jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 09:57:42 -05:00
Code Issues Projects Releases Wiki Activity

[Improvement] Update release note guidelines to include packages security guidance (#40479)

Browse Source 
Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com>
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
Co-authored-by: Vanessa <vgrl@github.com>
This commit is contained in:
Rachael Rose Renk
2023-08-14 14:28:33 -06:00
committed by GitHub
parent fe1f407cb6
commit c4eae25d6d
2 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
contributing/content-style-guide.md
View File

@@ -693,6 +693,12 @@ A release note for a security fix answers the following questions.
- > **MEDIUM**: An attacker could embed dangerous links in the instance's web UI because pull request preview links did not properly sanitize URLs. This vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
#### Base image and package updates
We also include base image and dependent package updates in the "Security fixes" section, since these updates often address security issues. We consolidate all of these updates in the following note.
> Packages have been updated to the latest security versions.
### Bug fixes
A release note for a bug fix describes a correction to an undesired or otherwise unexpected behavior. Generally, notes for bug fixes are only part of patch releases.