...
- Add a news item to the main page of the OFBiz website: http://ofbiz.apache.org/index.html
- Add the information about the release to the OFBiz download page: http://ofbiz.apache.org/download.html
- Create an html page with the release notes (generated by Jira)
- In Jira, mark the version as "released" and create a new version for the next release
- Add the information about the release to the release history page: http://www.apache.org/dist/ofbiz/
- Send an announcement to the user, dev and announce@apache.org lists
Update related files
http://ofbiz.apache.org/download.html
http://ofbiz.apache.org/source-repositories.html
https://github.com/apache/ofbiz-site/blob/master/doap_OFBiz.rdf
Please complete the list if necessary...- Update the release informations on other sites: OFBiz on other sites
- If it's an EOL release announce using one of the files at https://svn.apache.org/repos/private/pmc/ofbiz/security/EOL-Drafts
- If the release embeds a CVE (ie a fix for a security vulnerabilty)
- Complete the CVE information at https://cveprocess.apache.org/cve5 following the instructions. This page can be useful to determine CWEs.
- Send the OSS Email and ASF Email email
- Fill in a 'reference' with tag 'vendor advisory' with the URL to your public announcement about this issue.
ASF Security will be notified and will submit to the CVE project and will set the state to 'PUBLIC'. - Update the security page on site
- Transform the related Jira to a security issue
- Set it as a OFBIZ-1525 subtask
- Change the title by beginning with [SECURITY] (CVE-AAAA-cveNumber)
- Send an email to all finders with the URL to your public announcement, or simply transfer them the announcement email.
...