`design_management_allow_dangerous_images` -- Enable users to upload SVG images within design management
What
Remove the :design_management_allow_dangerous_images
feature flag.
Owners
- Team: groupknowledge
- Most appropriate slack channel to reach out to:
#f_design-management
- Best individual to reach out to: @.luke
Expectations
### What are we expecting to happen?
Users will be able to upload SVG images within design management.
What might happen if this goes wrong?
There may be a security issue around serving SVGs. Note, the security implications have been addressed in the MR !16160 (merged) including a sign-off from the security team. However, we want to further assess this in production.
What can we monitor to detect problems with this?
Work with security to verify that having this feature enabled is safe.
Beta groups/projects
-
gitlab-org/gitlab
project
Roll Out Steps
-
Enable on staging -
Test on staging #34279 (comment 302877400) -
Ensure that documentation has been updated -
Enable on GitLab.com for individual groups/projects listed above and verify behaviour -
Coordinate a time to enable the flag with #production
and#g_delivery
on slack. -
Announce on the issue an estimated time this will be enabled on GitLab.com -
Enable on GitLab.com by running chatops command in #production
-
Cross post chatops slack command to #support_gitlab-com
and in your team channel -
Announce on the issue that the flag has been enabled -
Remove feature flag and add changelog entry -
After the flag removal is deployed, clean up the feature flag by running chatops command in #production
channel
Edited by Kushal Pandya