On 13/09/16 21:00, Marek Svent wrote: > Hi, > > 1.0.2h was released four months ago and although several security issues > worth for CVE number is discovered in it and there has been a lot of > commits in the 1.0.2 branch fixing other important issues, there is no > sign of 1.0.2i. Is it planned? Or is 1.1.x focus for development now and > 1.0.2 users should track a branch which should be treated as constantly > stable now? Or ... ? 1.0.2 is our Long Term Support branch and continues to be supported. See this page for our support details: https://www.openssl.org/policies/releasestrat.html WRT a new release of 1.0.2, typically we will only do a new release if a high severity security issue is discovered (or occasionally if there is a significant bug fix). Low severity defects are published immediately in git and are made available as part of the next release whenever that might happen. In other words, new releases are scheduled on an "as needed" basis as and when high severity defects are discovered and are typically announced a few days in advance of the release. Matt
