Workflows
Hotfix and Urgent Fixes
Handle urgent fixes on a stable base, ship the smallest repair possible, and then flow that repair back into the branches that still need it.
- Teams turning commands into repeatable routines
- Readers who need sequencing, branch, and sync discipline
- Basic understanding of fetch, pull, push, and branches
- A sense of how and why branches diverge
- Copying a workflow without checking branch state
- Choosing the wrong integration path on shared branches
Production incidents, release blockers, and severe regressions are classic hotfix situations. The goal is not to clean up everything. The goal is to repair one critical issue on the safest possible base and flow that fix back cleanly.
Where this workflow fits
Use a hotfix workflow when:
- production needs fast recovery
- a release is blocked by a critical issue
- a newly shipped version introduced a severe regression
- an already released version needs an urgent repair
The difference from ordinary feature work is simple: recovery speed and change isolation matter more than broader cleanup.
Why a hotfix should branch from a stable line
Because urgent repair work is most dangerous when it mixes stable context with unrelated in-flight development. A stable branch base gives you:
- smaller diffs
- faster validation
- cleaner rollback options
- clearer relationships between release and main branches
Recommended sequence
git switch main
git pull --ff-only
git switch -c hotfix/login-timeout
After the fix:
- validate the hotfix branch in isolation
- land it on the stable branch
- propagate the fix back into main or any maintained branches that still need it
A fuller hotfix rhythm
git switch main
git pull --ff-only
git switch -c hotfix/login-timeout
# fix and commit
git add .
git commit -m "fix: handle login timeout"
git push -u origin hotfix/login-timeout
The important thing is not the command sequence alone. It is that repair, validation, and propagation remain separate decisions.
Why hotfixes should avoid "while we are here" changes
Urgent fixes work best when the change surface stays small:
- smaller diffs validate faster
- rollback is simpler
- incident analysis stays clearer
If a change is not necessary for the urgent repair to work, it usually does not belong in the hotfix.
Many incidents get worse not because the original bug was too hard, but because teams keep layering unrelated cleanup and improvements into the same urgent fix branch.
What to check before shipping the hotfix
At minimum, confirm:
- the repair started from a stable branch
- the diff contains only incident-related scope
- the follow-up branches that need the fix are already identified
- the rollback path is understood if the hotfix itself fails
Useful commands:
git diff --stat main...
git log --oneline --decorate -5
Why flowing the fix back matters as much as shipping it
One of the most expensive hotfix mistakes is stopping after production recovery. If the fix does not flow back:
- the next release can reintroduce the bug
- main and stable branches begin describing different truths
- the team loses confidence about which line is actually correct
A hotfix is only fully successful when both production and branch relationships are stable again.
Common mistakes
Mixing unrelated cleanup into the hotfix
This inflates validation and rollback cost.
Shipping the fix without flowing it back to main
That turns today’s repair into tomorrow’s regression source.
Treating the hotfix branch like a normal long-running branch
Hotfix branches should stay narrow, short, and purposeful.
- Am I branching from a truly stable line?
- What is the smallest repair scope that restores service?
- Which branches need the fix after production recovers?
- If this repair fails, how will I back it out quickly?
Good follow-up reads
Release branch workflowBackport with cherry-pickFetch vs pull