GitLab patch workflow coordination
Vorgehen (erster Wurf)
ReleaseManagement: Patch 4711 Issue
- MRs aus ui/mw verlinked
- neue issues für backports mit ref auf ursprünglichen bug
- developer is dafür verantwortlich im Falle eines reopens auch den patch nötigenfalls anzupassen
Beispiel
Rollen
Supporter
- zum original issue gehen
- menu
- "New related issue"
- Milestone: 7.10.6 angeben
- label: patch
Release Management (Thammi)
- Anlegen des aktuellen Patch issues (RM Projekt)
- Anlegen des neuen milestone/release
- diejenigen issues, die ein "patch" label enthalten, heraussuchen
- tatsächlichen milestone dran patschen
- (an developer assignen)
Developer
- MR auf hotfix branch legen
- issues closed, wenn gepicked
Release Management (Marens/Kleini)*
- mergen
Elemente
- je target version eigener issue
Template optionen
Security
- CVSS: 3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- CVSS: 6.1
- CVE: CVE-2024-23192
- CWE: CWE-79
- Exploit Status: No publicly available exploits are known.
- Advisory Vulnerability description: RSS feeds that contain malicious data- attributes could be abused to inject script code to a users browser session when reading compromised RSS feeds or successfully luring users to compromised accounts.
- Advisory Impact description: Attackers could perform malicious API requests or extract information from the users account.
- Advisory Remediation description: Potentially malicious attributes now get removed from external RSS content.
- Bug Bounty ID: YWH-PGM6122-124
- Patch IDs: 6268
- Release Notes URLs: https://documentation.open-xchange.com/appsuite/releases/8.21/ https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6268_7.10.6_2024-02-08.pdf