I propose to add and enforce a new rule when we fix a security bug, which is to always check for the first XWiki version on which the security issue started and to add the information on the issue.
We generally perform this check as a best practice, but I suggest that we make it mandatory for the security issues since we might then want to be exhaustive on which version is impacted. The proposal is to us as committers to enforce this rule and to write this rule on dev.xwiki.org.
The vote is opened for one week until the 17th of february.
I’m +1 for it.