2019-01-28 11:21:42 +00:00
<!--
# README first!
2019-12-18 18:08:04 +00:00
This MR should be created on `gitlab.com/gitlab-org/security/gitlab` .
2019-01-28 11:21:42 +00:00
2019-01-29 10:57:21 +00:00
See [the general developer security release guidelines ](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md ).
2019-01-28 11:21:42 +00:00
-->
2019-12-18 18:08:04 +00:00
2019-01-28 11:21:42 +00:00
## Related issues
2020-02-26 15:08:56 +00:00
<!-- Mention the GitLab Security issue this MR is related to -->
2019-01-28 11:21:42 +00:00
2019-02-05 13:57:44 +00:00
## Developer checklist
2019-01-28 11:21:42 +00:00
2020-03-05 18:08:19 +00:00
- [ ] **On "Related issues" section, write down the [GitLab Security] issue it belongs to (i.e. `Related to <issue_id>`).**
2019-12-18 18:08:04 +00:00
- [ ] Merge request targets `master` , or `X-Y-stable` for backports.
2020-01-04 00:07:49 +00:00
- [ ] Milestone is set for the version this merge request applies to. A closed milestone can be assigned via [quick actions].
2019-12-18 18:08:04 +00:00
- [ ] Title of this merge request is the same as for all backports.
2019-01-28 11:21:42 +00:00
- [ ] A [CHANGELOG entry ](https://docs.gitlab.com/ee/development/changelog.html ) is added without a `merge_request` value, with `type` set to `security`
2019-12-18 18:08:04 +00:00
- [ ] Assign to a reviewer and maintainer, per our [Code Review process].
2020-01-15 21:08:48 +00:00
- [ ] For the MR targeting `master` :
2020-05-19 21:08:05 +00:00
- [ ] Ask for a non-blocking review from the AppSec team member associated to the issue in the [Canonical repository ](https://gitlab.com/gitlab-org/gitlab ). If you're unsure who to ping, ask on `#sec-appsec` Slack channel.
2020-01-15 21:08:48 +00:00
- [ ] Ensure it's approved according to our [Approval Guidelines].
2019-12-18 18:08:04 +00:00
- [ ] Merge request _must not_ close the corresponding security issue, _unless_ it targets `master` .
**Note:** Reviewer/maintainer should not be a Release Manager
2019-01-28 11:21:42 +00:00
2020-01-15 21:08:48 +00:00
## Maintainer checklist
2019-01-28 11:21:42 +00:00
- [ ] Correct milestone is applied and the title is matching across all backports
2020-03-31 00:08:09 +00:00
- [ ] Assigned to `@gitlab-release-tools-bot` with passing CI pipelines and **when all backports including the MR targeting master are ready.**
2019-01-28 11:21:42 +00:00
2019-02-06 13:14:55 +00:00
/label ~security
2019-12-18 18:08:04 +00:00
[GitLab Security]: https://gitlab.com/gitlab-org/security/gitlab
[approval guidelines]: https://docs.gitlab.com/ee/development/code_review.html#approval-guidelines
[Code Review process]: https://docs.gitlab.com/ee/development/code_review.html
2020-01-04 00:07:49 +00:00
[quick actions]: https://docs.gitlab.com/ee/user/project/quick_actions.html#quick-actions-for-issues-merge-requests-and-epics