debian-mirror-gitlab/.gitlab/merge_request_templates/Security Release.md

Related issues

Developer checklist

• On "Related issues" section, write down the GitLab Security issue it belongs to (i.e. Related to <issue_id>).
• Merge request targets master, or a versioned stable branch (X-Y-stable-ee).
• Title of this merge request is the same as for all backports.
• A CHANGELOG entry has been included, with Changelog trailer set to security.
• For the MR targeting master:
  • Assign to a reviewer and maintainer, per our Code Review process.
  • Ensure it's approved according to our Approval Guidelines.
  • Ensure it's approved by an AppSec engineer.
    • Please see the security release Code reviews and Approvals documentation for details on which AppSec team member to ping for approval.
    • Trigger the e2e:package-and-test job. The docker image generated will be used by the AppSec engineer to validate the security vulnerability has been remediated.
• For a backport MR targeting a versioned stable branch (X-Y-stable-ee).
  • Milestone is set to the version this backport applies to. A closed milestone can be assigned via quick actions.
  • Ensure it's approved by a maintainer.
• Ensure this merge request and the related security issue have a ~severity::x label

Note: Reviewer/maintainer should not be a Release Manager.

Maintainer checklist

• Correct milestone is applied and the title is matching across all backports.
• Assigned (not as reviewer) to @gitlab-release-tools-bot with passing CI pipelines.
• Correct ~severity::x label is applied to this merge request and the related security issue.

/label ~security