Versions Compared

Old Version 30

changes.mady.by.user Lukasz Lenart

Saved on

compared with

New Version 31

changes.mady.by.user Lukasz Lenart

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If the release will fix a - hopefully yet undisclosed - security issue, it's now time to update the Security Bulletins page and add a new announcement. For a template, just check former announcements

Update site (Struts

...

Code Block

ssh people.apache.org
export VERSION=2.#.#

unzip /www/people.apache.org/builds/struts/$VERSION/struts-$VERSION-docs.zip -d ~/docs
#now the docs are under ~/docs/struts-$VERSION/docs
mkdir -p /www/struts.apache.org/$VERSION
mv ~/docs/struts-$VERSION/docs/* /www/struts.apache.org/$VERSION
chmod -R g+w /www/struts.apache.org/$VERSION
chown -R :struts /www/struts.apache.org/$VERSION

Edit /www/struts.apache.org/$VERSION/archetype-catalog.xml and update the version of artifacts

Update site (Struts top level site)

  • Check out site src code
    Code Block
    svn co https://svn.apache.org/repos/asf/struts/site/ struts-site
  • Update xml files
    • struts-site/src/site/xdoc/announce.xml (if applicable, refer also to corresponding security bulletin)
    • struts-site/src/site/xdoc/downloads.xml (remove previous version)
    • struts-site/src/site/xdoc/download.xml (remove previous version)
    • struts-site/src/site/xdoc/index.xml
    • struts-site/src/site/site.xml
    • struts-site/src/site/resources/archetype-catalog.xml
  • Commit the changes
  • Generate the site
    Code Block
    mvn site:site
  • Open struts-site/target/site/index.html and verify the urls and versions are right
  • Deploy site
    Code Block
    mvn site-deploy
    It takes a few hours for the site changes to go live

Redeploy the draft docs

Make public available all the pages that could leak confidential information about the vulnerability. Wait or manually export the space in Confluence. Build snapshot locally and copy assembly/target/assembly/out/struts2-#.#.#-SNAPSHOT-docs.zip to people.apache.org and update /www/struts.apache.org/2.x/docs

Permissions

...

Update site (Struts 2 site)

Code Block

svn co https://svn.apache.org/repos/infra/websites/production/struts/content/ struts-production-site

export VERSION=2.3.X

wget -erobots=off http://people.apache.org/builds/struts/$VERSION/struts-$VERSION-docs.zip

unzip struts-$VERSION-docs.zip -d docs

cd $VERSION

mvn site:site site:stage -DstagingDirectory=struts-production-site/release/2.3.x/

svn add ./ --force

svn status | grep '^\!' | sed 's/! *//' | awk 'BEGIN {FS="\t"};{print "\""$1"\""}' | xargs svn del --force

svn commit -m "Updates release docs" --no-auth-cache

Post announcements

We leave this as the last step, once the artifacts have had time to sync up on the mirrors.
Announce the release and the vulnerability. Typically this will be sent to the reporter, the project's users list (user@struts.a.o), the project's dev list (dev@struts.a.o), the project's announce list (announcements@struts.a.o), security@apache.org, full-disclosure@lists.grok.org.uk and bugtraq@securityfocus.com.
Samples are available at Sample announcements page.