daohualiuxiang
/
node
mirror of https://github.com/nodejs/node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc: include CVE to EOL lines as sec release process 

Refs: https://github.com/nodejs/security-wg/issues/1401
PR-URL: https://github.com/nodejs/node/pull/56520
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
pull/56591/head
Rafael Gonzaga 2025-01-10 14:02:12 -03:00 committed by GitHub
parent 25b22e4754
commit 649da3b837
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/contributing/security-release-process.md
View File

@ -65,6 +65,8 @@ The current security stewards are documented in the main Node.js
* [ ] 4\. **Requesting CVEs:**
* Request CVEs for the reports with `git node security --request-cve`.
* Make sure to have a green CI before requesting a CVE.
* Check if there is a need to issue a CVE for any version that became
EOL after the last security release through [this issue](https://github.com/nodejs/security-wg/issues/1419).
* [ ] 5\. **Choosing or Updating Release Date:**
* Get agreement on the planned date for the release.