2.5 KiB
2.5 KiB
Related issues
Developer checklist
- On "Related issues" section, write down the GitLab Security issue it belongs to (i.e.
Related to <issue_id>
). - Merge request targets
master
, or a versioned stable branch (X-Y-stable-ee
). - Milestone is set for the version this merge request applies to. A closed milestone can be assigned via quick actions.
- Title of this merge request is the same as for all backports.
- A CHANGELOG entry is added without a
merge_request
value, withtype
set tosecurity
- For the MR targeting
master
:- Assign to a reviewer and maintainer, per our Code Review process.
- Ensure it's approved according to our Approval Guidelines.
- Ensure it's approved by an AppSec engineer.
- If you're unsure who should approve, find the AppSec engineer associated to the issue in the Canonical repository, or ask #sec-appsec on Slack.
- Trigger the
package-and-qa
build. The docker image generated will be used by the AppSec engineer to validate the security vulnerability has been remediated.
- Merge request must close the corresponding security issue.
- For a backport MR targeting a versioned stable branch (
X-Y-stable-ee
)- Ensure it's approved by a maintainer.
Note: Reviewer/maintainer should not be a Release Manager
Maintainer checklist
- Correct milestone is applied and the title is matching across all backports
- Assigned to
@gitlab-release-tools-bot
with passing CI pipelines and when all backports including the MR targeting master are ready.
/label ~security