Include CVE IDs in Release Notes for Security Fixes
Description
Ensure release notes include the CVE ID for patched security vulnerabilities
Details
- Default Category: coordinated vulnerability disclosure
- Default Priority Group: P7
- Implementation Details: It is manual (details).
- C-SCRM: false
- Sources: OpenSSF Best Practices Badge Passing Level (release_notes_vulns)