Versions Compared

Old Version 47

changes.mady.by.user Jacques Le Roux

Saved on

compared with

New Version 48

changes.mady.by.user Jacques Le Roux

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: About CVE-2022-25371

...

  1. Create a release tag named: release<YY.MM.NN>
    1. For example: release18.12.02
    2. Create the release tag on all the relevant repositories such as ofbiz-framework and ofbiz-plugins 
  2. Export/extract the release branch in a local folder named apache-ofbiz-<YY.MM.NN>
  3. Modify the following files in the main folder:
    1. edit the LICENSE file: if it is a framework+plugins release then simply remove the LICENSE file under plugins; if it is a framework only release then edit the LICENSE file to remove the references to plugins; if it is a plugin release that add NOTICE and check the validity of the LICENSE file (or add one if missing);
    2. put the release version number in the VERSION file;
    3. disable the Birt component (in its ofbiz-component.xml) because of CVE-2022-25371 and add:
      <!--
         Warning: before you enable this component please read:
         Using BIRT with OFBiz
      -->
  4. Remove the Gradle wrapper bin files
  5. Compress the exported folder as apache-ofbiz-<YY.MM.NN>.zip
  6. Create an OpenPGP Compatible ASCII Armored Detached Signature named apache-ofbiz-<YY.MM.NN>.zip.asc
  7. Create an SHA512 Checksum named apache-ofbiz-<YY.MM.NN>.zip.sha512
  8. Commit the 3 release files to https://dist.apache.org/repos/dist/dev/ofbiz/

...