[Geoserver-devel] Developers guide security policy update

Following up on an action item:

• action: Add something to our developers guide for geoserver-security list (in addition to SECURITY.md note)

I have adapted the text of GISP-220 (which was quite complete given the feedback) into a PR for the developers guide:

• [GEOS-11455] Update developers guide with GSIP-220 security policy

It had been a while since I looked at the developer guide, I noticed some headings were incorrect and gathered up the release instructions:

• Gather up release docs

• fix cite test instructions headings for table of contents

Thanks for the PR reviews.

The developer guide is now updated: https://docs.geoserver.org/latest/en/developer/policies/security.html

I expect we will refine this over time as we learn from experience.

I am not sure about anyone else, but I have been getting a number of private emails sent to me (redirected to geoserver-users or commercial support page as appropriate).

So I believe that use of CVE as an experiment is working - it is reaching a wider audience then our release announcements and emails.