From ffc67769965ae6ab4e5a5fc2829f1cdc3a961c3d Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Thu, 24 Mar 2022 10:31:29 -0400 Subject: [PATCH] doc: add suggestion for OpenSSL only sec releases MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes: https://github.com/nodejs/TSC/issues/1187 Signed-off-by: Michael Dawson PR-URL: https://github.com/nodejs/node/pull/42456 Reviewed-By: Darshan Sen Reviewed-By: James M Snell Reviewed-By: Danielle Adams Reviewed-By: Tobias Nießen --- doc/contributing/security-release-process.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/doc/contributing/security-release-process.md b/doc/contributing/security-release-process.md index 6aee4655ad75b8..1fe257181b6fb8 100644 --- a/doc/contributing/security-release-process.md +++ b/doc/contributing/security-release-process.md @@ -74,6 +74,17 @@ The current security stewards are documented in the main Node.js (Re-PR the pre-approved branch from nodejs-private/nodejs.org-private to nodejs/nodejs.org) + If the security release will only contain an OpenSSL update consider + adding the following to the pre-release announcement: + + ```text + Since this security release will only include updates for OpenSSL, if you're using + a Node.js version which is part of a distribution which uses a system + installed OpenSSL, this Node.js security update might not concern you. You may + instead need to update your system OpenSSL libraries, please check the + security announcements for the distribution. + ``` + * [ ] Pre-release announcement [email][]: _**LINK TO EMAIL**_ * Subject: `Node.js security updates for all active release lines, Month Year` * Body: