mirror of
https://github.com/django/django.git
synced 2025-06-05 11:39:13 +00:00
Documented how to request CVE IDs.
This commit is contained in:
parent
19f1321fa4
commit
6fdb12cdcc
@ -92,8 +92,11 @@ any time leading up to the actual release:
|
|||||||
the release. We maintain a list of who gets these pre-notification emails in
|
the release. We maintain a list of who gets these pre-notification emails in
|
||||||
the private ``django-core`` repository. Send the mail to
|
the private ``django-core`` repository. Send the mail to
|
||||||
``security@djangoproject.com`` and BCC the pre-notification recipients.
|
``security@djangoproject.com`` and BCC the pre-notification recipients.
|
||||||
This email should be signed by the key you'll use for the release, and
|
This email should be signed by the key you'll use for the release and
|
||||||
should include patches for each issue being fixed.
|
should include `CVE IDs <https://cveform.mitre.org/>`_ (requested with
|
||||||
|
Vendor: djangoproject, Product: django) and patches for each issue being
|
||||||
|
fixed. Also, :ref:`notify django-announce <security-disclosure>` of the
|
||||||
|
upcoming security release.
|
||||||
|
|
||||||
#. As the release approaches, watch Trac to make sure no release blockers
|
#. As the release approaches, watch Trac to make sure no release blockers
|
||||||
are left for the upcoming release.
|
are left for the upcoming release.
|
||||||
|
Loading…
x
Reference in New Issue
Block a user