Skip to content

Update far_reaching_impact_fixes_or_breaking_change_fixes.md

Ameya Darshan requested to merge ameyadarshan-master-patch-86963 into master

We should make it clear that an S1 or S2 security issue must go through the security release process with backports and proper CVE identifiers, and can not be changed into a feature enhancement. This stems from a recent issue where I mistakenly approved changing an S2 vulnerability, which would otherwise have a breaking change, into a featureenhancement. Original discussion in Slack thread.

Merge request reports