From 28eb7c03fad692525c48c08c6ad777dce9fcf576 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 22 Dec 2022 16:13:21 +0100 Subject: [PATCH] website/developer-docs: add templates for announcing fixed security release Signed-off-by: Jens Langhammer --- website/developer-docs/releases/index.md | 29 ++++++++++++++++++++++++ website/docs/releases/v2022.12.md | 2 +- 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/website/developer-docs/releases/index.md b/website/developer-docs/releases/index.md index 21f14a1ce..42f77cdb3 100644 --- a/website/developer-docs/releases/index.md +++ b/website/developer-docs/releases/index.md @@ -115,6 +115,8 @@ If you have any questions or comments about this advisory:
Mailing list template

+Subject: `Notice of upcoming authentik Security releases 2022.10.3 and 2022.11.3` + ```markdown We'll be publishing a security Issue and accompanying Fix on _date_, 13:00 UTC with the Criticality level High. Fixed versions x, y and z will be released alongside a workaround for previous versions. For more infos, see the authentik Security policy here: https://goauthentik.io/docs/security/policy. ``` @@ -139,3 +141,30 @@ We'll be publishing a security Issue and accompanying Fix on _date_, 13:00 UTC w - Cherry-pick the merge commit onto the version branch - If the fix made any changes to the API schema, manually install the latest version of the API client in `/web` - Resume the instructions above, starting with the `bumpversion` step +- After the release has been published, update the Discord announcement and send another mail to the mailing list to point to the new releases + +

Mailing list template +

+ +Subject: `Release of authentik Security releases 2022.10.3 and 2022.11.3` + +```markdown +The security advisory has been published: https://github.com/goauthentik/authentik/security/advisories/GHSA-mjfw-54m5-fvjf + +Releases with fixes are being built and will be available here: https://github.com/goauthentik/authentik/releases +``` + +

+
+ +
Discord template +

+ +```markdown +[...existing announcement...] + +Edit: Advisory is here https://github.com/goauthentik/authentik/security/advisories/GHSA-mjfw-54m5-fvjf, the fixed versions are currently building and will be available here: https://github.com/goauthentik/authentik/releases +``` + +

+
diff --git a/website/docs/releases/v2022.12.md b/website/docs/releases/v2022.12.md index 02f26551b..85dd8e2d0 100644 --- a/website/docs/releases/v2022.12.md +++ b/website/docs/releases/v2022.12.md @@ -70,7 +70,7 @@ image: - stages/captcha: customisable URLs (#3832) - stages/user_login: prevent double success message when logging in via source - stages/user_write: always ignore `component` field and prevent warning -- web: fix authentification with Plex on iOS (#4095) +- web: fix authentication with Plex on iOS (#4095) - web/admin: better show metadata download for saml provider - web/admin: fix action button order for blueprints - web/admin: fix alignment in tables with multiple elements in cell