website/developer-docs: update release procedure to include CVEs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-12-22 18:07:59 +01:00
parent fb09df26c9
commit ca6cd8a4d3
No known key found for this signature in database

View file

@ -110,6 +110,7 @@ If you have any questions or comments about this advisory:
Include the new file in the `/website/sidebars.js`
- Check with the original reporter that the fix works as intended
- Wait for GitHub to assign a CVE
- Announce the release of the vulnerability via Mailing list and discord
<details><summary>Mailing list template</summary>
@ -118,7 +119,7 @@ If you have any questions or comments about this advisory:
Subject: `Notice of upcoming authentik Security releases 2022.10.3 and 2022.11.3`
```markdown
We'll be publishing a security Issue and accompanying Fix on _date_, 13:00 UTC with the Criticality level High. Fixed versions x, y and z will be released alongside a workaround for previous versions. For more infos, see the authentik Security policy here: https://goauthentik.io/docs/security/policy.
We'll be publishing a security Issue (CVE-2022-xxxxx) and accompanying fix on _date_, 13:00 UTC with the Criticality level High. Fixed versions x, y and z will be released alongside a workaround for previous versions. For more info, see the authentik Security policy here: https://goauthentik.io/docs/security/policy.
```
</p>
@ -128,7 +129,7 @@ We'll be publishing a security Issue and accompanying Fix on _date_, 13:00 UTC w
<p>
```markdown
@everyone We'll be publishing a security Issue and accompanying Fix on _date_, 13:00 UTC with the Criticality level High. Fixed versions x, y and z will be released alongside a workaround for previous versions. For more infos, see the authentik Security policy here: https://goauthentik.io/docs/security/policy.
@everyone We'll be publishing a security Issue (CVE-2022-xxxxx) and accompanying fix on _date_, 13:00 UTC with the Criticality level High. Fixed versions x, y and z will be released alongside a workaround for previous versions. For more info, see the authentik Security policy here: https://goauthentik.io/docs/security/policy.
```
</p>
@ -136,7 +137,7 @@ We'll be publishing a security Issue and accompanying Fix on _date_, 13:00 UTC w
### Creating a security release
- On the date specified in the announcement, push the local `security/CVE-...` branch into a PR, and squash merge it if the pipeline passes
- On the date specified in the announcement, push the local `security/CVE-2022-xxxxx` branch into a PR, and squash merge it if the pipeline passes
- If the fix made any changes to the API schema, merge the PR to update the web API client
- Cherry-pick the merge commit onto the version branch
- If the fix made any changes to the API schema, manually install the latest version of the API client in `/web`
@ -149,7 +150,7 @@ We'll be publishing a security Issue and accompanying Fix on _date_, 13:00 UTC w
Subject: `Release of authentik Security releases 2022.10.3 and 2022.11.3`
```markdown
The security advisory has been published: https://github.com/goauthentik/authentik/security/advisories/GHSA-mjfw-54m5-fvjf
The security advisory for CVE-2022-xxxxx has been published: https://github.com/goauthentik/authentik/security/advisories/GHSA-mjfw-54m5-fvjf
Releases with fixes are being built and will be available here: https://github.com/goauthentik/authentik/releases
```
@ -163,7 +164,7 @@ Releases with fixes are being built and will be available here: https://github.c
```markdown
[...existing announcement...]
Edit: Advisory is here https://github.com/goauthentik/authentik/security/advisories/GHSA-mjfw-54m5-fvjf, the fixed versions are currently building and will be available here: https://github.com/goauthentik/authentik/releases
Edit: Advisory for for CVE-2022-xxxxx has been published here https://github.com/goauthentik/authentik/security/advisories/GHSA-mjfw-54m5-fvjf, the fixed versions are currently building and will be available here: https://github.com/goauthentik/authentik/releases
```
</p>