As of Symfony 5.0, we are changing the way we manage security issues for
standard releases. A standard release is any minor version that is not a LTS
release: so, versions X.0, X.1, x.2, and x.3.
For these standard releases, we will align the EOM (end of maintenance) date
with the EOL (end of life) date. So, instead of having 14 months of security
fixes, we will only have 8 months.
For instance, Symfony 4.3 EOM date is January
2020 and EOL date is July 2020. With the new rules, EOL would have been January
2020. Symfony 5.0 will be the first release
to implement the change: EOM and EOL dates will be July 2020.
We are making this change as backporting (or forwardporting) security issue
patches on these versions proved to be difficult and time consuming (the code
might have diverged a lot from the previous LTS but also from the current
maintained minor version). We think that this extra time spent doing that is not
worth it as projects following standard versions upgrade fast.
To be clear, this change does not affect LTS releases (4.4, 5.4, ...).