11.10.3, 11.9.11, 11.8.10 retrospective
Timeline
- 2019-04-29 Due to a Chatops bug, MRs that were tagged for security were inadvertinly merged to 11-10-stable on dev.gitlab.org. At this time we did not realize that these MRs were merged to 11-10-stable on dev
- gitlab-ee MRs that were merged / gitlab-ce MRs that were merged
- discussed in https://gitlab.slack.com/archives/C248YCNCW/p1556620145068300
- Chatops command that performed the merge https://gitlab.slack.com/archives/C0XM5UU6B/p1556541553105900
- 2019-04-30 Patch release 11.10.3 was prepped on gitlab.com, the prep branches were then merged to the stable branch, 11-10-stable on gitlab.com
- 2019-04-30 When we attempted to push 11.10.3 to dev which is the last step before tagging the release we saw the change was rejected, it was then discovered that security commits were on the dev stable branches https://gitlab.slack.com/archives/CHKF9LKUL/p1556620430081200
- 2019-04-30 We started a thread with the appsec team to see what our options are. Unfortunately, with the security commits on the dev stable branches already, we could not push 11.10.3 to dev which meant that we could not release https://gitlab.slack.com/archives/C248YCNCW/p1556620145068300
- 2019-04-30 We decided that the best path forward was to abandon 11.10.3 as a patch release and instead, release 11.10.3, 11.9.11, 11.8.10 as a security release
- 2019-04-30 Security team created a new security release issue https://gitlab.com/gitlab-org/gitlab-ce/issues/61199
- 2019-05-01 11.10.3, 11.9.11, 11.8.10 released
- 2019-05-01 Issue about confusing git history, likely due to the stable branch being having extra commits https://gitlab.com/gitlab-org/gitlab-ce/issues/61228
Edited by John Jarvis