From 3ef5373cc29885da7a5485a1400d813ff9f70bab Mon Sep 17 00:00:00 2001
From: James Strong <strong.james.e@gmail.com>
Date: Tue, 9 Aug 2022 10:54:54 -0700
Subject: [PATCH 1/3] adding cve finding and adding release-notes to PR
 template

Signed-off-by: James Strong <strong.james.e@gmail.com>
---
 .github/ISSUE_TEMPLATE/cve_report.md      | 16 ++++++++++
 .github/ISSUE_TEMPLATE/feature_request.md |  2 --
 .github/PULL_REQUEST_TEMPLATE.md          | 36 ++++++++++++++++++++++-
 3 files changed, 51 insertions(+), 3 deletions(-)
 create mode 100644 .github/ISSUE_TEMPLATE/cve_report.md

diff --git a/.github/ISSUE_TEMPLATE/cve_report.md b/.github/ISSUE_TEMPLATE/cve_report.md
new file mode 100644
index 0000000000..8ae55111bd
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/cve_report.md
@@ -0,0 +1,16 @@
+---
+name: CVE Finding Report
+about: CVE reporting for ingress-nginx
+title: ''
+labels: kind/bug
+assignees: ''
+
+---
+
+<!-- What scanner and version reported the CVE? -->
+
+<!-- What CVE was reported in the scanner findings? -->
+
+<!-- What versions of the controller did you test with?  -->
+
+<!-- Please provider other details that will help us determine the severity of the issue -->
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
index 73df4d20bb..0e892d626e 100644
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -15,8 +15,6 @@ The announcement in the dev mailing list is here https://groups.google.com/a/kub
 
 Thank you,
 Ingress-Nginx maintainer
-
-
 -->
 
 <!-- What do you want to happen? -->
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index 9bc455303d..a14cc70040 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -9,6 +9,7 @@
 <!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
 - [ ] Bug fix (non-breaking change which fixes an issue)
 - [ ] New feature (non-breaking change which adds functionality)
+- [ ] CVE Report (Scanner found CVE and adding report)
 - [ ] Breaking change (fix or feature that would cause existing functionality to change)
 - [ ] Documentation only
 
@@ -30,5 +31,38 @@ fixes #
 - [ ] My change requires a change to the documentation.
 - [ ] I have updated the documentation accordingly.
 - [ ] I've read the [CONTRIBUTION](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md) guide
-- [ ] I have added tests to cover my changes.
+- [ ] I have added unit and/or e2e tests to cover my changes.
 - [ ] All new and existing tests passed.
+- [ ] Added Release Notes.
+
+## Does my pull request need a release note?
+Any user-visible or operator-visible change qualifies for a release note. This could be a:
+
+- CLI change
+- API change
+- UI change
+- configuration schema change
+- behavioral change
+- change in non-functional attributes such as efficiency or availability, availability of a new platform
+- a warning about a deprecation
+- fix of a previous Known Issue
+- fix of a vulnerability (CVE)
+
+No release notes are required for changes to the following:
+
+- Tests
+- Build infrastructure
+- Fixes for unreleased bugs
+
+For more tips on writing good release notes, check out the [Release Notes Handbook](https://github.com/kubernetes/sig-release/tree/master/release-team/role-handbooks/release-notes)
+
+<!--
+If no, just write "NONE" in the release-note block below.
+If yes, a release note is required:
+Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
+
+For more information on release notes see: https://git.k8s.io/community/contributors/guide/release-notes.md
+-->
+```release-note
+PLACE RELEASE NOTES HERE 
+```

From 67143c956b5174f8da51372a4f0836b13fd6425e Mon Sep 17 00:00:00 2001
From: James Strong <strong.james.e@gmail.com>
Date: Wed, 24 Aug 2022 10:29:21 -0400
Subject: [PATCH 2/3] update cve report with verbiage around open CVEs and not
 disclosures

Signed-off-by: James Strong <strong.james.e@gmail.com>
---
 .github/ISSUE_TEMPLATE/cve_report.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/cve_report.md b/.github/ISSUE_TEMPLATE/cve_report.md
index 8ae55111bd..76a6237899 100644
--- a/.github/ISSUE_TEMPLATE/cve_report.md
+++ b/.github/ISSUE_TEMPLATE/cve_report.md
@@ -3,10 +3,13 @@ name: CVE Finding Report
 about: CVE reporting for ingress-nginx
 title: ''
 labels: kind/bug
-assignees: ''
+assignees: 'strongjz, rikatz'
 
 ---
 
+<!-- if you found something that impacts directly ingress-nginx and 
+is not a public CVE yet, please reach out security@kubernetes.io" -->
+
 <!-- What scanner and version reported the CVE? -->
 
 <!-- What CVE was reported in the scanner findings? -->

From 48d536e93594cd0247e5eeb8cd6cb7ebea7b4f23 Mon Sep 17 00:00:00 2001
From: James Strong <strong.james.e@gmail.com>
Date: Wed, 24 Aug 2022 10:43:54 -0400
Subject: [PATCH 3/3] fix then assignees

Signed-off-by: James Strong <strong.james.e@gmail.com>
---
 .github/ISSUE_TEMPLATE/cve_report.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/cve_report.md b/.github/ISSUE_TEMPLATE/cve_report.md
index 76a6237899..b5ecf7ecf4 100644
--- a/.github/ISSUE_TEMPLATE/cve_report.md
+++ b/.github/ISSUE_TEMPLATE/cve_report.md
@@ -3,8 +3,9 @@ name: CVE Finding Report
 about: CVE reporting for ingress-nginx
 title: ''
 labels: kind/bug
-assignees: 'strongjz, rikatz'
-
+assignees:
+    - strongjz
+    - rikatz
 ---
 
 <!-- if you found something that impacts directly ingress-nginx and