Clarify and make consistent language around security fixes/dependency…

… upgrades

source/partials/release_notes/_release-22-2-0.md.erb

@@ -6,11 +6,13 @@
 * Starting this release, CentOS Stream 9 based docker images for GoCD Agent are <%= link_to 'available', 'https://hub.docker.com/r/gocd/gocd-agent-centos-9' %>.
 * Starting this release, Ubuntu 22.04 (Jammy Jellyfish) based docker images for GoCD Agent are <%= link_to 'available', 'https://hub.docker.com/r/gocd/gocd-agent-ubuntu-22.04' %>.
 
-<h4>Security</h4>
+<h4>Security fixes</h4>
 
-We regularly fix security issues reported by security researchers & upgrade dependencies to mitigate known vulnerabilities. Upgrading to the latest release is always recommended.
+In this release, permissions were restricted further on Windows installer GoCD server & agent folders. Thank you to
+s7331 for responsibly disclosing this issue.
 
-In this release, permissions were restricted further on Windows installer GoCD server & agent folders. Thank you to s7331 for responsibly disclosing this issue.
+Additionally, we regularly upgrade dependencies to mitigate known vulnerabilities from third party software (regardless of
+whether they are known to affect GoCD), so upgrading to the latest release is always recommended from a security perspective.
 
 <h4>Bug fixes</h4>
 

source/partials/release_notes/_release-22-3-0.md.erb

@@ -16,15 +16,17 @@
 * <%= link_to_issue 10943, 'Fetch Artifact task doesn\'t provide correct suggestions when switching stages on pipeline config' %>
 * <%= link_to_issue 10982, 'Fix Postgres backups via pg_dump on Windows' %>
 
-<h4>Security Fixes</h4>
+<h4>Security fixes</h4>
 
-We regularly fix security issues reported by security researchers & upgrade dependencies to mitigate known vulnerabilities.
-Upgrading to the latest release is always recommended.
+There are no security fixes included in this release (for issues known to affect GoCD).
 
-This release upgrades a number of important internal components, some of which were EOL. We do not have evidence that
+This release does upgrade a number of important internal components, some of which were EOL. We do not have evidence that
 the previously vulnerable dependencies pose any specific risk in GoCD's usage, however we endeavour to minimise
 <%= link_to 'dependency drift', 'https://www.thoughtworks.com/radar/techniques/dependency-drift-fitness-function' %>.
 
+Since we regularly upgrade dependencies to mitigate known vulnerabilities from third party software (regardless of
+whether they are known to affect GoCD), so upgrading to the latest release is always recommended from a security perspective.
+
 <h4>APIs</h4>
 
 Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs

source/partials/release_notes/_release-23-1-0.md.erb

@@ -56,13 +56,13 @@ As always, we recommend that you <a href="https://docs.gocd.org/current/advanced
 * <%= link_to_issue 11134, 'Stage History API fails with DB error on MySQL 8' %>
 * <%= link_to_issue 11260, 'Loading materials admin page creates syntax error on MySQL 8' %>
 
-<h4>Security Fixes</h4>
+<h4>Security fixes</h4>
 
-We regularly fix security issues reported by security researchers & upgrade dependencies to mitigate known vulnerabilities.
-Upgrading to the latest release is always recommended.
+Security fixes in this release were due to vulnerabilities responsibly disclosed by infoatb and CC Bomber, Kitri BoB (tunaf).
+Many thanks to them for the disclosures, discussions and ideas around mitigation.
 
-Security fixes in this release were due to vulnerabilities responsibly disclosed by infoatb and CC Bomber, Kitri BoB (tunaf). Many thanks
-to them for the disclosures, discussions and ideas around mitigation.
+Additionally, we regularly upgrade dependencies to mitigate known vulnerabilities from third party software (regardless of
+whether they are known to affect GoCD), so upgrading to the latest release is always recommended from a security perspective.
 
 <h4>APIs</h4>
 

source/partials/release_notes/_release-23-2-0.md.erb

@@ -68,13 +68,12 @@ build your own custom child image, augmenting with ___apk add docker-cli___ or s
 * <%= link_to_issue 2822,  'Fix logging ERROR noise from url rewriting logic' %>
 * <%= link_to_issue 11513, 'Remove misleading reporting of agent "creating properties" in console logs' %>
 
+<h4>Security fixes</h4>
 
-<h4>Security Fixes</h4>
+There are no security fixes included in this release (for issues known to affect GoCD).
 
-We regularly fix security issues reported by security researchers & upgrade dependencies to mitigate known vulnerabilities.
-Upgrading to the latest release is always recommended.
-
-There are no security fixes specifically known to affect GoCD included in this release.
+However, we regularly upgrade dependencies to mitigate known vulnerabilities from third party software (regardless of
+whether they are known to affect GoCD), so upgrading to the latest release is always recommended from a security perspective.
 
 <h4>APIs</h4>
 

source/partials/release_notes/_release-23-3-0.md.erb

@@ -6,6 +6,13 @@ This release is a maintenance release to address a couple of unintended regressi
 * <%= link_to_issue 11783, 'Build detail timestamp icon is missing on 23.2.0' %>
 * <%= link_to_issue 11797, 'Some plugin config/report views have missing icons on 23.2.0' %>
 
+<h4>Security fixes</h4>
+
+There are no security fixes included in this release (for issues known to affect GoCD).
+
+However, we regularly upgrade dependencies to mitigate known vulnerabilities from third party software (regardless of
+whether they are known to affect GoCD), so upgrading to the latest release is always recommended from a security perspective.
+
 <h4>APIs</h4>
 
 Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs

source/partials/release_notes/_release-23-4-0.md.erb

@@ -26,12 +26,13 @@ After upgrading, shut down your GoCD server and merge back your custom changes f
 
 <h4>Security fixes</h4>
 
-We regularly fix security issues reported by security researchers & upgrade dependencies to mitigate known vulnerabilities.
-Upgrading to the latest release is always recommended.
+There are no security fixes included in this release (for issues known to affect GoCD).
 
-There are no security fixes specifically known to affect GoCD included in this release. If you use GoCD container images,
-note that this release rebuilds GoCD images to include fixes to _curl_ [CVE-2023-38545](https://curl.se/docs/CVE-2023-38545.html)
-across all supported platforms.
+However, we regularly upgrade dependencies to mitigate known vulnerabilities from third party software (regardless of
+whether they are known to affect GoCD), so upgrading to the latest release is always recommended from a security perspective.
+
+If you use GoCD container images, note that this release rebuilds GoCD images to include
+fixes to _curl_ [CVE-2023-38545](https://curl.se/docs/CVE-2023-38545.html) across all supported platforms.
 
 <h4>APIs</h4>
 

source/partials/release_notes/_release-23-5-0.md.erb

@@ -15,10 +15,10 @@ This release is a maintenance and bug-fix release.
 
 <h4>Security fixes</h4>
 
-We regularly fix security issues reported by security researchers & upgrade dependencies to mitigate known vulnerabilities.
-Upgrading to the latest release is always recommended.
+There are no security fixes included in this release (for issues known to affect GoCD).
 
-There are no security fixes specifically known to affect GoCD included in this release.
+However, we regularly upgrade dependencies to mitigate known vulnerabilities from third party software (regardless of
+whether they are known to affect GoCD), so upgrading to the latest release is always recommended from a security perspective.
 
 <h4>APIs</h4>