1. Send out an email to the subscribers mailing list on MailChimp
1. Send out an email to [the community google mailing list](https://groups.google.com/forum/#!forum/gitlabhq)
1. Send out an email to [the GitLab newsletter list](http://gitlab.us5.list-manage.com/subscribe?u=498dccd07cf3e9482bee33ba4&id=98a9a4992c)
-1. Post a signed copy of our announcement to [oss-security](http://www.openwall.com/lists/oss-security/) and request a CVE number
+1. Post a signed copy of our complete announcement to [oss-security](http://www.openwall.com/lists/oss-security/) and request a CVE number
1. Add the security researcher to the [Security Researcher Acknowledgments list](http://www.gitlab.com/vulnerability-acknowledgements/)
1. Thank the security researcher in an email for their cooperation
- 1. Update the blogposts and the CHANGELOG when we receive a CVE number
-1. Update the blogposts when we receive the CVE number
++1. Update the blogpost and the CHANGELOG when we receive the CVE number
+
+ The timing of the code merge into master should be coordinated in advance.
+ After the merge we strive to publish the announcements within 60 minutes.
## Blog post template