Delivery date: EOB Oct 16 (the release date for the fix is constrained by the CVE's fix-by date. The constraint only applies to the 2.13 release stream, because it is a CVE fix on a live product release. RHBQ 3.2 is not public yet, so we have the option of delivering the fix later, but we'll still need to release it as soon as possible).

Required actions:

• Update the version string in downstream RHBQ docs to reflect the version of the SP3 BOM: 2.13.8.SP3-redhat-00001
• (CR build is still TBD, bu the internal release is out for testing since Oct 13: https://download.eng.brq.redhat.com/rcm-guest/staging/quarkus/quarkus-platform-2.13.8.SP3.DR1/. I will provide a link to the CR build when it's available)
• CR1 released Oct 16: https://download.eng.bos.redhat.com/rcm-guest/staging/quarkus/quarkus-platform-2.13.8.SP3.CR1/
• Add an entry for the CVE-2023-44487 fix under Security Fixes in the Release Notes. Link to the 2.13 JIRA for the fix: QUARKUS-3468
• RHSA Advisory: RHSA-2023:5724 (Live ID assigned)