From 4b7bc9f87cca6b0ef2b84d8d91ee544eaa31977c Mon Sep 17 00:00:00 2001 From: Kevin-CB Date: Mon, 14 Aug 2023 10:14:29 +0200 Subject: [PATCH] CNA scope conflict improvement --- content/security/for-maintainers.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/security/for-maintainers.adoc b/content/security/for-maintainers.adoc index 3d038f19dfd4..64fdc14f6129 100644 --- a/content/security/for-maintainers.adoc +++ b/content/security/for-maintainers.adoc @@ -101,7 +101,7 @@ The following is a rough approximation of the typical recommended lifecycle of a .. The security team provides a private repository for that work in the `jenkinsci-cert` GitHub organization. .. Work usually happens on a branch, and a corresponding pull request will be used for review. . A *date and time of the release is coordinated* between the security team and maintainers. - The security team handles CVE ID assignment, advance notification of users, and creation of the security advisory. + The security team handles CVE ID assignment (in cases where there is no CNA scope conflict), advance notification of users, and creation of the security advisory. . The *security fix is merged*. For details, see link:#merging[Merge the Fix] below. . A version of the plugin containing the fix is *uploaded to a staging repository* (see link:#upload[Stage with Maven] below).