- Start with the JIRA issue ID for the story or bug, and, if used, the ID of the crucible review for the code.
State in up to 50 chars how this commit changes the product. Begin with a capital letter and don’t end with a full stop. Write as if completing the sentence "If applied, this commit will..."
- If you really need to provide further info in the commit message (info about the fix should be captured in the JIRA issue), then leave a blank line below the summary before adding the details.
AME-9876 Add new authentication module for device authConcerning security issue,
Ideally the commit message should not contain the for a security fix should only contain the JIRA issue ID. You may also optionally provide a simple description of the general area of the fix. Example: OPENAM-6053, but you must not mention any details of the vulnerability.
OPENAM-12345 Fix email service.
OPENAM-12345 Adjust LDAP connection settings.
OPENAM-12345 Eliminate XSS in /json/sessions endpoint - mentions a specific vulnerability and/or endpoint
OPENAM-12345 Fix issue reported by customer - customers often report security issues, so this is a red flag
OPENAM-12345 JWT validation - NB even something as simple as this should be avoided as bugs in validation are almost always security issues
If in doubt, leave it out!