Fleio release model

Fleio is following the continuous delivery software engineering approach.

Development process

We follow these principles in software development and releases:

  • prioritize bug fixing

  • peer developer review on each code commit

  • automatic testing and continuous integration on each commit

  • automatic deployment to internal staging servers on each commit

  • manual testing on each commit and comprehensive manual testing before each release

  • automatic shippable build on every commit

  • button-push automated public releases

  • frequent releases

  • we follow continuous delivery, not continuous deployment. Fleio does not upgrade your installation automatically. You must explicitly initiate any upgrade. It is recommended that you test each release in a staging environment before upgrading your production server. An internal license (to be used as development/staging license, not allowed for production use) is included for this purpose with each purchased license.

Security measures

The principles of our development process are also focused on security. Any security issue reported has the highest priority. Code review is also focused on potential security issues. Automatic tests include rogue authentication and authorization scenarios. Vulnerabilities are first exposed in an automatic tests, before the actual fix. Following software development best practices, regression defects are automatically discovered by our ever-growing set of tests.

The automatic tests and build jobs, part of the development pipeline, enables us to ship a release at any time. This leads to timely releases of any urgent fix.

Additional security steps include:

  • Our GitLab pipeline that runs on each code commit includes audit jobs of all third party software. The audit jobs fail if there are known vulnerabilities in third parties.

  • Each monthly release includes one or more tasks to upgrade third party software.

  • SAST jobs run on backend and frontend code on each commit. Jobs fail when issues are discovered in the code.

  • Blackbox and whitebox penetration tests are periodically performed by a third party company.

Monthly releases

Fleio has two monthly releases:

  • one BETA release in the first part of the month. The beta version numbers usually have a trailing .0 (e.g. 2020.12.0). Beta versions are not recommended for production use.

  • a STABLE release follows about a week after the beta release. Stable versions end with .1, .2 etc. (e.g. 2020.12.1) and are recommended for production.

Other versions may be released the same month if there are urgent and important bug fixes to ship.

Important

The scheduled monthly releases are the only way we ship security and bug fixes.

Bug fixes are not back-ported to older versions, regardless if you have a legacy owned license or leased license.

With an active leased license, you can use any Fleio version that was released. However, we recommend that you update frequently and keep close to the latest stable version.