mirror of
https://github.com/etcd-io/etcd.git
synced 2024-09-27 06:25:44 +00:00
08db37db54
Create security disclosure and release process, and team to handle issues. Related # https://github.com/etcd-io/maintainers/issues/1
89 lines
2.2 KiB
Markdown
89 lines
2.2 KiB
Markdown
# etcd Security Process Email Templates
|
|
|
|
This is a collection of email templates to handle various situations the security team encounters.
|
|
|
|
## Upcoming security release
|
|
|
|
```
|
|
Subject: Upcoming security release of etcd $VERSION
|
|
To: etcd-dev@googlegroups.com
|
|
Cc: security@etcd-io
|
|
|
|
Hello etcd Community,
|
|
|
|
The etcd Product Security Committee and maintainers would like to announce the forthcoming release
|
|
of etcd $VERSION.
|
|
|
|
This release will be made available on the $ORDINALDAY of $MONTH $YEAR at
|
|
$PDTHOUR PDT ($GMTHOUR GMT). This release will fix $NUMDEFECTS security
|
|
defect(s). The highest rated security defect is considered $SEVERITY severity.
|
|
|
|
No further details or patches will be made available in advance of the release.
|
|
|
|
**Thanks**
|
|
|
|
Thanks to $REPORTER, $DEVELOPERS, and the $RELEASELEADS for the coordination is making this release.
|
|
|
|
Thanks,
|
|
|
|
$PERSON on behalf of the etcd Product Security Committee and maintainers
|
|
```
|
|
|
|
## Security Fix Announcement
|
|
|
|
```
|
|
Subject: Security release of etcd $VERSION is now available
|
|
To: etcd-dev@googlegroups.com
|
|
Cc: security@etcd-io
|
|
|
|
Hello etcd Community,
|
|
|
|
The Product Security Committee and maintainers would like to announce the availability of etcd $VERSION.
|
|
This addresses the following CVE(s):
|
|
|
|
* CVE-YEAR-ABCDEF (CVSS score $CVSS): $CVESUMMARY
|
|
...
|
|
|
|
Upgrading to $VERSION is encouraged to fix these issues.
|
|
|
|
**Am I vulnerable?**
|
|
|
|
Run `etcd --version` and if it indicates a base version of $OLDVERSION or
|
|
older that means it is a vulnerable version.
|
|
|
|
<!-- Provide details on features, extensions, configuration that make it likely that a system is
|
|
vulnerable in practice. -->
|
|
|
|
**How do I mitigate the vulnerability?**
|
|
|
|
<!--
|
|
[This is an optional section. Remove if there are no mitigations.]
|
|
-->
|
|
|
|
**How do I upgrade?**
|
|
|
|
Follow the upgrade instructions at https://etcd.io/docs
|
|
|
|
**Vulnerability Details**
|
|
|
|
<!--
|
|
[For each CVE]
|
|
-->
|
|
|
|
***CVE-YEAR-ABCDEF***
|
|
|
|
$CVESUMMARY
|
|
|
|
This issue is filed as $CVE. We have rated it as [$CVSSSTRING]($CVSSURL)
|
|
($CVSS, $SEVERITY) [See the GitHub issue for more details]($GITHUBISSUEURL)
|
|
|
|
**Thanks**
|
|
|
|
Thanks to $REPORTER, $DEVELOPERS, and the $RELEASELEADS for the
|
|
coordination in making this release.
|
|
|
|
Thanks,
|
|
|
|
$PERSON on behalf of the etcd Product Security Committee and maintainers
|
|
```
|