The Plone release policy was in need of an update to reflect our current ideas on how best to manage Plone releases in terms of maintenance support and security support. Also, the previous policy did not even mention Volto, the default frontend in Plone 6. The past months the release team and security team have worked on an update, and it was discussed in the Plone steering circle. Thank you to all who read drafts and commented on them. Special thanks to top commenters @stevepiercy and @tkimnguyen. Here is the new policy, which is in effect immediately.
Release Policy
Security support
Each major version gets security support for 5 years from the date of its release.
The security support for each minor version within one major version ends at the same date as the security support for the major version.
Only the latest patch release within a minor version gets security support. Security fixes may work on an older patch release, but we cannot guarantee this.
Maintenance support
The first minor version gets maintenance support for two years from the date of its release.
The second and later minor versions get maintenance support until the next minor or major version is released.
Volto
The development of the Volto frontend is decoupled from the Plone releases to be able to move faster. Plone REST API provides an abstraction layer that spans across multiple Plone versions, allowing the use of more recent Volto versions, even with older Plone backend versions.
Volto has its own release cycle and release manager (Victor Fernandez de Alba). Volto uses semantic versioning to indicate breaking changes.
Plone 6.0.0 was released with Volto 16.4.0. For the Volto 16 major version, the same support policies apply as for the Plone 6.0 minor version, so Volto 16.* gets maintenance support until 2024-12-31 and security support until 2027-12-31.
For more information, definitions, and the updated release schedule, see Release Schedule