TOMEE-3805 - Generate list of CVEs for release notes
diff --git a/src/main/java/org/apache/openejb/tools/release/cmd/ReleaseNotes.java b/src/main/java/org/apache/openejb/tools/release/cmd/ReleaseNotes.java
index 23fe7ab..4a404dd 100644
--- a/src/main/java/org/apache/openejb/tools/release/cmd/ReleaseNotes.java
+++ b/src/main/java/org/apache/openejb/tools/release/cmd/ReleaseNotes.java
@@ -39,13 +39,14 @@
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.ExecutionException;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
+import java.util.stream.Stream;
 
-import static com.atlassian.jira.rest.client.api.domain.IssueLinkType.Direction.INBOUND;
 import static com.atlassian.jira.rest.client.api.domain.IssueLinkType.Direction.OUTBOUND;
 
 /**
@@ -113,14 +114,23 @@
                     ":jbake-type: page\n" +
                     ":jbake-status: published");
 
+            final List<Issue> cveIssues = new ArrayList<>();
+
             for (final IssueType section : sections) {
 
-                final List<Issue> issues = issuesByKey.values()
+                final Map<Boolean, List<Issue>> issuesPartitionedByCve = issuesByKey.values()
                         .stream().filter(issue -> issue.getIssueType().getName().equals(section.getName()))
+                        .collect(Collectors.partitioningBy(issue ->
+                                issue.getLabels().stream().anyMatch(label -> "cve".equals(label.toLowerCase(Locale.ROOT)))));
+
+                final List<Issue> issues = Stream.of(issuesPartitionedByCve.values())
+                        .flatMap(Collection::stream).flatMap(Collection::stream)
                         .collect(Collectors.toList());
 
                 if (issues.size() <= 0) continue;
 
+                cveIssues.addAll(issuesPartitionedByCve.get(true));
+
                 out.println();
                 out.printf("== %s%n", section.getName());
                 out.println();
@@ -145,6 +155,22 @@
                                 issue.getSummary());
                     }
                 }
+
+            }
+
+            if(cveIssues.size() > 0) {
+                //CVE section
+                out.println();
+                out.printf("== %s%n", "Fixed Common Vulnerabilities and Exposures (CVEs)");
+                out.println();
+                out.println("[.compact]");
+
+                for (final Issue issue : cveIssues) {
+                    out.printf(" - link:https://issues.apache.org/jira/browse/%s[%s] %s%n",
+                            issue.getKey(),
+                            issue.getKey(),
+                            issue.getSummary());
+                }
             }
         };
     }