THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- When a serious security issue arises, we should try to create a
STRUTS_#_#_#_X
branch from the last GA release (from tag).code
Read the maven release:branch docs for further detailsNo Format mvn release:branch -DbranchName=STRUTS_#_#_#_X
or alternatively
No Format |
---|
svn copy https://svn.apache.org/repos/asf/struts/struts2/tags/STRUTS_#_#_# https://svn.apache.org/repos/asf/struts/struts2/branches/STRUTS_#_#_#_X -m "Creating new branch"
|
Note |
---|
The svn copy just copies the struts branch from the struts tags, no info about the version will be changed. |
- Apply to that branch only the security patch
- Commit the fix. No reference should be make to the commit being related to a security vulnerability.
- If the patch first applies to some other dependency, implore the other group to do the same, to avoid side-effects from other changes.
- Release the upcoming version in JIRA (under Administration/Manage Releases) and tag the release date
- Create DONE and TODO filters for the new version, share with all, and remove obsolete TODO filter
- Create a new Version Notes page in Confluence, link from Migration Guide, and link to prior release page and JIRA DONE filters of the version to release, secure the page to allow access only member of struts-committers group in Confluence
...