Closed
Description
Regular releases:
- Bump
.soversion info, document in change log -
make distchecksource tarballs using./distribute.sh - Build Windows installer
- SourceForge:
- Upload Windows installer
- Upload source tarballs +
.ascGPG signature (Feature request: GPG-signed release tarballs #193) - Make one new source tarball default download for all but Windows
- Make new installer binary default download for Windows
- GitHub:
- Create new release
- Create signed Git tag and push it — https://github.com/libexpat/libexpat/releases/tag/R_2_2_8
- Upload source tarball +
.ascGPG signature (Feature request: GPG-signed release tarballs #193) - Upload Windows installer
- Let the community know:
- News item on https://libexpat.github.io/
- Mail Expat distro maintainers directly
- Write to the xml-dev mailing list — http://lists.xml.org/archives/xml-dev/201909/msg00013.html
- Blog about it at
blog.hartwork.org— https://blog.hartwork.org/posts/expat-228-with-security-fixes-has-been-released/- Submit to Hacker News — https://news.ycombinator.com/item?id=20972658
- Blog about it at
xml.com— https://www.xml.com/news/2019-09-expat-228/
- (Bump ebuild in Gentoo — gentoo/gentoo@4705488)
Specific to 2.2.8:
- Handle security issue [CVE-2019-15903] Heap overflow in XML_GetCurrentLineNumber #317 / [CVE-2019-15903] Deny internal entities closing the doctype (for #317) #318
- Request CVE — https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
- Add CVE to change log
- Open security bug in Gentoo — https://bugs.gentoo.org/694362
- Mail security teams