Is there a reference for the wordpress release and version model? In particular
- When a new release like 3.6 comes out, will 3.5 have security fixes for a period of time?
- Are some release more likely to have breaking changes? In other words, will 3.5 to 3.6 break less than something like 3.9 to 4?
When a major release is made, fixes are made to it, but it’s rare that fixes to older versions are made. It has happened before, but it should never be relied upon, and there are a lot of bugfixes that are never backported. Sometimes a version will be tagged before a major release that isn’t publicly announced, but these shouldn’t be used if you have the option of moving to the latest major release.
So current support paradigm is use the latest, or update
The release cycles also make no distinction between whole numbers. A new major release increments the version number by 0.1, 3.9 -> 4.0 is no more significant then 2.6 -> 2.7 other than by pure chance what the release contained.
An increment of 0.0.1 indicates bugfixes, security fixes may also be present in these releases
An increment of 0.0.0.1 indicates a critical fix, either for a security bug, or a silly mistake that has major repercussions.
Little testing is necessary when moving between point releases, only major releases should prove a problem. Well built code usually requires zero work to maintain from major release to release, and significant changes are pointed out in the release notes.
Any release could contain a security fix, only the very latest is guaranteed to have all the released fixes. Patches are rarely provided for older versions and use of older versions is actively discouraged
The Core Contributor Handbook is a good reference: http://make.wordpress.org/core/handbook/how-the-release-cycle-works/version-numbering/
The short answer is: X.Y are major versions (weird for historical reasons, no it’s not semver), with 4.0 being no different from 3.9 or 4.1. Back-compat is a core tenet of WP releases, so while not always perfect, there are generally not breaking changes between major releases. X.Y.Z are maintenance releases. I’ve seen them occasionally get backported one release, but admittedly not sure why. I would guess for very critical issues for those who might use a branch checkout or some such.
I have no idea if this question is on topic here (I think is might be) but WordPress, as far as I am aware, does not have a release model like PHP or CentOS where major branches operate somewhat independently and older versions continue to get support–ie. security patches– for awhile before the branch is phased out completely.
WordPress releases are very linear. One release follows the last and there are no patches, as far as I’ve seen, for previous releases except the next release in the sequence.
Yes, some releases are more problematic than others. There were a lot of changes in 3.5 (I believe) and that caused more than the normal stir around upgrades. WordPress does have a very, very strong backwards compatibility policy so upgrades are usually pretty painless.