Versions Compared

Old Version 11

changes.mady.by.user Maurizio Cucchiara

Saved on

compared with

New Version Current

changes.mady.by.user Lukasz Lenart

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

  • When a serious security issue arises, we should try to create a #.#.#.X branch from the last GA release, and apply to that branch only
    the security patch.
  • If the patch first applies to some other dependency, implore the other group to do the same, to avoid side-effects from other changes.
  • If the release manager would like to "fast track" a vote, so as to make a security fix available quickly, the preferred procedure is to
    • Wiki MarkupInclude the term "fast-track" in the subject, as in {{\[VOTE\] Struts 2.0.9.1 quality (fast track)}}
    • In the vote message, specify voting terms like:
No Format
The Struts #.#.#.# test build is now available.

(optional (in case of the presence of security bulletin)
It includes the latest security patches which fix two possible vulnerabilities:
* ...
* ...

For details and the rationale behind these changes, please consult the
corresponding security bulletins:
* https://cwiki.apache.org/confluence/display/WW/S2-XXX
* https://cwiki.apache.org/confluence/display/WW/S2-XXX

Please note that currently these bulletins and the release notes are
only visible to logged-in users with the struts-committer role. This is
a needed requirement to control disclosure until the actual release is
announced.
(/optional)

Release notes:
* [https://cwiki.apache.org/confluence/display/WW/Version+Notes+#.#.#.#]

Distribution:
* [http://people.apache.org/builds/struts/#.#.#.#/]

Maven 2 staging repository:
* [https://repository.apache.org/content/groups/staging/]

Once you have had a chance to review the test build, please respond with a vote on its quality:

[ ] Leave at test build
[ ] Alpha
[ ] Beta
[ ] General Availability (GA)

Everyone who has tested the build is invited to vote. Votes by PMC members are considered binding. A vote passes if there are at least three binding +1s and more +1s than -1s.

This is a "fast-track" release vote. If we have a positive vote after 24 hours (at least three binding +1s and more +1s than -1s),  the release may be submitted for mirroring and announced to the usual channels.

The website download link will include the mirroring timestamp parameter [1], which limits the selection of mirrors to those that have been refreshed since the indicated time and date. (After 24 hours, we *must* remove the timestamp parameter from the website link, to avoid unnecessary server load.) In the case of a fast-track release, the email announcement will not link directly to <download.cgi>, but to <downloads.html>, so that we can control use of the timestamp parameter.

[1] <[http://apache.org/dev/mirrors.html#use|http://apache.org/dev/mirrors.html#use]>

- The Apache Struts group.

Please be sure to update Security Bulletins accordingly as described above.