Versions Compared

Old Version 53

changes.mady.by.user Jacques Le Roux

Saved on

compared with

New Version Current

changes.mady.by.user Jacques Le Roux

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Rewrite a bit the point 9 about CVE

...

  1. Add a news item to the main page of the OFBiz website: http://ofbiz.apache.org/index.html
  2. Add the information about the release to the OFBiz download page: http://ofbiz.apache.org/download.html
  3. Create an html page with the release notes (generated by Jira)
    1. In Jira, mark the version as "released" and create a new version for the next release
  4. If necessary, update the security page on siote
  5. Add the information about the release to the release history page: http://www.apache.org/dist/ofbiz/
  6. Send an announcement to the user, dev and announce@apache.org lists; if the release contains vulnerability fixes send also to security@apache.org

  7. Update related files

    http://ofbiz.apache.org/download.html
    http://ofbiz.apache.org/source-repositories.html
    http://ofbiz.apache.org/security.html
    https://github.com/apache/ofbiz-tools/blob/master/demo-backup/README.md
    https://github.com/apache/ofbiz-site/blob/master/doap_OFBiz.rdf
    Please complete the list if necessary...

  8. Update the release informations on other sites: OFBiz on other sites
  9. If it's an EOL release announce using one of the files at https://svn.apache.org/repos/private/pmc/ofbiz/security/EOL-Drafts
  10. If the release embeds a CVE (ie a fix for a security vulnerabilty)
    1. Complete the CVE information at https://cveprocess.apache.org/cve5.
    2. Fill in a 'reference' with tag 'vendor advisory' with the URL to your public announcement about this issue. ASF Security will be notified and will submit to the CVE project and will set the state to 'PUBLIC'.
    3. Send the OSS Email and ASF Email email
    4. Update the security page on site
    5. Transform the related Jira to a security issue
      1. Set it as a OFBIZ-1525 subtask
      2. Change the title by beginning with [SECURITY] (CVE-AAAA-cveNumber)
    6. Send an email to all finders with the URL to your public announcement.

Creating a new release branch

...

  1. Create a new branch named release<YY.MM>
    1. For example: release18.12 is the name of the release branch created in December, 2018
  2. Edit the VERSION file in the OFBiz home folder to contain the same <YY.MM> of the release branch
  3. In Jira, rename the version "Upcoming Branch" into "<YY.MM.01>" (i.e. the name of the first release of the new branch)
  4. In Jira, create a new version named "Upcoming Branch" and move to it all the open tasks that were assigned to "Upcoming Branch" and are not planned to be resolved in <YY.MM.01>
  5. Check Creating a new branch in BuildBot and update the BuildBot.md file
  6. Update the demos documentation, the next-manual and next patches files under demo-backup
  7. In the new main README.adoc change from trunk to  release<YY.MM> where it fits
  8. Update the GitHub workflows files changing from trunk to  release<YY.MM> where it fits.
    Notably m    odify .github/workflows/codeql-analysis.yml, <<branches: "[ trunk ]">> to <<branches: "[ release<YY.MM> ]">
  9. Update the developers page on site: https://ofbiz.apache.org/developers.html
  10. Copy the CONTRIBUTING.adoc file from the current stable to the new branch

...