Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Adds link to page about CWEs.

...

  1. Add a news item to the main page of the OFBiz website: http://ofbiz.apache.org/index.html
  2. Add the information about the release to the OFBiz download page: http://ofbiz.apache.org/download.html
  3. Create an html page with the release notes (generated by Jira)
    1. In Jira, mark the version as "released" and create a new version for the next release
  4. Add the information about the release to the release history page: http://www.apache.org/dist/ofbiz/
  5. Send an announcement to the user, dev and announce@apache.org lists
  6. Update related files

    http://ofbiz.apache.org/download.html
    http://ofbiz.apache.org/source-repositories.html
    https://github.com/apache/ofbiz-site/blob/master/doap_OFBiz.rdf
    Please complete the list if necessary...

  7. Update the release informations on other sites: OFBiz on other sites
  8. If it's an EOL release announce using one of the files at https://svn.apache.org/repos/private/pmc/ofbiz/security/EOL-Drafts
  9. If the release embeds a CVE (ie a fix for a security vulnerabilty)
    1. Complete the CVE information at https://cveprocess.apache.org/cve5 following the instructions. This page can be useful to determine CWEs.
    2. Send the OSS Email and ASF Email email
    3. Fill in a 'reference' with tag 'vendor advisory' with the URL to your public announcement about this issue.
      ASF Security will be notified and will submit to the CVE project and will set the state to 'PUBLIC'.
    4. Update the security page on site
    5. Transform the related Jira to a security issue
      1. Set it as a OFBIZ-1525 subtask
      2. Change the title by beginning with [SECURITY] (CVE-AAAA-cveNumber)
    6. Send an email to all finders with the URL to your public announcement, or simply transfer them the announcement email.

...