Documentation on Supported Version(s)

[davidbarratt]

Bug Report

I was unable to find any documentation on what versions of TypeScript are "supported." I realize that is a loosely defined term, what I mean is this: If a security vulnarability was found in TypeScript, which versions would be patched?

Right now, it's impossible to know what the minimum version of TypeScript we should be using in order to be ready for any security patches that could be issued.

🔎 Search Terms

• supported versions
• security support
• version support

[ajafff]

42712 happened recently. I think this should answer your question for the moment

[RyanCavanaugh]

Roughly speaking, you can expect:

• Security fixes going back 2-4 versions, plus additional older versions in "boxed" products under our control (e.g. Visual Studio), depending on severity
• @types packages from DefinitelyTyped will be version-tagged for TS versions from the last 2 years
• Bug fixes are not backported unless there's a specific request for them and there's merited severity (e.g. is a regression, is a crash without a reasonable workaround)

[davidbarratt]

@RyanCavanaugh Thanks for your quick reply!

* Security fixes going back 2-4 versions, plus additional older versions in "boxed" products under our control (e.g. Visual Studio), depending on severity

For clarity, do you mean 2-4 major versions or minor versions? For instance, if we are running 3.5 or 3.6 would those get security patches or no?

[RyanCavanaugh]

Minor. 3.6 would be too old.