## Related issues ## Developer checklist - [ ] **On "Related issues" section, write down the [GitLab Security] issue it belongs to (i.e. `Related to `).** - [ ] Merge request targets `master`, or a versioned stable branch (`X-Y-stable-ee`). - [ ] Title of this merge request is the same as for all backports. - [ ] A [CHANGELOG entry] has been included, with `Changelog` trailer set to `security`. - [ ] For the MR targeting `master`: - [ ] Assign to a reviewer and maintainer, per our [Code Review process]. - [ ] Ensure it's approved according to our [Approval Guidelines]. - [ ] Ensure it's approved by an AppSec engineer. - Please see the security release [Code reviews and Approvals] documentation for details on which AppSec team member to ping for approval. - Trigger the [`e2e:package-and-test` job]. The docker image generated will be used by the AppSec engineer to validate the security vulnerability has been remediated. - [ ] For a backport MR targeting a versioned stable branch (`X-Y-stable-ee`). - [ ] Milestone is set to the version this backport applies to. A closed milestone can be assigned via [quick actions]. - [ ] Ensure it's approved by a maintainer. - [ ] Ensure this merge request and the related security issue have a `~severity::x` label **Note:** Reviewer/maintainer should not be a Release Manager. ## Maintainer checklist - [ ] Correct milestone is applied and the title is matching across all backports. - [ ] Assigned (_not_ as reviewer) to `@gitlab-release-tools-bot` with passing CI pipelines. - [ ] Correct `~severity::x` label is applied to this merge request and the related security issue. /label ~security [GitLab Security]: https://gitlab.com/gitlab-org/security/gitlab [quick actions]: https://docs.gitlab.com/ee/user/project/quick_actions.html#quick-actions-for-issues-merge-requests-and-epics [CHANGELOG entry]: https://docs.gitlab.com/ee/development/changelog.html#overview [Code Review process]: https://docs.gitlab.com/ee/development/code_review.html [Code reviews and Approvals]: (https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#code-reviews-and-approvals) [Approval Guidelines]: https://docs.gitlab.com/ee/development/code_review.html#approval-guidelines [Canonical repository]: https://gitlab.com/gitlab-org/gitlab [`e2e:package-and-test` job]: https://docs.gitlab.com/ee/development/testing_guide/end_to_end/#using-the-package-and-test-job