Security blog post shows 3 patch versions
🔎 What does this MR do and why?
At a high level, this adjusts logic in BlogMergeRequest and related areas to allow it to show 3 patch versions when it includes security content.
Here's the reasoning behind the changes:
BlogMergeRequest accepts two sets of changes to be displayed: security_content, and patch_content. patch_content is supplied from the ReleaseTools::PatchRelease::Coordinator
The ReleaseTools::PatchRelease::Coordinator returns 3 versions of changes if no version is supplied. We've already accounted for this in the release:patch_blog_post task, meaning that BlogMergeRequest will be receiving all the content it needs to be correctly displayed. If a version is given to that task, then it does not include the security content.
The problem is BlogMergeRequest is automatically ignoring 2 out of the 3 versions of data coming from the coordinator. So here, we remove those hardcoded methods that were causing those to be filtered out.
Once we've done that, however, we need to adjust the logic for the regular patch release to ensure that it does not get created with 3 versions but only shows the version being released. The patch release is triggered by /chatops run release prepare, which leads to the release:prepare task. By default, if no version is supplied, this needs to use the next patch version of the current stable version. So we need to adjust so that when there is no version, it calls to the coordinator, but giving it that single version rather than a nil value which would return 3 versions.
This MR makes all of the necessary adjustments to achieve all of this.
Related to gitlab-com/gl-infra/delivery#19721 (closed)
👷 Testing
To show this is working correctly, we test a variety of scenarios that would generate a blog post:
-
release:patch_blog_post- This runs during a security release -
release:patch_blog_post['16.4.2']- This does not get run anywhere, but we want to ensure this task works given a version and does not include security content -
release:prepare- This runs when a release manager starts a patch release -
release:prepare['16.2.9']- This runs when a release manager starts a patch release for an older version
We expect that only the first scenario will include more than one version. It should include all 3 versions of patch changes if there are any. The rest of the scenarios should only include a single version in the generated blog post.
I've not included the terminal output since it is less important here, but only the returned blog markdown. For this test, I ran all rake tasks with the dry run option and also set the combined_blog_post feature flag to true. I've removed any security details from the security blog post. I additionally did run some tests with combined_blog_post set to false to verify security content is not included, but I did not include the output here since that is not really part of these changes.
release:patch_blog_post
---
title: "GitLab Security Release: 16.4.2, 16.3.6, 16.2.9"
categories: releases
author: ADD_YOUR_FULL_NAME
author_gitlab: steveabrams
author_twitter: gitlab
description: "Learn more about GitLab Security Release: 16.4.2, 16.3.6, 16.2.9 for GitLab Community Edition (CE) and Enterprise Edition (EE)."
image_title: '/images/blogimages/security-cover-new.png'
tags: security
---
<!-- For detailed instructions on how to complete this, please see https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/patch/blog-post.md -->
Today we are releasing versions 16.4.2, 16.3.6, 16.2.9 for GitLab Community Edition (CE) and Enterprise Edition (EE).
These versions contain important security fixes, and we strongly recommend that all GitLab installations be upgraded to
one of these versions immediately. GitLab.com is already running the patched version.
GitLab releases patches for vulnerabilities in dedicated security releases. There are two types of security releases:
a monthly, scheduled security release, released a week after the feature release (which deploys on the 3rd Thursday of each month),
and ad-hoc security releases for critical vulnerabilities. For more information, you can visit our [security FAQ](https://about.gitlab.com/security/faq/).
You can see all of our regular and security release blog posts [here](/releases/categories/releases/).
In addition, the issues detailing each vulnerability are made public on our
[issue tracker](https://gitlab.com/gitlab-org/gitlab/-/issues/?sort=created_date&state=closed&label_name%5B%5D=bug%3A%3Avulnerability&confidential=no&first_page_size=100)
30 days after the release in which they were patched.
We are dedicated to ensuring all aspects of GitLab that are exposed to customers or that host customer data are held to
the highest security standards. As part of maintaining good security hygiene, it is highly recommended that all customers
upgrade to the latest security release for their supported version. You can read more
[best practices in securing your GitLab instance](/blog/2020/05/20/gitlab-instance-security-best-practices/) in our blog post.
### Recommended Action
We **strongly recommend** that all installations running a version affected by the issues described below are **upgraded to the latest version as soon as possible**.
When no specific deployment type (omnibus, source code, helm chart, etc.) of a product is mentioned, this means all types are affected.
### A security bug
### Another security bug
## Non Security Patches
### 16.4.2
* [Merge branch '657-mailroom-webrick-ubi' into '16-4-stable'](https://gitlab.com/gitlab-org/build/CNG/-/merge_requests/1554)
* [Update VERSION files](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/133882)
* [Update dependency prometheus-client-mmap to '>= 0.28.1'](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/133877)
* [Backport: fix migration when commit_message_negative_regex is missing](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/133833)
* [Backport to 16.4: Geo: Avoid getting resources stuck in Queued](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/134197)
### 16.3.6
* [Merge branch '657-mailroom-webrick-ubi' into '16-3-stable'](https://gitlab.com/gitlab-org/build/CNG/-/merge_requests/1555)
* [Backport 16.3 | Upgrade exiftool to 12.65](https://gitlab.com/gitlab-org/build/CNG/-/merge_requests/1499)
### 16.2.9
* [Backport 16.2 | Upgrade exiftool to 12.65](https://gitlab.com/gitlab-org/build/CNG/-/merge_requests/1500)
## Updating
To update GitLab, see the [Update page](/update).
To update Gitlab Runner, see the [Updating the Runner page](https://docs.gitlab.com/runner/install/linux-repository.html#updating-the-runner).
## Receive Security Release Notifications
To receive security release blog notifications delivered to your inbox, visit our [contact us](https://about.gitlab.com/company/contact/) page.
To receive release notifications via RSS, subscribe to our [security release RSS feed](https://about.gitlab.com/security-releases.xml) or our [RSS feed for all releases](https://about.gitlab.com/all-releases.xml).release:patch_blog_post['16.4.2']
---
title: "GitLab Patch Release: 16.4.2"
categories: releases
author: ADD_YOUR_FULL_NAME
author_gitlab: steveabrams
author_twitter: gitlab
description: "GitLab releases 16.4.2"
tags: patch releases, releases
---
<!-- For detailed instructions on how to complete this, please see https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/patch/blog-post.md -->
Today we are releasing versions 16.4.2 for GitLab Community Edition and Enterprise Edition.
These versions resolve a number of regressions and bugs.
## GitLab Community Edition and Enterprise Edition
### 16.4.2
* [Merge branch '657-mailroom-webrick-ubi' into '16-4-stable'](https://gitlab.com/gitlab-org/build/CNG/-/merge_requests/1554)
* [Update VERSION files](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/133882)
* [Update dependency prometheus-client-mmap to '>= 0.28.1'](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/133877)
* [Backport: fix migration when commit_message_negative_regex is missing](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/133833)
* [Backport to 16.4: Geo: Avoid getting resources stuck in Queued](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/134197)
## Important notes on upgrading
This version does not include any new migrations, and for multi-node deployments, [should not require any downtime](https://docs.gitlab.com/ee/update/#upgrading-without-downtime).
Please be aware that by default the Omnibus packages will stop, run migrations,
and start again, no matter how “big” or “small” the upgrade is. This behavior
can be changed by adding a [`/etc/gitlab/skip-auto-reconfigure`](https://docs.gitlab.com/ee/update/zero_downtime.html) file,
which is only used for [updates](https://docs.gitlab.com/omnibus/update/README.html).
## Updating
To update, check out our [update page](/update/).
## GitLab subscriptions
Access to GitLab Premium and Ultimate features is granted by a paid [subscription](/pricing/).
Alternatively, [sign up for GitLab.com](https://gitlab.com/users/sign_in)
to use GitLab's own infrastructure.release:prepare
---
title: "GitLab Patch Release: 16.4.2"
categories: releases
author: ADD_YOUR_FULL_NAME
author_gitlab: steveabrams
author_twitter: gitlab
description: "GitLab releases 16.4.2"
tags: patch releases, releases
---
<!-- For detailed instructions on how to complete this, please see https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/patch/blog-post.md -->
Today we are releasing versions 16.4.2 for GitLab Community Edition and Enterprise Edition.
These versions resolve a number of regressions and bugs.
## GitLab Community Edition and Enterprise Edition
### 16.4.2
* [Merge branch '657-mailroom-webrick-ubi' into '16-4-stable'](https://gitlab.com/gitlab-org/build/CNG/-/merge_requests/1554)
* [Update VERSION files](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/133882)
* [Update dependency prometheus-client-mmap to '>= 0.28.1'](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/133877)
* [Backport: fix migration when commit_message_negative_regex is missing](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/133833)
* [Backport to 16.4: Geo: Avoid getting resources stuck in Queued](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/134197)
## Important notes on upgrading
This version does not include any new migrations, and for multi-node deployments, [should not require any downtime](https://docs.gitlab.com/ee/update/#upgrading-without-downtime).
Please be aware that by default the Omnibus packages will stop, run migrations,
and start again, no matter how “big” or “small” the upgrade is. This behavior
can be changed by adding a [`/etc/gitlab/skip-auto-reconfigure`](https://docs.gitlab.com/ee/update/zero_downtime.html) file,
which is only used for [updates](https://docs.gitlab.com/omnibus/update/README.html).
## Updating
To update, check out our [update page](/update/).
## GitLab subscriptions
Access to GitLab Premium and Ultimate features is granted by a paid [subscription](/pricing/).
Alternatively, [sign up for GitLab.com](https://gitlab.com/users/sign_in)
to use GitLab's own infrastructure.release:prepare['16.2.9']
---
title: "GitLab Patch Release: 16.2.9"
categories: releases
author: ADD_YOUR_FULL_NAME
author_gitlab: steveabrams
author_twitter: gitlab
description: "GitLab releases 16.2.9"
tags: patch releases, releases
---
<!-- For detailed instructions on how to complete this, please see https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/patch/blog-post.md -->
Today we are releasing versions 16.2.9 for GitLab Community Edition and Enterprise Edition.
These versions resolve a number of regressions and bugs.
## GitLab Community Edition and Enterprise Edition
### 16.2.9
* [Backport 16.2 | Upgrade exiftool to 12.65](https://gitlab.com/gitlab-org/build/CNG/-/merge_requests/1500)
## Important notes on upgrading
This version does not include any new migrations, and for multi-node deployments, [should not require any downtime](https://docs.gitlab.com/ee/update/#upgrading-without-downtime).
Please be aware that by default the Omnibus packages will stop, run migrations,
and start again, no matter how “big” or “small” the upgrade is. This behavior
can be changed by adding a [`/etc/gitlab/skip-auto-reconfigure`](https://docs.gitlab.com/ee/update/zero_downtime.html) file,
which is only used for [updates](https://docs.gitlab.com/omnibus/update/README.html).
## Updating
To update, check out our [update page](/update/).
## GitLab subscriptions
Access to GitLab Premium and Ultimate features is granted by a paid [subscription](/pricing/).
Alternatively, [sign up for GitLab.com](https://gitlab.com/users/sign_in)
to use GitLab's own infrastructure.
- [-] Has documentation been updated?
Edited by Steve Abrams