Improve security section of release notes
In order to provide users with more details on project's state in
terms of security let's divide the security release notes into three
sections:
- Fixed Security Issues
Contains a list of security fixes merged during this
release (especially those reported via OJSI tickets).
- Known Security Issues
Contains a list of vulnerabilities detected in project during
release which have not been fixed yet and thus should be mitigated
by the user.
- Known Vulnerabilities in Used Modules
Contains information about NexusIQ scan results
Issue-ID: SECCOM-238
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I8bbac2b7e7126369e30da218b69cdc3744d3c0c5
diff --git a/docs/templates/sections/release-notes.rst b/docs/templates/sections/release-notes.rst
index 9b6688c..df61760 100644
--- a/docs/templates/sections/release-notes.rst
+++ b/docs/templates/sections/release-notes.rst
@@ -6,11 +6,11 @@
=============
.. note::
- * This Release Notes must be updated each time the team decides to Release new artifacts.
- * The scope of this Release Notes is for this particular component. In other words, each ONAP component has its Release Notes.
- * This Release Notes is cumulative, the most recently Released artifact is made visible in the top of this Release Notes.
- * Except the date and the version number, all the other sections are optional but there must be at least one section describing the purpose of this new release.
- * This note must be removed after content has been added.
+ * This Release Notes must be updated each time the team decides to Release new artifacts.
+ * The scope of this Release Notes is for this particular component. In other words, each ONAP component has its Release Notes.
+ * This Release Notes is cumulative, the most recently Released artifact is made visible in the top of this Release Notes.
+ * Except the date and the version number, all the other sections are optional but there must be at least one section describing the purpose of this new release.
+ * This note must be removed after content has been added.
Version: x.y.z
@@ -26,18 +26,28 @@
One or two sentences explaining the purpose of this Release.
**Bug Fixes**
- - `CIMAN-65 <https://jira.onap.org/browse/CIMAN-65>`_ and a sentence explaining what this defect is addressing.
+ - `CIMAN-65 <https://jira.onap.org/browse/CIMAN-65>`_ and a sentence explaining what this defect is addressing.
**Known Issues**
- - `CIMAN-65 <https://jira.onap.org/browse/CIMAN-65>`_ and two, three sentences.
- One sentences explaining what is the issue.
-
- Another sentence explaining the impact of the issue.
-
- And an optional sentence providing a workaround.
+ - `CIMAN-65 <https://jira.onap.org/browse/CIMAN-65>`_ and two, three sentences.
+ One sentences explaining what is the issue.
-**Security Issues**
- You may want to include a reference to CVE (Common Vulnerabilities and Exposures) `CVE <https://cve.mitre.org>`_
+ Another sentence explaining the impact of the issue.
+ And an optional sentence providing a workaround.
+
+**Security Notes**
+
+*Fixed Security Issues*
+
+ List of security issues fixed in this release including CVEs and OJSI tickets.
+
+*Known Security Issues*
+
+ List of new security issues that are left unfixed in this release including CVEs and OJSI tickets.
+
+*Known Vulnerabilities in Used Modules*
+
+ Results of know vulnerabilities analysis in used modules.
**Upgrade Notes**