Skip to content

`design_management_allow_dangerous_images` -- Enable users to upload SVG images within design management

What

Remove the :design_management_allow_dangerous_images feature flag.

Owners

  • Team: groupknowledge
  • Most appropriate slack channel to reach out to: #f_design-management
  • Best individual to reach out to: @.luke

Expectations

### What are we expecting to happen?

Users will be able to upload SVG images within design management.

What might happen if this goes wrong?

There may be a security issue around serving SVGs. Note, the security implications have been addressed in the MR !16160 (merged) including a sign-off from the security team. However, we want to further assess this in production.

What can we monitor to detect problems with this?

Work with security to verify that having this feature enabled is safe.

Beta groups/projects

  • gitlab-org/gitlab project

Roll Out Steps

  • Enable on staging
  • Test on staging #34279 (comment 302877400)
  • Ensure that documentation has been updated
  • Enable on GitLab.com for individual groups/projects listed above and verify behaviour
  • Coordinate a time to enable the flag with #production and #g_delivery on slack.
  • Announce on the issue an estimated time this will be enabled on GitLab.com
  • Enable on GitLab.com by running chatops command in #production
  • Cross post chatops slack command to #support_gitlab-com and in your team channel
  • Announce on the issue that the flag has been enabled
  • Remove feature flag and add changelog entry
  • After the flag removal is deployed, clean up the feature flag by running chatops command in #production channel
Edited by Kushal Pandya