
Other versions may be released the same month if there are urgent and important bug fixes to ship.
Important
The scheduled monthly releases are the only way we ship security and bug fixes.
Bug fixes are not back-ported to older versions, regardless if you have a legacy owned license or leased license.
With an active leased license, you can use any Fleio version that was released. However, we recommend that you update frequently and keep close to the latest stable version.