...
- Add a news item to the main page of the OFBiz website: http://ofbiz.apache.org/index.html
- Add the information about the release to the OFBiz download page: http://ofbiz.apache.org/download.html
- Create an html page with the release notes (generated by Jira)
- In Jira, mark the version as "released" and create a new version for the next release
- Add the information about the release to the release history page: http://www.apache.org/dist/ofbiz/
- Send an announcement to the user, dev and announce@apache.org lists
Update related files
http://ofbiz.apache.org/download.html
http://ofbiz.apache.org/source-repositories.html
https://github.com/apache/ofbiz-site/blob/master/doap_OFBiz.rdf
Please complete the list if necessary...- Update the release informations on other sites: OFBiz on other sites
- If it's an EOL release announce using one of the files at https://svn.apache.org/repos/private/pmc/ofbiz/security/EOL-Drafts
- If the release embeds a CVE (ie a fix for a security vulnerabilty)
- Complete the CVE information at https://cveprocess.apache.org/cve5, notably the reference using 'vendor-advisory' tag for pointer to ASF mailing list announcement once public
- Send the OSS Email and ASF Email emails
- Fill in a 'reference' with tag 'vendor advisory' with the URL to your public announcement about this issue. ASF Security will be notified and set the CVE as publicwill submit to the CVE project and will set the state to 'PUBLIC'.
- Update the security page on site
- Transform the related Jira to a security issue
- Set it as a OFBIZ-1525 subtask
- Change the title by beginning with [SECURITY] (CVE-AAAA-cveNumber)
- Send an email to all finders with the URL to your public announcement.
Creating a new release branch
...