Releases: RHEcosystemAppEng/sdlc-plugins
Releases · RHEcosystemAppEng/sdlc-plugins
Release list
v0.13.2
v0.13.1
v0.13.0
v0.12.3
Added
- Decision logic for dev-only and feature-gated dependencies in
triage-security - Transitive dependency remediation guidance in task templates for
triage-security - Contributors ladder with CONTRIBUTING.md, CODEOWNERS, and GitHub Issue templates (TC-5072)
Fixed
- Guard clause for Case B unscoped issues in
triage-security - SBOM results no longer split into separate files in
triage-security
v0.12.2
v0.12.1
v0.12.0
[0.12.0] - 2026-07-02
Added
- Epic creation and grouping strategies with configurable hierarchy preferences in
plan-feature(TC-4869) - Parent issue linking step in
plan-feature(TC-4870) - Early assignment and Assigned transition at Step 0.7 in
triage-security(TC-5008) - Cross-CVE traceability links and comments at Step 4.3 in
triage-security(TC-5009)
Fixed
- Traceability links created at identification time instead of after confirmation in
triage-security(TC-5009)
v0.11.1
Added
- Deployment context classification for remediation tasks in
triage-security - Concurrent triage detection before remediation task creation in
triage-security - Staleness detection for
security-matrix.mdintriage-security - Embargo warning gate for high-severity CVEs in
triage-security - Optional SBOM-based base image verification via cosign in
triage-security - Ready for QA discovery category with remediation task completion check in
triage-security - ProdSec contact config and vulnerability creator @mention in
triage-security - Description digest comment on remediation task creation in
triage-security - External CVE data enrichment from MITRE and OSV.dev in
triage-security - Proactive cross-stream remediation with
security-preemptivelabel intriage-security - Cross-CVE overlap detection via Upstream Affected Component in
triage-security get_remote_linkscommand injira-client- Priority and
fixVersionREST API fallback injira-client - Priority and
fixVersioninheritance inplan-featuretask creation - Priority and
fixVersionprompts indefine-feature - Dynamic issue type discovery and hierarchy mapping in
plan-feature - Jira Field Defaults configuration step in
setup - Bug and Hierarchy configuration in
setup - Hierarchy preferences step and configuration contract in
setup - Priority and
fixVersionfield handling constraints
Changed
- Cross-CVE overlap fields made configurable via
/setupintriage-security - Unsupported ecosystem message generalized to use placeholder in
triage-security
Fixed
- Step numbering consistency (7.0/7 → 7/8) in
triage-security - SBOM verification output line made mandatory for RPM packages in
triage-security - Created column added to Ready for QA table template in
triage-security get_remote_linksguarded against non-dict responses injira-client- ADF
taskList/taskItemnode sanitization to preventINVALID_INPUTerrors injira-client - Field handling and test review feedback addressed in
jira-client - Feature-branch label included in workflow mode decision output in
plan-feature - Convention enrichment completeness check and verification pass in
plan-feature - Baseline comparison gate added to eval failure subtask creation in
verify-pr - Idempotent sibling link check documented in
triage-securityStep 4.2
v0.11.0
[0.11.0] - 2026-06-19
Added
report-bugskill for structured bug reporting with Jira issue creationtriage-bugskill for bug lifecycle pipeline triage- Bug Configuration scaffolding step in
setupskill - Bug description template scaffold
- Bug lifecycle pipeline documentation and constraints
- Eval infrastructure for
report-bugandtriage-bugskills
Changed
- Improved
triage-bugskill discoverability and navigation
Fixed
triage-bugdigest comment exempted from Comment Footnote ruletriage-bugeval assertion forai-generated-jiralabelreport-bugprogrammatic input format and composed output examples- Bug lifecycle docs heading levels aligned with feature phases
- Corrected
report-bugconstraint source reference
v0.10.0
[0.10.0] - 2026-06-15
Added
triage-securityskill for version-aware CVE triage with Jira sub-task creation and security matrix integration- Security Configuration step in
setupskill for local security-matrix scaffolding - Security matrix template (
security-matrix.md) for Konflux repositories - Triage-security architectural constraints and guardrails
- Eval infrastructure for
triage-securitywith discovery mode and RPM ecosystem test cases
Changed
triage-securityStep 2.1 matrix loading now prefers local files with Konflux API fallback- Applied progressive disclosure to
triage-securitySKILL.md for improved readability
Fixed
verify-prnow classifies review body suggestions alongside inline comments- Corrected traceability index constraint references in
triage-security - Aligned Vulnerability issue type ID field name with project config contract in
triage-security
A special thank you to @ruromero for his great contribution of the triage-security skill — the headline feature of this release. His work brings version-aware CVE triage with full Jira traceability and security matrix integration to the SDLC workflow. Thank you, Ruben!