Versions Compared

Old Version 26

changes.mady.by.user Lukasz Lenart

Saved on

compared with

New Version 27

changes.mady.by.user Lukasz Lenart

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. When a serious security issue arises, we should try to create a STRUTS_#_#_#_X branch from the last GA release (from tag - check it out and use mvn release:branch as below).
    No Format
    mvn release:branch -DbranchName=STRUTS_#_#_#_X -DupdateBranchVersions=true -DupdateWorkingCopyVersions=false -DautoVersionSubmodules=true
    Read the maven release:branch docs for further details or alternatively No Format
    
svn copy https://svn.apache.org/repos/asf/struts/struts2/tags/STRUTS_#_#_# https://svn.apache.org/repos/asf/struts/struts2/branches/STRUTS_#_#_#_X -m "Creating new branch"
    Note

    The svn copy command just copies the struts branch from the struts tags, no info about the version will be changed, you have to update in the next steps #Change scm info.

  2. Apply to that branch only the security patch
  3. Commit the fix. No reference should be make to the commit being related to a security vulnerability.
  4. If the patch first applies to some other dependency, implore the other group to do the same, to avoid side-effects from other changes.
  5. Release the upcoming version in JIRA (under Administration/Manage Releases) and tag the release date
  6. Create DONE and TODO filters for the new version, share with all, and remove obsolete TODO filter
  7. Create a new Version Notes page in Confluence, link from Migration Guide, and link to prior release page and JIRA DONE filters of the version to release, secure the page to allow access only member of struts-committers group in Confluence

Obtain a fresh checkout of created branch.

Code Block
svn co https://svn.apache.org/repos/asf/struts/struts2/branches/STRUTS_#_#_#_X STRUTS_#_#_#_X

Change site target

Edit the top pom.xml file and replace 2.x the url below with version number that's going to be released

...


    <distributionManagement>
        <site>
            <id>apache-site</id>
            <url>scp://people.apache.org/www/struts.apache.org/2.x/</url>
        </site>
    </distributionManagement>

Change scm info

If you created the branch through the mvn release:branch command your scm info should be already fine.

Edit every pom.xml files and replace the url inside the scm info such that points to the branch version previously created:

...


<scm>
    <connection>scm:svn:http://svn.apache.org/repos/asf/struts/struts2/branches/STRUTS_#_#_#_X</connection>
    <developerConnection>scm:svn:https://svn.apache.org/repos/asf/struts/struts2/branches/STRUTS_#_#_#_X</developerConnection>
    <url>http://svn.apache.org/viewcvs.cgi/struts/struts2/branches/STRUTS_#_#_#_X</url>
</scm>

commit the change

Revert to -SNAPSHOT

Maven the release plugin can create a release only from -SNAPSHOT version, replace the current version in all poms with the planned release version plus -SNASPHOT suffix, eg.

2.3.1 -> 2.3.1.1-SNAPSHOT

...

Update version of archetypes
...