> Before going into the changes in this release, let’s address why it was released v5 on the next dist-tag. As part of reviving the project, we started a Security working group and security triage team to address the growing needs around open source supply chain security. We undertook a security audit (more details to come on that) and uncovered some problems that needed to be addressed. Thus, in addition to the “normal” work done in public issues, we also did a lot of security work in private forks. This security work required orchestration when releasing, to ensure the code and CVE reports went out together. You can find a summary of the most recent vulnerabilities patched in our security release notes.
>
> While we weren’t able to simultaneously release v5, this blog post, the changelog, and documentation, we felt it was most important to have a secure and stable release.
>
> As soon as possible, we’ll provide more details on our long-term support (LTS) plans, including when the release will move from next to latest. For now, if you are uncomfortable being on the bleeding edge (even if it is a rather dull edge) then you should wait to upgrade until the release is tagged latest. That said, we look forward to working with you to address any bugs you encounter as you upgrade.
