Changes in security-vulnerability-runbook.md

c190d7c4 - Document the effect of CI outages on releases (#12521)

Wed, 04 Feb 2026 21:25:20 +0000

Document the effect of CI outages on releases (#12521)* Document the effect of CI outages on releasesClearly specify in our documentation that we are entirely subject to theshims of Azure and GitHub Actions. If they're down we just simply can'tdo a release and there's nothing we can do about it. Document this bothfor ourselves and for external users to understand our own limitations.An offer is made as well in case a company is willing to donateresources (e.g. money or engineering) to improve the situation as well.* Update docs/stability-release.mdCo-authored-by: Nick Fitzgerald ---------Co-authored-by: Nick Fitzgerald List of files: /wasmtime-44.0.1/docs/security-vulnerability-runbook.md

d335c07f - Adjust vulnerability runbook to not open PR version bumps (#11919)

Wed, 22 Oct 2025 22:35:09 +0000

Adjust vulnerability runbook to not open PR version bumps (#11919)Historically this was needed to give some time to figure out CI issues,if any. Nowadays though we test all release branches weekly to ensuretheir CI is running so any failures should be at most a week old. Giventhat there's no need to open version bumps ahead of time. This alsoavoids leaking information in advance disclosure about affected versionswhich narrows the range of the where the bug could be. List of files: /wasmtime-44.0.1/docs/security-vulnerability-runbook.md

7bf9be52 - Fix a missing link in the vulnerability runbook (#10818)

Tue, 20 May 2025 21:03:35 +0000

Fix a missing link in the vulnerability runbook (#10818) List of files: /wasmtime-44.0.1/docs/security-vulnerability-runbook.md

63f8267a - Add RustSec filing to our advisory process (#10708)

Fri, 02 May 2025 16:03:44 +0000

Add RustSec filing to our advisory process (#10708)All our historical advisories have now been back-filled and it has beenok'd to have a mostly empty description that points to the GitHubadvisories we publish in this repository. Update the runbook processwith a final step mentioning RustSec.Closes #10344 List of files: /wasmtime-44.0.1/docs/security-vulnerability-runbook.md

2de55ccf - Add documentation for Wasmtime's LTS releases (#10481)

Mon, 31 Mar 2025 18:49:16 +0000

Add documentation for Wasmtime's LTS releases (#10481)* Add documentation for Wasmtime's LTS releasesWith Wasmtime's [LTSreleases](https://github.com/bytecodealliance/rfcs/pull/42) this commitdocuments the various process changes and updates to our releaseprocess. Additionally some improvements are made to the releasedocumentation with respect to showing current versions.* Refactor some backport criteria docs* Review comments List of files: /wasmtime-44.0.1/docs/security-vulnerability-runbook.md

866ede95 - Document a Wasmtime-specific vulnerability runbook (#9433)

Thu, 10 Oct 2024 16:48:43 +0000

Document a Wasmtime-specific vulnerability runbook (#9433)This commit codifies the process [documentedhere](https://github.com/bytecodealliance/rfcs/blob/main/accepted/vulnerability-response-runbook.md)in the Wasmtime repository as it relates to Wasmtime itself. There'salso a few minor changes from recent advisories such as:* We'll no longer use the publish-the-changes-from-the-advisory feature from GitHub. That basically just doesn't work any more.* PRs will instead be manually created to have CI run on them to weed out any issues.* Details about preparing the `main` branch ahead of the release are interleaved with the rest of the runbook.The intention is to supplement the official runbook withWasmtime-specific information and flesh out a few minor steps we'refollowing that are "extra" here too. List of files: /wasmtime-44.0.1/docs/security-vulnerability-runbook.md