The last Candidate Release (CR) is ready for QE at http://download.devel.redhat.com/devel/candidates/rhoar/.

Productization gate checks have been finished and results recorded. This has a form of a Jenkins pipeline at the PCT-operated Jenkins instance (http://10.8.243.110:8080/). As part of that, a Content Deliverables for RCM document has been created, as a clone of this Mojo document (see the Thorntail 2.2.0 document for inspiration). Also, a SourceClear check has been performed (https://prod-core-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/job/SourceClear-Validation/).

Any new shared content requests or cross-product agreements have been finalized.

The advisories (errata) have been created. If the product release contains fixes for security issues (CVEs), there needs to be a Red Hat Security Advisory (RHSA). If there's no CVE fix, then there either needs to be an RHEA or RHBA. If the product release contains new features (major and probably also minor versions), there needs to be a Red Hat Enhancement Advisory (RHEA). If the product release only contains bug fixes and minor changes (micro versions), there needs to be a Red Hat Bugfix Advisory (RHBA). Note that we only file an RHSA if the security fixes are in code that we actually build – if there's a security fix in upstream code that we don't rebuild, such as Spring Boot, it must not be an RHSA.