Skip to content

Review CVE title and description in draft blog post.

Nikhil George requested to merge ngeorge1-master-patch-32640 into master

What does this MR do and why?

CVE title and description added in the blog post might reveal specific details about the vulnerability which helps bad actors to exploit the issue (example). This MR adds a check list item to the AppSec release task asking AppSec release managers to confirm whether the CVE title and description that are added in the blog post are discrete.

MR https://gitlab.com/gitlab-com/gl-security/product-security/appsec/tooling/security-release-tools/-/merge_requests/87 is closed since AppSec check list template now lives in here.

Content

  • Update app_sec_issue.md.erb

Author Check-list

  • Has documentation been updated?

Merge request reports