Display details of missing security fixes in /help page
Release notes
Show stats about the missing security fixes(if any) on /help
page when the GitLab instance is not the latest.
Problem to solve
GitLab has a security release every month that fixes multiple security issues. GitLab admin of a self-hosted instance has to check the security release blog to understand the severity and number of security issues that got fixed. There is no easy way to find information about the security vulnerabilities that affect the currently installed version without checking this Security blog post. This effort becomes more tedious when the installed version is multiple releases behind the latest available GitLab version.
Proposal
Currently, the /help
page on a GitLab instance shows the installed version information, update version status indicator, and a bunch of other documentation links. This page could be extended to show the information about security fixes that are available between the installed version and the latest released version of Gitlab.
Easy access to security fix metrics would be a good compelling reason for customers to update. This information could also be considered as the security status of the current installed Gitlab version.
Intended users
Feature Usage Metrics
There were past customer queries about how to find the list of security issues that impact a particular version of Gitlab. This feature could reduce the number of such queries.
This feature also could persuade customers to do frequent updates as the number of missing security fixes is displayed within the Gitlab instance itself.