gnh1201/wasm-micro-runtime
1
0
Fork 0
mirror of https://github.com/bytecodealliance/wasm-micro-runtime.git synced 2025-09-05 17:32:26 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

docs: add templates for advanced disclosure and security release emails in runbook (#4529)

Browse Source
This commit is contained in:
liang.he 2025-08-11 15:09:13 +08:00 committed by GitHub
parent 2d05aece1a
commit a4f3077186
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
doc/security_issue_runbook.md
View File

@ -25,6 +25,16 @@ For information on what types of issues are considered security vulnerabilities
- Request CVE: Use the Big Green Button on the advisory to request a CVE number from GitHub staff.
- Advanced Disclosure Email: Decide on a disclosure date, typically within a week, and send an email to sec-announce@bytecodealliance.org about the upcoming security release. Other ways are also available to communicate the disclosure date.
``` markdown
> A template for the advanced disclosure email
The Wamr project would like to announce a forthcoming security release.
The release will be made available on approximately YYYY-MM-DD. Additionally, an advisory will be made available on the same date at https://github.com/advisories.
The highest severity issue fixed in this release is classified as XXX based on the CVSS classification scheme.
```
## Step 5: Preparing and Testing Patch Releases
- Prepare PRs for Patch Releases: Create pull requests in the private fork for each version being patched. Ensure each PR is ready to apply cleanly and includes release notes for each release branch.
@ -38,6 +48,16 @@ For information on what types of issues are considered security vulnerabilities
- Publish GitHub Advisories: Delete the private forks and use the Big Green Button to publish the advisory.
- Send Security Release Email: Send a follow-up email to sec-announce@bytecodealliance.org describing the security release. Other communication channels can also be used to inform users about the security release.
```markdown
> A template for the security release email
[Updated YYYY-MM-DD] Security release available.
WAMR release version X.Y.Z is now available. The binary release can be found on GitHub at https://github.com/bytecodealliance/wasm-micro-runtime/releases/tag/WAMR-Y.Y.Z. This release addresses the following security issues rated XXX: https://the link of the advisory
Well be conducting a full review of our security practices to ensure ample notification is provided for future security releases.
```
By following these steps, you can effectively manage and resolve security issues for your open source project, ensuring timely communication and collaboration while maintaining the integrity and security of your software.
## References