Skip to content

Blog header and footer depend on security content

Steve Abrams requested to merge delivery19720-blog-header-footer into master

What does this MR do and why?

We are combining the security and patch releases. Part of this includes combining the blog post. In this MR, we display security-specific header and footer information if security content is present in the post. The security versions come from the existing security-release-tools as noted in gitlab-com/gl-infra/delivery#19720 (closed).

Testing

To test, I ran the release:patch_blog_post rake task with the dry run option enabled.

First we test with the combined_blog_post feature flag disabled to ensure no security changes are present:

Click to expand 
---
title: "GitLab Patch Release: 16.4.2"
categories: releases
author: ADD_YOUR_FULL_NAME
author_gitlab: steveabrams
author_twitter: gitlab
description: "GitLab releases 16.4.2"
tags: patch releases, releases
---

<!-- For detailed instructions on how to complete this, please see https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/patch/blog-post.md -->

Today we are releasing versions 16.4.2 for GitLab Community Edition and Enterprise Edition.

These versions resolve a number of regressions and bugs.

## GitLab Community Edition and Enterprise Edition

### 16.4.2

* [Merge branch '657-mailroom-webrick-ubi' into '16-4-stable'](https://gitlab.com/gitlab-org/build/CNG/-/merge_requests/1554)
* [Update VERSION files](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/133882)
* [Update dependency prometheus-client-mmap to '>= 0.28.1'](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/133877)
* [Backport: fix migration when commit_message_negative_regex is missing](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/133833)
* [Backport to 16.4: Geo: Avoid getting resources stuck in Queued](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/134197)

## Important notes on upgrading

This version does not include any new migrations, and for multi-node deployments, [should not require any downtime](https://docs.gitlab.com/ee/update/#upgrading-without-downtime).

Please be aware that by default the Omnibus packages will stop, run migrations,
and start again, no matter how “big” or “small” the upgrade is. This behavior
can be changed by adding a [`/etc/gitlab/skip-auto-reconfigure`](https://docs.gitlab.com/ee/update/zero_downtime.html) file,
which is only used for [updates](https://docs.gitlab.com/omnibus/update/README.html).

## Updating

To update, check out our [update page](/update/).

## GitLab subscriptions

Access to GitLab Premium and Ultimate features is granted by a paid [subscription](/pricing/).

Alternatively, [sign up for GitLab.com](https://gitlab.com/users/sign_in)
to use GitLab's own infrastructure.

Next we test with combined_blog_post feature flag enabled and with security content included. I've removed any private information from the security sections:

Click to expand 
---
title: "GitLab Security Release: 16.4.2"
categories: releases
author: ADD_YOUR_FULL_NAME
author_gitlab: steveabrams
author_twitter: gitlab
description: "GitLab releases 16.4.2"
tags: security
---

<!-- For detailed instructions on how to complete this, please see https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/patch/blog-post.md -->

Today we are releasing versions 16.4.2 for GitLab Community Edition (CE) and Enterprise Edition (EE).

These versions contain important security fixes, and we strongly recommend that all GitLab installations be upgraded to
one of these versions immediately. GitLab.com is already running the patched version.

GitLab releases patches for vulnerabilities in dedicated security releases. There are two types of security releases:
a monthly, scheduled security release, released a week after the feature release (which deploys on the 3rd Thursday of each month),
and ad-hoc security releases for critical vulnerabilities. For more information, you can visit our [security FAQ](https://about.gitlab.com/security/faq/).
You can see all of our regular and security release blog posts [here](/releases/categories/releases/).
In addition, the issues detailing each vulnerability are made public on our
[issue tracker](https://gitlab.com/gitlab-org/gitlab/-/issues/?sort=created_date&state=closed&label_name%5B%5D=bug%3A%3Avulnerability&confidential=no&first_page_size=100)
30 days after the release in which they were patched.

We are dedicated to ensuring all aspects of GitLab that are exposed to customers or that host customer data are held to
the highest security standards. As part of maintaining good security hygiene, it is highly recommended that all customers
upgrade to the latest security release for their supported version. You can read more
[best practices in securing your GitLab instance](/blog/2020/05/20/gitlab-instance-security-best-practices/) in our blog post.

### Recommended Action

We **strongly recommend** that all installations running a version affected by the issues described below are **upgraded to the latest version as soon as possible**.

When no specific deployment type (omnibus, source code, helm chart, etc.) of a product is mentioned, this means all types are affected.

### Security issue title

### Another security issue

## Non Security Patches

### 16.4.2

* [Merge branch '657-mailroom-webrick-ubi' into '16-4-stable'](https://gitlab.com/gitlab-org/build/CNG/-/merge_requests/1554)
* [Update VERSION files](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/133882)
* [Update dependency prometheus-client-mmap to '>= 0.28.1'](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/133877)
* [Backport: fix migration when commit_message_negative_regex is missing](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/133833)
* [Backport to 16.4: Geo: Avoid getting resources stuck in Queued](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/134197)

## Updating

To update GitLab, see the [Update page](/update).
To update Gitlab Runner, see the [Updating the Runner page](https://docs.gitlab.com/runner/install/linux-repository.html#updating-the-runner).

## Receive Security Release Notifications

To receive security release blog notifications delivered to your inbox, visit our [contact us](https://about.gitlab.com/company/contact/) page.
To receive release notifications via RSS, subscribe to our [security release RSS feed](https://about.gitlab.com/security-releases.xml) or our [RSS feed for all releases](https://about.gitlab.com/all-releases.xml).

Author Check-list

  • [-] Has documentation been updated?
Edited by Steve Abrams

Merge request reports