Add CVE CHANGELOG disclosure requirement to RELEASE.md (#14338)

maennchen · web-flow · commit 822aac84c992 · 2025-03-18T14:29:10.000+01:00
diff --git a/RELEASE.md b/RELEASE.md
@@ -11,6 +11,12 @@
 1. Update version in /VERSION, bin/elixir, bin/elixir.bat, and bin/elixir.ps1
 
 2. Ensure /CHANGELOG.md is updated, versioned and add the current date
+   - If this release addresses any publicly known security vulnerabilities with
+     assigned CVEs, add a "Security" section to `CHANGELOG.md`. For example:
+     ```md
+     ## Security
+     - Fixed CVE-2025-00000: Description of the vulnerability
+     ```
 
 3. Update "Compatibility and Deprecations" if a new OTP version is supported
 
