From 4680794e95b320f95117a6914cc9e2a874b97577 Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak Date: Wed, 29 May 2019 23:20:03 +0200 Subject: [PATCH] Improve security section of release notes In order to provide users with more details on project's state in terms of security let's divide the security release notes into three sections: - Fixed Security Issues Contains a list of security fixes merged during this release (especially those reported via OJSI tickets). - Known Security Issues Contains a list of vulnerabilities detected in project during release which have not been fixed yet and thus should be mitigated by the user. - Known Vulnerabilities in Used Modules Contains information about NexusIQ scan results Issue-ID: SECCOM-238 Signed-off-by: Krzysztof Opasiak Change-Id: I8bbac2b7e7126369e30da218b69cdc3744d3c0c5 (cherry picked from commit e32e75789b3dfc5bb8e5d699d104ea02825b3cf6) --- docs/templates/sections/release-notes.rst | 38 +++++++++++++++++++------------ 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/docs/templates/sections/release-notes.rst b/docs/templates/sections/release-notes.rst index 9b6688c36..df6176029 100644 --- a/docs/templates/sections/release-notes.rst +++ b/docs/templates/sections/release-notes.rst @@ -6,11 +6,11 @@ Release Notes ============= .. note:: - * This Release Notes must be updated each time the team decides to Release new artifacts. - * The scope of this Release Notes is for this particular component. In other words, each ONAP component has its Release Notes. - * This Release Notes is cumulative, the most recently Released artifact is made visible in the top of this Release Notes. - * Except the date and the version number, all the other sections are optional but there must be at least one section describing the purpose of this new release. - * This note must be removed after content has been added. + * This Release Notes must be updated each time the team decides to Release new artifacts. + * The scope of this Release Notes is for this particular component. In other words, each ONAP component has its Release Notes. + * This Release Notes is cumulative, the most recently Released artifact is made visible in the top of this Release Notes. + * Except the date and the version number, all the other sections are optional but there must be at least one section describing the purpose of this new release. + * This note must be removed after content has been added. Version: x.y.z @@ -26,18 +26,28 @@ Version: x.y.z One or two sentences explaining the purpose of this Release. **Bug Fixes** - - `CIMAN-65 `_ and a sentence explaining what this defect is addressing. + - `CIMAN-65 `_ and a sentence explaining what this defect is addressing. **Known Issues** - - `CIMAN-65 `_ and two, three sentences. - One sentences explaining what is the issue. - - Another sentence explaining the impact of the issue. - - And an optional sentence providing a workaround. + - `CIMAN-65 `_ and two, three sentences. + One sentences explaining what is the issue. -**Security Issues** - You may want to include a reference to CVE (Common Vulnerabilities and Exposures) `CVE `_ + Another sentence explaining the impact of the issue. + And an optional sentence providing a workaround. + +**Security Notes** + +*Fixed Security Issues* + + List of security issues fixed in this release including CVEs and OJSI tickets. + +*Known Security Issues* + + List of new security issues that are left unfixed in this release including CVEs and OJSI tickets. + +*Known Vulnerabilities in Used Modules* + + Results of know vulnerabilities analysis in used modules. **Upgrade Notes** -- 2.16.6