debian-mirror-gitlab/.gitlab/merge_request_templates/Security Release.md

<!--
# README first!
This MR should be created on `gitlab.com/gitlab-org/security/gitlab`.

See [the general developer security release guidelines](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md).

-->

## Related issues

<!-- Mention the GitLab Security issue this MR is related to -->

## Developer checklist

- [ ] **On "Related issues" section, write down the [GitLab Security] issue it belongs to (i.e. `Related to <issue_id>`).**
- [ ] Merge request targets `master`, or a versioned stable branch (`X-Y-stable-ee`).
- [ ] Title of this merge request is the same as for all backports.
- [ ] A [CHANGELOG entry] has been included, with `Changelog` trailer set to `security`.
- [ ] For the MR targeting `master`:
  - [ ] Assign to a reviewer and maintainer, per our [Code Review process].
  - [ ] Ensure it's approved according to our [Approval Guidelines].
  - [ ] Ensure it's approved by an AppSec engineer.
    - Please see the security release [Code reviews and Approvals] documentation for details on which AppSec team member to ping for approval.
    - Trigger the [`e2e:package-and-test` job]. The docker image generated will be used by the AppSec engineer to validate the security vulnerability has been remediated.
- [ ] For a backport MR targeting a versioned stable branch (`X-Y-stable-ee`).
  - [ ] Milestone is set to the version this backport applies to. A closed milestone can be assigned via [quick actions].
  - [ ] Ensure it's approved by a maintainer.
- [ ] Ensure this merge request and the related security issue have a `~severity::x` label

**Note:** Reviewer/maintainer should not be a [Release Manager].

## Maintainer checklist

- [ ] Correct milestone is applied and the title is matching across all backports.
- [ ] Assigned (_not_ as reviewer) to `@gitlab-release-tools-bot` with passing CI pipelines.
- [ ] Correct `~severity::x` label is applied to this merge request and the related security issue.

/label ~security

[GitLab Security]: https://gitlab.com/gitlab-org/security/gitlab
[quick actions]: https://docs.gitlab.com/ee/user/project/quick_actions.html#quick-actions-for-issues-merge-requests-and-epics
[CHANGELOG entry]: https://docs.gitlab.com/ee/development/changelog.html#overview
[Code Review process]: https://docs.gitlab.com/ee/development/code_review.html
[Code reviews and Approvals]: (https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#code-reviews-and-approvals)
[Approval Guidelines]: https://docs.gitlab.com/ee/development/code_review.html#approval-guidelines
[Canonical repository]: https://gitlab.com/gitlab-org/gitlab
[`e2e:package-and-test` job]: https://docs.gitlab.com/ee/development/testing_guide/end_to_end/#using-the-package-and-test-job
[Release Manager]: https://about.gitlab.com/community/release-managers/
New upstream version 11.8.9+dfsg 2019-05-05 18:10:48 +05:30			`<!--`
			`# README first!`
New upstream version 12.6.8 2020-03-07 23:17:34 +05:30			This MR should be created on `gitlab.com/gitlab-org/security/gitlab`.
New upstream version 11.8.9+dfsg 2019-05-05 18:10:48 +05:30
			`See [the general developer security release guidelines](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md).`

			`-->`
New upstream version 12.6.8 2020-03-07 23:17:34 +05:30
New upstream version 11.8.9+dfsg 2019-05-05 18:10:48 +05:30			`## Related issues`

New upstream version 12.6.8 2020-03-07 23:17:34 +05:30			`<!-- Mention the GitLab Security issue this MR is related to -->`
New upstream version 11.8.9+dfsg 2019-05-05 18:10:48 +05:30
			`## Developer checklist`

New upstream version 12.9.2 2020-04-08 14:13:33 +05:30			- [ ] On "Related issues" section, write down the [GitLab Security] issue it belongs to (i.e. `Related to <issue_id>`).
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			- [ ] Merge request targets `master`, or a versioned stable branch (`X-Y-stable-ee`).
New upstream version 12.6.8 2020-03-07 23:17:34 +05:30			`- [ ] Title of this merge request is the same as for all backports.`
New upstream version 14.0.10 2021-09-04 01:27:46 +05:30			- [ ] A [CHANGELOG entry] has been included, with `Changelog` trailer set to `security`.
New upstream version 12.6.8 2020-03-07 23:17:34 +05:30			- [ ] For the MR targeting `master`:
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`- [ ] Assign to a reviewer and maintainer, per our [Code Review process].`
New upstream version 12.6.8 2020-03-07 23:17:34 +05:30			`- [ ] Ensure it's approved according to our [Approval Guidelines].`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`- [ ] Ensure it's approved by an AppSec engineer.`
New upstream version 14.6.3+ds1 2022-01-26 12:08:38 +05:30			`- Please see the security release [Code reviews and Approvals] documentation for details on which AppSec team member to ping for approval.`
New upstream version 15.4.2+ds1 2022-10-11 01:57:18 +05:30			- Trigger the [`e2e:package-and-test` job]. The docker image generated will be used by the AppSec engineer to validate the security vulnerability has been remediated.
New upstream version 14.6.3+ds1 2022-01-26 12:08:38 +05:30			- [ ] For a backport MR targeting a versioned stable branch (`X-Y-stable-ee`).
New upstream version 14.3.4+ds1 2021-11-11 11:23:49 +05:30			`- [ ] Milestone is set to the version this backport applies to. A closed milestone can be assigned via [quick actions].`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`- [ ] Ensure it's approved by a maintainer.`
New upstream version 15.7.8+ds1 2023-03-04 22:38:38 +05:30			- [ ] Ensure this merge request and the related security issue have a `~severity::x` label
New upstream version 11.8.9+dfsg 2019-05-05 18:10:48 +05:30
New upstream version 15.8.4+ds1 2023-03-17 16:20:25 +05:30			`Note: Reviewer/maintainer should not be a [Release Manager].`
New upstream version 11.8.9+dfsg 2019-05-05 18:10:48 +05:30
New upstream version 12.6.8 2020-03-07 23:17:34 +05:30			`## Maintainer checklist`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30
New upstream version 14.1.7+ds1 2021-09-30 23:02:18 +05:30			`- [ ] Correct milestone is applied and the title is matching across all backports.`
New upstream version 14.9.4+ds1 2022-05-07 20:08:51 +05:30			- [ ] Assigned (_not_ as reviewer) to `@gitlab-release-tools-bot` with passing CI pipelines.
New upstream version 15.7.8+ds1 2023-03-04 22:38:38 +05:30			- [ ] Correct `~severity::x` label is applied to this merge request and the related security issue.
New upstream version 11.8.9+dfsg 2019-05-05 18:10:48 +05:30
			`/label ~security`
New upstream version 12.6.8 2020-03-07 23:17:34 +05:30
			`[GitLab Security]: https://gitlab.com/gitlab-org/security/gitlab`
			`[quick actions]: https://docs.gitlab.com/ee/user/project/quick_actions.html#quick-actions-for-issues-merge-requests-and-epics`
New upstream version 14.0.10 2021-09-04 01:27:46 +05:30			`[CHANGELOG entry]: https://docs.gitlab.com/ee/development/changelog.html#overview`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`[Code Review process]: https://docs.gitlab.com/ee/development/code_review.html`
New upstream version 14.6.3+ds1 2022-01-26 12:08:38 +05:30			`[Code reviews and Approvals]: (https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#code-reviews-and-approvals)`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`[Approval Guidelines]: https://docs.gitlab.com/ee/development/code_review.html#approval-guidelines`
			`[Canonical repository]: https://gitlab.com/gitlab-org/gitlab`
New upstream version 15.4.2+ds1 2022-10-11 01:57:18 +05:30			[`e2e:package-and-test` job]: https://docs.gitlab.com/ee/development/testing_guide/end_to_end/#using-the-package-and-test-job
New upstream version 15.8.4+ds1 2023-03-17 16:20:25 +05:30			`[Release Manager]: https://about.gitlab.com/community/release-managers/`