tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

Updated security release process with identifiers

Browse Source
This commit is contained in:
Ingo Schommer 2013-08-13 01:26:24 +02:00
parent 6ee0d53f40
commit aff36c8845
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/en/misc/release-process.md
View File

@ -132,6 +132,10 @@ In the event of a confirmed vulnerability in SilverStripe core, we will take the
* Acknowledge to the reporter that weve received the report and that a fix is forthcoming. Well give a rough
timeline and ask the reporter to keep the issue confidential until we announce it.
* Assign a unique identifier to the issue in the format `SS-<year>-<count>`,
where `<count>` is a padded three digit number counting issues for the year.
Example: `SS-2013-001` would be the first of the year `2013`.
Additionally, [CVE](http://cve.mitre.org) numbers are accepted.
* Halt all other development as long as is needed to develop a fix, including patches against the current and one
previous major release (if applicable).
* We will inform you about resolution and [announce](http://groups.google.com/group/silverstripe-announce) a