Security patch upgrade alert: Only expose to admins (!169273) · Merge requests · GitLab.org / GitLab

Sascha Eggenberger requested to merge sec-patch-alert-only-expose-to-admins into master Oct 15, 2024

What does this MR do and why?

Hotfix to only expose security patch upgrade alerts to admins

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Before	After
Admin

User (auditor role)
	–

How to set up and validate locally

Check out an older version of GitLab (e.g. with tag git checkout v17.4.2-ee) or apply the following patch:

diff --git a/app/helpers/version_check_helper.rb b/app/helpers/version_check_helper.rb
index 895155e00d16..9ecf34aec422 100644
--- a/app/helpers/version_check_helper.rb
+++ b/app/helpers/version_check_helper.rb
@@ -19,7 +19,7 @@ def gitlab_version_check
   def show_security_patch_upgrade_alert?
     return false unless gitlab_version_check
 
-    Gitlab::Utils.to_boolean(gitlab_version_check['critical_vulnerability'])
+    true
   end
 
   def link_to_version

Edited Oct 16, 2024 by Sascha Eggenberger

Security patch upgrade alert: Only expose to admins

What does this MR do and why?

MR acceptance checklist

Screenshots or screen recordings

How to set up and validate locally

Merge request reports