Commit 507cf0d9 authored by Reuben Pereira's avatar Reuben Pereira 2️⃣ Committed by Mayra Cabrera
Browse files

Update docs about automatic unlinking of security issues

parent aef0dc8c
......@@ -168,6 +168,13 @@ Security Release Tracking Issue.
Fixes not ready by that date may not be considered for the security release
and they'll have to go into the next one.
Security issues that are linked to the Security Release Tracking issue less than 24 hours
before the due date will be automatically unlinked by the Release Tools Bot. For
example, if the due date of the Security Release Tracking issue is 28th August, security
issues added after 27th August 00:00 UTC will be automatically unlinked. If you have
an urgent security issue that cannot wait for the next security release, you can ping
the [Release Managers](https://about.gitlab.com/community/release-managers/) for an exception.
## Critical Security Releases
Depending on the severity and impact of the vulnerability, an
......
......@@ -78,6 +78,18 @@ merge requests targeting the default branch with:
[security merge-train pipeline schedule] will deal with this divergence by updating Security default branch
based on the Canonical default branch content, see the [troubleshoot guide](#troubleshoot-guide) for more info.
Security issues that are linked to the Security Release Tracking issue less than 24 hours
before the due date will be automatically unlinked by the Release Tools Bot. For
example, if the due date of the Security Release Tracking issue is 28th August, security
issues added after 27th August 00:00 UTC will be automatically unlinked.
However, security issues that are linked as blockers to the Security Release Tracking issue
will not be unlinked. This allows high priority security issues to be linked to
the tracking issue close to the due date.
The automatic unlinking behavior is behind a feature flag, which can be disabled
if required: [unlink_late_security_issues](https://ops.gitlab.net/gitlab-org/release/tools/-/feature_flags/203/edit).
4. One day before the Security Release due date, Release Managers will merge GitLab security backports and
security merge requests associated with other satellite GitLab projects.
```
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment