The last Candidate Release (CR) is ready for QE at http://download.devel.redhat.com/devel/candidates/rhoar/.

Productization gate checks have been finished and results recorded. This has a form of a Jenkins pipeline at the PCT-operated Jenkins instance (http://10.8.243.110:8080/). As part of that, a Content Deliverables for RCM document has been created, as a clone of this Mojo document (see the Thorntail 2.2.0 document for inspiration). Also, a SourceClear check has been performed (https://prod-core-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/job/SourceClear-Validation/).

Any new shared content requests or cross-product agreements have been finalized.

The advisories (errata) have been created.

• If the product release contains fixes for security issues (CVEs), there needs to be a Red Hat Security Advisory (RHSA).
• If there's no CVE fix, then there either needs to be an RHEA or RHBA.
  • If the product release contains new features (major and probably also minor versions), there needs to be a Red Hat Enhancement Advisory (RHEA).
  • If the product release only contains bug fixes and minor changes (micro versions), there needs to be a Red Hat Bugfix Advisory (RHBA).

Remark: Note that we only file an RHSA if the security fixes are in code that we actually build – if there's a security fix in upstream code that we don't rebuild, such as Spring Boot, it must not be an RHSA !