2.7 KiB
2.7 KiB
Related issues
Developer checklist
- On "Related issues" section, write down the GitLab Security issue it belongs to (i.e.
Related to <issue_id>
). - Merge request targets
master
, or a versioned stable branch (X-Y-stable-ee
). - Title of this merge request is the same as for all backports.
- A CHANGELOG entry has been included, with
Changelog
trailer set tosecurity
. - For the MR targeting
master
:- Assign to a reviewer and maintainer, per our Code Review process.
- Ensure it's approved according to our Approval Guidelines.
- Ensure it's approved by an AppSec engineer.
- Please see the security release Code reviews and Approvals documentation for details on which AppSec team member to ping for approval.
- Trigger the
e2e:package-and-test
job. The docker image generated will be used by the AppSec engineer to validate the security vulnerability has been remediated.
- For a backport MR targeting a versioned stable branch (
X-Y-stable-ee
).- Milestone is set to the version this backport applies to. A closed milestone can be assigned via quick actions.
- Ensure it's approved by a maintainer.
- Ensure this merge request and the related security issue have a
~severity::x
label
Note: Reviewer/maintainer should not be a Release Manager.
Maintainer checklist
- Correct milestone is applied and the title is matching across all backports.
- Assigned (not as reviewer) to
@gitlab-release-tools-bot
with passing CI pipelines. - Correct
~severity::x
label is applied to this merge request and the related security issue.
/label ~security