security-release-process.md - OpenGrok cross reference for /third_party/node/doc/contributing/security-release-process.md

Lines Matching full:security
1 # Security release process
3 The security release process covers the steps required to plan/implement a
4 security release. This document is copied into the description of the Next
5 Security Release and used to track progress on the release. It contains _**TEXT
9 ## Security release stewards
11 For each security release, a security steward will take ownership for
12 coordinating the steps outlined in this process. Security stewards
17 [security steward on/off boarding](security-steward-on-off-boarding.md).
19 The current security stewards are documented in the main Node.js
20 [README.md](https://github.com/nodejs/node#security-release-stewards).
42   `Next Security Release`, and put this checklist in the description.
62       security release blog page:
81       between Security Releases.
96   If the security release will only contain an OpenSSL update consider
100   Since this security release will only include updates for OpenSSL, if you're using
102   installed OpenSSL, this Node.js security update might not concern you. You may
104   security announcements for the distribution.
108   * Subject: `Node.js security updates for all active release lines, Month Year`
112   For more information see: https://nodejs.org/en/blog/vulnerability/month-year-security-releases/
117 * [ ] CC `oss-security@lists.openwall.com` on pre-release
121 `oss-security@lists.openwall.com` as a CC.
126   Security release pre-alert:
134   https://nodejs.org/en/blog/vulnerability/month-year-security-releases/
137   We specifically ask that collaborators other than the releasers and security
138   steward working on the security release do not tweet or publicise the release
146 * [ ] Notify [docker-node][] of upcoming security release date: _**LINK**_
148   Heads up of Node.js security releases Day Month Year
150 …As per the Node.js security release process this is the FYI that there is going to be a security r…
153 * [ ] Notify build-wg of upcoming security release date by opening an issue
156   Heads up of Node.js security releases Day Month Year
158 …As per security release process this is a heads up that there will be security releases Day Month …
174   * CC: `oss-security@lists.openwall.com`
175   * Subject: `Node.js security updates for all active release lines, Month Year`
179   For more information see: https://nodejs.org/en/blog/vulnerability/month-year-security-releases/
184   Security release:
186   New security releases are now available for versions <add versions> of Node.js.
188   https://nodejs.org/en/blog/vulnerability/month-year-security-releases/
202   [core](https://github.com/nodejs/security-wg/tree/HEAD/vuln/core)
205 …[json](https://github.com/nodejs/security-wg/blob/0d82062d917cb9ddab88f910559469b2b13812bf/vuln/co…
214 …[Security release stewards](https://github.com/nodejs/node/blob/HEAD/doc/contributing/security-rel…
221 When a CVE is reported as fixed in a security release and it turns out that the