1 of 1 people found this helpful
If you use the community version it's on you to integrate the latest fixes if you need it until there is a new release.
Fixes and Security patches are here applied to upstream development only.
If you use that you might get changes and new features and you need to adapt your application/configuration.
If you use an EAP versions you will get Security Fixes and patches according to the update and support policy.
Which mean you can download fixes for your exact server version without.
Now the new patch feature come into play.
Until EAP 6.1 patches are provided as a "full" download which mean you get a complete new server version.
Since EAP6.2 this patch feature provide a delta and you can install it with a command on top of your server installation,
also you can easy rollback it if there is an issue (with or without the related configuration)
For EAP 6.2 patches will have a schedule of about 6weeks, security fixes might happen if necessary.
For WildFly there is no such schedule, it might be possible that a new minor version is provided as download and additional as 'patch'.
Thank you for shedding some light on this !
"If you use the community version it's on you to integrate the latest fixes if you need it until there is a new release.
Fixes and Security patches are here applied to upstream development only"
Does it mean source code of such patches is publicly available or you need to literally identify reported vulnerabilities by yourself and attempt to create your own patch ?
Source is always available see wildfly/wildfly · GitHub
we have a rule that fixes are first applied to upstream (WildFly) and later backported downstream (EAP).
But difference is how this fixes are available in "binary form". In WildFly you get it as part of next release, for EAP they are available as Wolf described.