Previously, Solidus didn't have an explicit maintenance policy for previous versions. We're very security conscious, so for each previous security release we've released a patch simultaneously for all previous minor versions.
As we've released more versions, this has become more difficult. Our last set of security patches (December 2017) required 10 new releases, which is way too many. However we don't want to surprise users by announcing an issue with no easy patch available to them.
To allow us to patch security issues promptly, and to make sure developers know how long their Solidus version will receive security updates, we're introducing the following End of Life policy:
Solidus versions will receive security patches for 18 months following their initial release.
Versions which would hit their EOL before May 5th, 2018 (4 months from the date of this announcement) will receive security patches until May 5th, 2018. This applies to Solidus 1.0 through 2.0.
Under this policy, versions will be supported until the following dates:
Join the Solidus user testing mailing list to share your opinions and participate in user testing.