This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 66d8fe02c82 Update security issues announcement section in
`README_RELEASE_PROVIDERS` (#63751)
66d8fe02c82 is described below
commit 66d8fe02c821de8716658b59ffe105e9575a891c
Author: Vincent <[email protected]>
AuthorDate: Mon Mar 16 16:23:14 2026 -0400
Update security issues announcement section in `README_RELEASE_PROVIDERS`
(#63751)
---
dev/README_RELEASE_PROVIDERS.md | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/dev/README_RELEASE_PROVIDERS.md b/dev/README_RELEASE_PROVIDERS.md
index da841c6ae34..fd53cd5c925 100644
--- a/dev/README_RELEASE_PROVIDERS.md
+++ b/dev/README_RELEASE_PROVIDERS.md
@@ -1413,8 +1413,9 @@ Trying to send HTML content will result in failure.
## Send announcements about security issues fixed in the release
The release manager should review and mark as READY all the security issues
fixed in the release.
-Such issues are marked as affecting `< <JUST_RELEASED_VERSION>` in the CVE
management tool
-at https://cveprocess.apache.org/. Then the release manager should announced
the issues via the tool.
+Such issues can be listed under the `Next wave of providers` milestone in
[security
issues](https://github.com/airflow-s/airflow-s/issues?q=is%3Aissue%20state%3Aopen%20milestone%3A%22Next%20wave%20of%20providers%22).
+Go through the list of these issues and check for each of them the fix has
been released as part of this release.
+Then the release manager should announce the issues via the CVE management
tool at https://cveprocess.apache.org/.
Once announced, each of the issue should be linked with a 'reference' with tag
'vendor advisory' with the
URL to the announcement published automatically by the CVE management tool.
