I’m scoping out ClassicPress as an alternative to progressing with Wordpress for my old (main) installs which are still primarily on WP 4.8.
I’ve been working with WP for about… it must be back to the 2.x days when Kubrick was the default theme, but I’ve largely dropped off the “willing to invest time in learning this” bandwagon when they started moving in a direction of abstracting more stuff to functions, and having less readable html in the theme files (also the block editor just isn’t for me).
As a jumping off question, does ClassicPress do the automatic security updates thing for point upgrades that WP does?
OK, is there a mechanism to do security updates (only) as automatic update, the way Wordpress does, or is ClassicPress not set up with separate security update / feature update upgrade tracks?
Well, actually, WP generally releases security and other updates together. It’s just that sometimes it considers a security issue so significant that it does a forcible update.
CP also generally releases security and other updates together. If we consider a security issue so significant, we’ll say so, but we won’t do a forcible update.
Well, actually, WP generally releases security and other updates together. It’s just that sometimes it considers a security issue so significant that it does a forcible update.
Right, but what I mean is I don’t have to pay attention to Wordpress.org, or follow the Wordpress security news etc, because I know my WP installs will auto-patch for security issues, and will do so as solely a security patch.
And, if I don’t want to be on the feature updates train I still get the security patches. I’ve never seen a “upgrade to 4.9 to fix this 4.8 security fault”. Hence why I’m on 4.8.25 - that’s ~25 security patches, that I haven’t had to interact with.
But I’m assuming this comes to a “no” thee’s no “automatic security updates only” auto-patch feature?
@timkaye what i think @metaning needs is a script to put in wp-config to only perform automatic updates for security patches updates (so for every release that me thinks is tagged security fix or something like this?) - I seem to recall that there was a way in the past with WP. I am going to check and see if I find something online
/*enables automatic minor updates (security fixes */
define( 'WP_AUTO_UPDATE_CORE', 'minor' );
/* disables all other automatic updates */
define( 'AUTOMATIC_UPDATER_DISABLED', false );
This will tell your CP install that to update to minor is fine (so security patches and minor things) but not to perform major upgrades (like from a 2.x version to 3.0).
what i think @metaning needs is a script to put in wp-config to only perform automatic updates for security patches updates
Yes, that’s pretty much it - if I set someone up with ClassicPress, I don’t want to impose on them the burden of actively maintaining updates etc, or worrying about an update breaking / changing something, but by the same token, I don’t want it becoming insecure.
This will tell your CP install that to update to minor is fine (so security patches and minor things) but not to perform major upgrades (like from a 2.x version to 3.0).
Very cool. So this will provide what is effectively the current default behaviour for WP?
I know WP does first-point updates as pretty major feature updates - eg 4.9 added the block editor which 4.8 lacked. I get the impression WP versioning is (major version).(feature addition).(security update)
Does CP have the level of fine graining for version numbers?
Aa @ElisabettaCarrara says, CP adheres to semantic versioning. So our version numbers mean specific things.
We are currently on v. 2.3.0. An update numbered 2.3.1 would be a bug fix. An update numbered 2.4.0 would include new features but no breaking changes. And that would be true of 2.5.0, 2.6.0, etc.
Breaking changes would be indicated by our releasing v. 3.0.0.
We are currently on v. 2.3.0. An update numbered 2.3.1 would be a bug fix. An update numbered 2.4.0 would include new features but no breaking changes. And that would be true of 2.5.0, 2.6.0, etc.
OK, this is becoming clearer, thanks.
Is there a modification / additional specificity to only do the patch level of updates, according to the semantic versioning nomenclature?
Is that because the function doesn’t use the standard semantic nomenclature, and “minor” is the equivalent of semantic “patch”, or because the function doesn’t have sufficient fine graining to do semantic patch-level only?