This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow-steward.git
The following commit(s) were added to refs/heads/main by this push:
new 0a2f4ad7 docs(vulnogram): name the send button "Send these Emails" in
RM hand-off (#571)
0a2f4ad7 is described below
commit 0a2f4ad744c2ebb4beec14f7154e683d17a6f30f
Author: Shahar Epstein <[email protected]>
AuthorDate: Fri Jun 26 18:06:46 2026 +0300
docs(vulnogram): name the send button "Send these Emails" in RM hand-off
(#571)
The release-manager hand-off comment templates told the RM to click the
"Send Email" button to ship the advisory. The ASF Vulnogram UI labels
that button "Send these Emails"; rename it in both the manual-paste and
OAuth-pushed variants so the RM finds the control.
Reported by the Apache Airflow security team during a CVE sync run.
Generated-by: Claude Code (Opus 4.8)
---
.../cve-tool-vulnogram/release-manager-handoff-comment-oauth-pushed.md | 2 +-
tools/cve-tool-vulnogram/release-manager-handoff-comment.md | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git
a/tools/cve-tool-vulnogram/release-manager-handoff-comment-oauth-pushed.md
b/tools/cve-tool-vulnogram/release-manager-handoff-comment-oauth-pushed.md
index e455650e..e7a21b6b 100644
--- a/tools/cve-tool-vulnogram/release-manager-handoff-comment-oauth-pushed.md
+++ b/tools/cve-tool-vulnogram/release-manager-handoff-comment-oauth-pushed.md
@@ -123,7 +123,7 @@ With the record in `READY`, click the [OSS/ASF Emails
tab](EMAIL_TAB_URL) (the `
**If anything looks wrong**: don't edit it in Vulnogram. Comment on this
tracker (just `@potiuk: the X field needs Y`) and we'll fix the corresponding
body field here, regenerate the JSON, and re-push within the next sync.
Re-preview after that.
-**If everything looks right**: click the **Send Email** button on the `#email`
tab. The advisory ships to `USERS_LIST` and `ANNOUNCE_LIST`. **That is the only
manual send action you make for this CVE.**
+**If everything looks right**: click the **Send these Emails** button on the
OSS/ASF Emails tab. The advisory ships to `USERS_LIST` and `ANNOUNCE_LIST`.
**That is the only manual send action you make for this CVE.**
> ⚠️ **Do not touch the tracker labels yourself.** Sync flips `fix released` →
> `announced - emails sent` + `announced` automatically when it sees the
> advisory in the public archive (usually within the same day). If you flip
> them manually you race the automation.
diff --git a/tools/cve-tool-vulnogram/release-manager-handoff-comment.md
b/tools/cve-tool-vulnogram/release-manager-handoff-comment.md
index 52bed4a5..45dfd3fd 100644
--- a/tools/cve-tool-vulnogram/release-manager-handoff-comment.md
+++ b/tools/cve-tool-vulnogram/release-manager-handoff-comment.md
@@ -125,7 +125,7 @@ With the record in `READY`, click the [OSS/ASF Emails
tab](EMAIL_TAB_URL) (the `
**If anything looks wrong**: don't edit it in Vulnogram. Comment on this
tracker (just `@potiuk: the X field needs Y`) and we'll fix the corresponding
body field here, regenerate the JSON, and re-push within the next sync.
Re-preview after that.
-**If everything looks right**: click the **Send Email** button on the `#email`
tab. The advisory ships to `USERS_LIST` and `ANNOUNCE_LIST`. **That is the only
manual send action you make for this CVE.**
+**If everything looks right**: click the **Send these Emails** button on the
OSS/ASF Emails tab. The advisory ships to `USERS_LIST` and `ANNOUNCE_LIST`.
**That is the only manual send action you make for this CVE.**
> ⚠️ **Do not touch the tracker labels yourself.** Sync flips `fix released` →
> `announced - emails sent` + `announced` automatically when it sees the
> advisory in the public archive (usually within the same day). If you flip
> them manually you race the automation.