aboutsummaryrefslogtreecommitdiffstats
path: root/docs/doing-a-release.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/doing-a-release.rst')
-rw-r--r--docs/doing-a-release.rst16
1 files changed, 16 insertions, 0 deletions
diff --git a/docs/doing-a-release.rst b/docs/doing-a-release.rst
index 45617985..f87a4499 100644
--- a/docs/doing-a-release.rst
+++ b/docs/doing-a-release.rst
@@ -3,6 +3,20 @@ Doing a release
Doing a release of ``cryptography`` requires a few steps.
+Security Releases
+-----------------
+
+In addition to the other steps described below, for a release which fixes a
+security vulnerability, you should also include the following steps:
+
+* Request a `CVE from MITRE`_. Once you have received the CVE, it should be
+ included in the :doc:`changelog`. Ideally you should request the CVE before
+ starting the release process so that the CVE is available at the time of the
+ release.
+* Ensure that the :doc:`changelog` entry credits whoever reported the issue.
+* The release should be announced on the `oss-security`_ mailing list, in
+ addition to the regular announcement lists.
+
Verifying OpenSSL version
-------------------------
@@ -78,6 +92,8 @@ Post-release tasks
* Send an email to the `mailing list`_ and `python-announce`_ announcing the
release.
+.. _`CVE from MITRE`: https://cveform.mitre.org/
+.. _`oss-security`: http://www.openwall.com/lists/oss-security/
.. _`upgrading OpenSSL issue template`: https://github.com/pyca/cryptography/issues/new?template=openssl-release.md
.. _`milestone`: https://github.com/pyca/cryptography/milestones
.. _`mailing list`: https://mail.python.org/mailman/listinfo/cryptography-dev
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-09 22:26:35 +0000