Add latest changes from gitlab-org/gitlab@15-8-stable-ee

24 files changed, 222 insertions, 261 deletions

diff --git a/app/assets/javascripts/gitlab_version_check/components/security_patch_upgrade_alert.vue b/app/assets/javascripts/gitlab_version_check/components/security_patch_upgrade_alert.vue
deleted file mode 100644
index 89dc68ec73e..00000000000
--- a/app/assets/javascripts/gitlab_version_check/components/security_patch_upgrade_alert.vue
+++ /dev/null
@@ -1,76 +0,0 @@
-<script>
-import { GlAlert, GlSprintf, GlLink, GlButton } from '@gitlab/ui';
-import { s__ } from '~/locale';
-import Tracking from '~/tracking';
-import { UPGRADE_DOCS_URL, ABOUT_RELEASES_PAGE } from '../constants';
-
-export default {
-  name: 'SecurityPatchUpgradeAlert',
-  i18n: {
-    alertTitle: s__('VersionCheck|Critical security upgrade available'),
-    alertBody: s__(
-      'VersionCheck|You are currently on version %{currentVersion}. We strongly recommend upgrading your GitLab installation. %{link}',
-    ),
-    learnMore: s__('VersionCheck|Learn more about this critical security release.'),
-    primaryButtonText: s__('VersionCheck|Upgrade now'),
-  },
-  components: {
-    GlAlert,
-    GlSprintf,
-    GlLink,
-    GlButton,
-  },
-  mixins: [Tracking.mixin()],
-  props: {
-    currentVersion: {
-      type: String,
-      required: true,
-    },
-  },
-  mounted() {
-    this.track('render', {
-      label: 'security_patch_upgrade_alert',
-      property: this.currentVersion,
-    });
-  },
-  methods: {
-    trackLearnMoreClick() {
-      this.track('click_link', {
-        label: 'security_patch_upgrade_alert_learn_more',
-        property: this.currentVersion,
-      });
-    },
-    trackUpgradeNowClick() {
-      this.track('click_link', {
-        label: 'security_patch_upgrade_alert_upgrade_now',
-        property: this.currentVersion,
-      });
-    },
-  },
-  UPGRADE_DOCS_URL,
-  ABOUT_RELEASES_PAGE,
-};
-</script>
-
-<template>
-  <gl-alert :title="$options.i18n.alertTitle" variant="danger" :dismissible="false">
-    <gl-sprintf :message="$options.i18n.alertBody">
-      <template #currentVersion>
-        <span class="gl-font-weight-bold">{{ currentVersion }}</span>
-      </template>
-      <template #link>
-        <gl-link :href="$options.ABOUT_RELEASES_PAGE" @click="trackLearnMoreClick">{{
-          $options.i18n.learnMore
-        }}</gl-link>
-      </template>
-    </gl-sprintf>
-    <template #actions>
-      <gl-button
-        :href="$options.UPGRADE_DOCS_URL"
-        variant="confirm"
-        @click="trackUpgradeNowClick"
-        >{{ $options.i18n.primaryButtonText }}</gl-button
-      >
-    </template>
-  </gl-alert>
-</template>
diff --git a/app/assets/javascripts/gitlab_version_check/index.js b/app/assets/javascripts/gitlab_version_check/index.js
index edb7e9abe49..dff09d2cb51 100644
--- a/app/assets/javascripts/gitlab_version_check/index.js
+++ b/app/assets/javascripts/gitlab_version_check/index.js
@@ -1,7 +1,6 @@
 import Vue from 'vue';
 import { parseBoolean, convertObjectPropsToCamelCase } from '~/lib/utils/common_utils';
 import GitlabVersionCheckBadge from './components/gitlab_version_check_badge.vue';
-import SecurityPatchUpgradeAlert from './components/security_patch_upgrade_alert.vue';
 import SecurityPatchUpgradeAlertModal from './components/security_patch_upgrade_alert_modal.vue';
 
 const mountGitlabVersionCheckBadge = (el) => {
@@ -33,25 +32,6 @@ const mountGitlabVersionCheckBadge = (el) => {
   }
 };
 
-const mountSecurityPatchUpgradeAlert = (el) => {
-  const { currentVersion } = el.dataset;
-
-  try {
-    return new Vue({
-      el,
-      render(createElement) {
-        return createElement(SecurityPatchUpgradeAlert, {
-          props: {
-            currentVersion,
-          },
-        });
-      },
-    });
-  } catch {
-    return null;
-  }
-};
-
 const mountSecurityPatchUpgradeAlertModal = (el) => {
   const { currentVersion, version } = el.dataset;
 
@@ -78,16 +58,11 @@ const mountSecurityPatchUpgradeAlertModal = (el) => {
 export default () => {
   const renderedApps = [];
 
-  const securityPatchUpgradeAlert = document.getElementById('js-security-patch-upgrade-alert');
   const securityPatchUpgradeAlertModal = document.getElementById(
     'js-security-patch-upgrade-alert-modal',
   );
   const versionCheckBadges = [...document.querySelectorAll('.js-gitlab-version-check-badge')];
 
-  if (securityPatchUpgradeAlert) {
-    renderedApps.push(mountSecurityPatchUpgradeAlert(securityPatchUpgradeAlert));
-  }
-
   if (securityPatchUpgradeAlertModal) {
     renderedApps.push(mountSecurityPatchUpgradeAlertModal(securityPatchUpgradeAlertModal));
   }
diff --git a/app/helpers/version_check_helper.rb b/app/helpers/version_check_helper.rb
index 4bd89a3d4e2..1fec0a916b8 100644
--- a/app/helpers/version_check_helper.rb
+++ b/app/helpers/version_check_helper.rb
@@ -3,8 +3,6 @@
 module VersionCheckHelper
   include Gitlab::Utils::StrongMemoize
 
-  SECURITY_ALERT_SEVERITY = 'danger'
-
   def show_version_check?
     return false unless Gitlab::CurrentSettings.version_check_enabled
     return false if User.single_user&.requires_usage_stats_consent?
@@ -18,9 +16,9 @@ module VersionCheckHelper
   strong_memoize_attr :gitlab_version_check
 
   def show_security_patch_upgrade_alert?
-    return false unless Feature.enabled?(:critical_security_alert) && show_version_check? && gitlab_version_check
+    return false unless show_version_check? && gitlab_version_check
 
-    gitlab_version_check['severity'] === SECURITY_ALERT_SEVERITY
+    Gitlab::Utils.to_boolean(gitlab_version_check['critical_vulnerability'])
   end
 
   def link_to_version
diff --git a/app/views/shared/gitlab_version/_security_patch_upgrade_alert.html.haml b/app/views/shared/gitlab_version/_security_patch_upgrade_alert.html.haml
index 9fe1400e877..2b1ab9f21e5 100644
--- a/app/views/shared/gitlab_version/_security_patch_upgrade_alert.html.haml
+++ b/app/views/shared/gitlab_version/_security_patch_upgrade_alert.html.haml
@@ -1,4 +1,3 @@
 - return unless show_security_patch_upgrade_alert?
 
-#js-security-patch-upgrade-alert{ data: { "current_version": Gitlab.version_info } }
 #js-security-patch-upgrade-alert-modal{ data: { "current_version": Gitlab.version_info, "version": gitlab_version_check.to_json } }
diff --git a/config/feature_flags/development/critical_security_alert.yml b/config/feature_flags/development/critical_security_alert.yml
deleted file mode 100644
index 6bb5100efc8..00000000000
--- a/config/feature_flags/development/critical_security_alert.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-name: critical_security_alert
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108732
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/387719
-milestone: '15.8'
-type: development
-group: group::distribution
-default_enabled: false
diff --git a/data/deprecations/15-8-deprecate-backups-support-for-openstack-rackspace-apis.yml b/data/deprecations/15-8-deprecate-backups-support-for-openstack-rackspace-apis.yml
new file mode 100644
index 00000000000..0097f59d1f9
--- /dev/null
+++ b/data/deprecations/15-8-deprecate-backups-support-for-openstack-rackspace-apis.yml
@@ -0,0 +1,13 @@
+- title: "Automatic backup upload using Openstack Swift and Rackspace APIs"  # (required) The name of the feature to be deprecated
+  announcement_milestone: "15.8"  # (required) The milestone when this feature was first announced as deprecated.
+  removal_milestone: "15.10"  # (required) The milestone when this feature is planned to be removed
+  end_of_support_milestone: "15.10"  # (optional) Use "XX.YY" format. The milestone when support for this feature will end.
+  breaking_change: true  # (required) If this deprecation is a breaking change, set this value to true
+  reporter: sranasinghe  # (required) GitLab username of the person reporting the deprecation
+  stage: Enablement  # (required) String value of the stage that the feature was created in. e.g., Growth
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/387976  # (required) Link to the deprecation issue in GitLab
+  body: |  # (required) Do not modify this line, instead modify the lines below.
+    We are deprecating support for [uploading backups to remote storage](https://docs.gitlab.com/ee/raketasks/backup_gitlab.html#upload-backups-to-a-remote-cloud-storage) using Openstack Swift and Rackspace APIs. The support for these APIs depends on third-party libraries that are no longer actively maintained and have not been updated for  Ruby 3. GitLab is switching over to Ruby 3 prior to EOL of Ruby 2 in order to stay up to date on security patches.
+
+    - If you're using OpenStack, you need to change you configuration to use the S3 API instead of Swift.
+    - If you're using Rackspace storage, you need to switch to a different provider or manually upload the backup file after the backup task is complete.
diff --git a/data/whats_new/20230220001_15_08.yml b/data/whats_new/20230220001_15_08.yml
new file mode 100644
index 00000000000..30f1f1ea8d7
--- /dev/null
+++ b/data/whats_new/20230220001_15_08.yml
@@ -0,0 +1,72 @@
+- name: Block merges unless external status checks pass
+  description: |  # Do not modify this line, instead modify the lines below.
+    You can now configure projects to block merge request merges unless all external status checks pass. This allows you to confidently rely on external systems as part of your GitLab workflows and ensure that all required steps are completed before the code is merged.
+
+    When configured, users can only merge merge requests if external status checks pass and the green checkmark is displayed on the merge request. If an external status check is pending or failed, merging the merge request is blocked.
+
+  stage: govern
+  self-managed: true
+  gitlab-com: true
+  available_in: [Ultimate]
+  documentation_link: https://docs.gitlab.com/ee/user/project/merge_requests/status_checks.html#block-merges-of-merge-requests-unless-all-status-checks-have-passed
+  image_url: https://about.gitlab.com/images/15_8/manage-block-external-status-checks.png
+  published_at: 2023-01-22
+  release: 15.8
+- name: SCIM support for self-managed GitLab
+  description: |  # Do not modify this line, instead modify the lines below.
+    Self-managed GitLab now supports the open standard System for Cross-domain Identity Management (SCIM), which allows you to automatically:
+
+        - Create users.
+        - Remove users by deactivating their SCIM identities.
+
+      Previously, this was only available for GitLab.com. SCIM enables GitLab administrators to completely automate their user lifecycle management.
+  stage: manage
+  self-managed: true
+  gitlab-com: false
+  available_in: [Premium, Ultimate]
+  documentation_link: https://docs.gitlab.com/ee/user/admin_area/settings/scim_setup.html
+  image_url: https://about.gitlab.com/images/15_8/manage-scim-token.png
+  published_at: 2023-01-22
+  release: 15.8
+- name: Migrate projects when migrating groups using direct transfer
+  description: |  # Do not modify this line, instead modify the lines below.
+      We are excited to announce the availability of migrating GitLab projects by direct transfer Beta. Now, you can migrate group and project resources together when using direct transfer. You can use direct transfers to migrate between GitLab instances or
+      within the same GitLab instance.
+
+      Migrating projects when [migrating groups using direct transfer](https://docs.gitlab.com/ee/user/group/import/#migrate-groups-by-direct-transfer-recommended) is a major
+      improvement from migrating groups and projects using [file exports](https://docs.gitlab.com/ee/user/project/settings/import_export.html) because:
+
+      - You don't need to manually export each project to a file and then import all those export files to a new location. Now all projects
+        within a top-level group are migrated automatically, making your work more efficient.
+      - When migrating from self-managed GitLab to GitLab.com, user associations (such as comment author) are not changed to the user who is importing the
+        projects. Migration using direct transfer maps users and their contributions correctly, provided
+        [a few conditions are met](https://docs.gitlab.com/ee/user/group/import/#preparation).
+
+      This feature is available on GitLab.com. You can migrate from a self-managed GitLab to GitLab.com
+      right now!
+
+      To enable it on GitLab self-managed instances, see the linked documentation.
+
+      Learn more about migrating GitLab projects by direct transfer Beta and what’s coming next in our recent [blog post](https://about.gitlab.com/blog/2023/01/18/try-out-new-way-to-migrate-projects/).
+  stage: manage
+  self-managed: false
+  gitlab-com: true
+  available_in: [Free, Premium, Ultimate]
+  documentation_link: https://docs.gitlab.com/ee/user/group/import/#migrate-groups-by-direct-transfer-recommended
+  image_url: https://about.gitlab.com/images/15_8/groups-import-with-projects.png
+  published_at: 2023-01-22
+  release: 15.8
+- name: View estimated queuing time for runners in the Admin Area
+  description: |  # Do not modify this line, instead modify the lines below.
+        A key input in GitLab Runner fleet optimization is having deep insights into queue performance over time. While today there are historical queue duration metrics available for each job on a runner in the Admin Area view, there is no simple mechanism to determine the current queue performance for runners.
+
+        With the new estimated queue time feature, you are now able to, at a glance, determine the median estimated wait time for all instance runners. This data will enable you to proactively identify potential CI job execution issues for your organization's developers and provide insights to inform decisions on configuration or resource changes to optimize your runner fleet.
+
+  stage: verify
+  self-managed: true
+  gitlab-com: false
+  available_in: [Ultimate]
+  documentation_link: https://docs.gitlab.com/ee/ci/runners/configure_runners.html#view-statistics-for-runner-performance
+  image_url: https://about.gitlab.com/images/15_8/admin-runners-estimated-queue-wait-time.png
+  published_at: 2023-01-22
+  release: 15.8
diff --git a/doc/api/import.md b/doc/api/import.md
index 407f1974f7d..67ee7bc60a1 100644
--- a/doc/api/import.md
+++ b/doc/api/import.md
@@ -122,11 +122,12 @@ Returns the following status codes:
 
 ## Import GitHub gists into GitLab snippets
 
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/371099) in GitLab 15.8 [with a flag](../administration/feature_flags.md) named `github_import_gists`. Disabled by default.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/371099) in GitLab 15.8 [with a flag](../administration/feature_flags.md) named `github_import_gists`. Disabled by default. Enabled on GitLab.com.
 
 FLAG:
 On self-managed GitLab, by default this feature is not available. To make it available,
 ask an administrator to [enable the feature flag](../administration/feature_flags.md) named `github_import_gists`.
+On GitLab.com, this feature is available.
 
 You can use the GitLab API to import personal GitHub gists (with up to 10 files) into personal GitLab snippets.
 GitHub gists with more than 10 files are skipped. You should manually migrate these GitHub gists.
diff --git a/doc/raketasks/backup_gitlab.md b/doc/raketasks/backup_gitlab.md
index 771120df1c3..ffa67c6b4a9 100644
--- a/doc/raketasks/backup_gitlab.md
+++ b/doc/raketasks/backup_gitlab.md
@@ -416,6 +416,9 @@ GitLab also [imports cloud drivers](https://gitlab.com/gitlab-org/gitlab/-/blob/
 for AWS, Google, OpenStack Swift, Rackspace, and Aliyun. A local driver is
 [also available](#upload-to-locally-mounted-shares).
 
+NOTE:
+Support for Openstack Swift and Rackspace APIs will be removed in GitLab 15.10. See [issue #387976](https://gitlab.com/gitlab-org/gitlab/-/issues/387976) for more information.
+
 [Read more about using object storage with GitLab](../administration/object_storage.md).
 
 #### Using Amazon S3
diff --git a/doc/topics/plan_and_track.md b/doc/topics/plan_and_track.md
index 8b1fb1657a0..d79a8ad066b 100644
--- a/doc/topics/plan_and_track.md
+++ b/doc/topics/plan_and_track.md
@@ -21,31 +21,21 @@ with [Scaled Agile Framework (SAFe)](https://about.gitlab.com/solutions/agile-de
 
 <!-- vale gitlab.Spelling = YES -->
 
-## Basic workflow features
-
-Planning features everyone needs to use day-to-day.
-
-- [Keyboard shortcuts](../user/shortcuts.md)
-- [Markdown](../user/markdown.md)
-- [Quick actions](../user/project/quick_actions.md)
-- [To-Do lists](../user/todos.md)
-- [Using Git](../topics/git/index.md)
-
 ## Team planning
 
 Get work done as a team.
 
-- [Comments and threads](../user/discussions/index.md)
-- [Customer relations (CRM)](../user/crm/index.md)
-  - [Contacts](../user/crm/index.md#contacts)
-  - [Organizations](../user/crm/index.md#organizations)
-- [Issues](../user/project/issues/index.md)
-- [Iterations](../user/group/iterations/index.md)
 - [Labels](../user/project/labels.md)
+- [Iterations](../user/group/iterations/index.md)
 - [Milestones](../user/project/milestones/index.md)
-- [Requirements](../user/project/requirements/index.md)
+- [Issues](../user/project/issues/index.md)
+- [Comments and threads](../user/discussions/index.md)
 - [Tasks](../user/tasks.md)
+- [Requirements](../user/project/requirements/index.md)
 - [Time tracking](../user/project/time_tracking.md)
+- [Customer relations (CRM)](../user/crm/index.md)
+  - [Contacts](../user/crm/index.md#contacts)
+  - [Organizations](../user/crm/index.md#organizations)
 - [Wikis](../user/project/wiki/index.md)
 
 ## Portfolio management
@@ -59,3 +49,13 @@ Align your work across teams.
 - [Roadmaps](../user/group/roadmap/index.md)
 - [Planning hierarchies](../user/group/planning_hierarchy/index.md)
 - [Objectives and key results](../user/okrs.md)
+
+## Basic workflow features
+
+Use these day-to-day planning features.
+
+- [Keyboard shortcuts](../user/shortcuts.md)
+- [Quick actions](../user/project/quick_actions.md)
+- [Markdown](../user/markdown.md)
+- [To-Do List](../user/todos.md)
+- [Using Git](../topics/git/index.md)
diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md
index e4c2f149653..cfee3263db8 100644
--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@@ -99,6 +99,24 @@ Because Cloud Native Buildpacks do not support automatic testing, the Auto Test
 
 </div>
 
+<div class="deprecation removal-1510 breaking-change">
+
+### Automatic backup upload using Openstack Swift and Rackspace APIs
+
+End of Support: GitLab <span class="removal-milestone">15.10</span> <span class="support-end-date"></span><br />
+Planned removal: GitLab <span class="removal-milestone">15.10</span> <span class="removal-date"></span>
+
+WARNING:
+This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+Review the details carefully before upgrading.
+
+We are deprecating support for [uploading backups to remote storage](https://docs.gitlab.com/ee/raketasks/backup_gitlab.html#upload-backups-to-a-remote-cloud-storage) using Openstack Swift and Rackspace APIs. The support for these APIs depends on third-party libraries that are no longer actively maintained and have not been updated for  Ruby 3. GitLab is switching over to Ruby 3 prior to EOL of Ruby 2 in order to stay up to date on security patches.
+
+- If you're using OpenStack, you need to change you configuration to use the S3 API instead of Swift.
+- If you're using Rackspace storage, you need to switch to a different provider or manually upload the backup file after the backup task is complete.
+
+</div>
+
 <div class="deprecation removal-160 breaking-change">
 
 ### Azure Storage Driver defaults to the correct root prefix
diff --git a/doc/user/admin_area/appearance.md b/doc/user/admin_area/appearance.md
index fc42c7770f2..a65c0c86649 100644
--- a/doc/user/admin_area/appearance.md
+++ b/doc/user/admin_area/appearance.md
@@ -38,6 +38,8 @@ of the page to activate it in the GitLab instance.
 
 ## System header and footer messages
 
+> **Enable header and footer in emails** checkbox [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/344819) in GitLab 15.9.
+
 You can add a small header message, a small footer message, or both, to the interface
 of your GitLab instance. These messages appear on all projects and pages of the
 instance, including the sign in / sign up page. The default color is white text on
diff --git a/doc/user/project/service_desk.md b/doc/user/project/service_desk.md
index 83cf47d508c..cc195c3c959 100644
--- a/doc/user/project/service_desk.md
+++ b/doc/user/project/service_desk.md
@@ -113,6 +113,8 @@ With Service Desk, you can use templates for:
 
 #### Email header and footer **(FREE SELF)**
 
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/344819) in GitLab 15.9.
+
 Instance administrators can add a small header or footer to the GitLab instance and make them
 visible in the email template. For more information, see
 [System header and footer messages](../admin_area/appearance.md#system-header-and-footer-messages).
diff --git a/lib/gitlab/ci/parsers/security/validators/schema_validator.rb b/lib/gitlab/ci/parsers/security/validators/schema_validator.rb
index e6a2e5c3b33..bef4b147359 100644
--- a/lib/gitlab/ci/parsers/security/validators/schema_validator.rb
+++ b/lib/gitlab/ci/parsers/security/validators/schema_validator.rb
@@ -65,7 +65,7 @@ module Gitlab
 
                 if latest_vendored_patch_version
                   latest_vendored_patch_version_file = File.join(root_path, latest_vendored_patch_version, file_name)
-                  return latest_vendored_patch_version_file if File.file?(latest_vendored_patch_version)
+                  return latest_vendored_patch_version_file if File.file?(latest_vendored_patch_version_file)
                 end
 
                 earliest_supported_version = SUPPORTED_VERSIONS[report_type].min
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 0bff766f549..d1b86c8ad1a 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -46183,9 +46183,6 @@ msgstr ""
 msgid "VersionCheck|%{details}"
 msgstr ""
 
-msgid "VersionCheck|Critical security upgrade available"
-msgstr ""
-
 msgid "VersionCheck|Important notice - Critical security release"
 msgstr ""
 
@@ -46213,9 +46210,6 @@ msgstr ""
 msgid "VersionCheck|You are currently on version %{currentVersion}! We strongly recommend upgrading your GitLab installation to one of the following versions immediately: %{latestStableVersions}."
 msgstr ""
 
-msgid "VersionCheck|You are currently on version %{currentVersion}. We strongly recommend upgrading your GitLab installation. %{link}"
-msgstr ""
-
 msgid "VersionCheck|Your GitLab Version"
 msgstr ""
 
diff --git a/spec/features/merge_request/user_sees_merge_widget_spec.rb b/spec/features/merge_request/user_sees_merge_widget_spec.rb
index 237f361bd72..0297bb5b935 100644
--- a/spec/features/merge_request/user_sees_merge_widget_spec.rb
+++ b/spec/features/merge_request/user_sees_merge_widget_spec.rb
@@ -18,6 +18,7 @@ RSpec.describe 'Merge request > User sees merge widget', :js, feature_category:
   end
 
   before do
+    stub_feature_flags(refactor_security_extension: false)
     project.add_maintainer(user)
     project_only_mwps.add_maintainer(user)
     sign_in(user)
diff --git a/spec/frontend/gitlab_version_check/components/security_patch_upgrade_alert_spec.js b/spec/frontend/gitlab_version_check/components/security_patch_upgrade_alert_spec.js
deleted file mode 100644
index 665dacd5c47..00000000000
--- a/spec/frontend/gitlab_version_check/components/security_patch_upgrade_alert_spec.js
+++ /dev/null
@@ -1,84 +0,0 @@
-import { GlAlert, GlButton, GlLink, GlSprintf } from '@gitlab/ui';
-import { shallowMount } from '@vue/test-utils';
-import { mockTracking, unmockTracking } from 'helpers/tracking_helper';
-import SecurityPatchUpgradeAlert from '~/gitlab_version_check/components/security_patch_upgrade_alert.vue';
-import { UPGRADE_DOCS_URL, ABOUT_RELEASES_PAGE } from '~/gitlab_version_check/constants';
-
-describe('SecurityPatchUpgradeAlert', () => {
-  let wrapper;
-  let trackingSpy;
-
-  const defaultProps = {
-    currentVersion: '99.9',
-  };
-
-  const createComponent = () => {
-    trackingSpy = mockTracking(undefined, undefined, jest.spyOn);
-
-    wrapper = shallowMount(SecurityPatchUpgradeAlert, {
-      propsData: {
-        ...defaultProps,
-      },
-      stubs: {
-        GlAlert,
-        GlSprintf,
-      },
-    });
-  };
-
-  afterEach(() => {
-    unmockTracking();
-  });
-
-  const findGlAlert = () => wrapper.findComponent(GlAlert);
-  const findGlButton = () => wrapper.findComponent(GlButton);
-  const findGlLink = () => wrapper.findComponent(GlLink);
-
-  describe('template', () => {
-    beforeEach(() => {
-      createComponent();
-    });
-
-    it('renders non-dismissible GlAlert with version information', () => {
-      expect(findGlAlert().text()).toContain(
-        `You are currently on version ${defaultProps.currentVersion}.`,
-      );
-      expect(findGlAlert().props('dismissible')).toBe(false);
-    });
-
-    it('tracks render security_patch_upgrade_alert correctly', () => {
-      expect(trackingSpy).toHaveBeenCalledWith(undefined, 'render', {
-        label: 'security_patch_upgrade_alert',
-        property: defaultProps.currentVersion,
-      });
-    });
-
-    it('renders GlLink with correct text and link', () => {
-      expect(findGlLink().text()).toBe('Learn more about this critical security release.');
-      expect(findGlLink().attributes('href')).toBe(ABOUT_RELEASES_PAGE);
-    });
-
-    it('tracks click security_patch_upgrade_alert_learn_more when link is clicked', async () => {
-      await findGlLink().vm.$emit('click');
-
-      expect(trackingSpy).toHaveBeenCalledWith(undefined, 'click_link', {
-        label: 'security_patch_upgrade_alert_learn_more',
-        property: defaultProps.currentVersion,
-      });
-    });
-
-    it('renders GlButton with correct text and link', () => {
-      expect(findGlButton().text()).toBe('Upgrade now');
-      expect(findGlButton().attributes('href')).toBe(UPGRADE_DOCS_URL);
-    });
-
-    it('tracks click security_patch_upgrade_alert_upgrade_now when button is clicked', async () => {
-      await findGlButton().vm.$emit('click');
-
-      expect(trackingSpy).toHaveBeenCalledWith(undefined, 'click_link', {
-        label: 'security_patch_upgrade_alert_upgrade_now',
-        property: defaultProps.currentVersion,
-      });
-    });
-  });
-});
diff --git a/spec/frontend/gitlab_version_check/index_spec.js b/spec/frontend/gitlab_version_check/index_spec.js
index 92bc103cede..893105969ed 100644
--- a/spec/frontend/gitlab_version_check/index_spec.js
+++ b/spec/frontend/gitlab_version_check/index_spec.js
@@ -7,9 +7,6 @@ import {
   VERSION_CHECK_BADGE_FIXTURE,
   VERSION_CHECK_BADGE_FINDER,
   VERSION_BADGE_TEXT,
-  SECURITY_PATCH_FIXTURE,
-  SECURITY_PATCH_FINDER,
-  SECURITY_PATCH_TEXT,
   SECURITY_MODAL_FIXTURE,
   SECURITY_MODAL_FINDER,
   SECURITY_MODAL_TEXT,
@@ -29,15 +26,13 @@ describe('initGitlabVersionCheck', () => {
   });
 
   describe.each`
-    description                                                     | fixture                                                                               | finders                                                                       | componentTexts
-    ${'with no version check elements'}                             | ${'<div></div>'}                                                                      | ${[]}                                                                         | ${[]}
-    ${'with version check badge el but no prop data'}               | ${VERSION_CHECK_BADGE_NO_PROP_FIXTURE}                                                | ${[VERSION_CHECK_BADGE_FINDER]}                                               | ${[undefined]}
-    ${'with version check badge el but no severity data'}           | ${VERSION_CHECK_BADGE_NO_SEVERITY_FIXTURE}                                            | ${[VERSION_CHECK_BADGE_FINDER]}                                               | ${[undefined]}
-    ${'with version check badge el and version data'}               | ${VERSION_CHECK_BADGE_FIXTURE}                                                        | ${[VERSION_CHECK_BADGE_FINDER]}                                               | ${[VERSION_BADGE_TEXT]}
-    ${'with security patch el'}                                     | ${SECURITY_PATCH_FIXTURE}                                                             | ${[SECURITY_PATCH_FINDER]}                                                    | ${[SECURITY_PATCH_TEXT]}
-    ${'with security patch and version badge els'}                  | ${`${SECURITY_PATCH_FIXTURE}${VERSION_CHECK_BADGE_FIXTURE}`}                          | ${[SECURITY_PATCH_FINDER, VERSION_CHECK_BADGE_FINDER]}                        | ${[SECURITY_PATCH_TEXT, VERSION_BADGE_TEXT]}
-    ${'with security modal el'}                                     | ${SECURITY_MODAL_FIXTURE}                                                             | ${[SECURITY_MODAL_FINDER]}                                                    | ${[SECURITY_MODAL_TEXT]}
-    ${'with security modal, security patch, and version badge els'} | ${`${SECURITY_PATCH_FIXTURE}${SECURITY_MODAL_FIXTURE}${VERSION_CHECK_BADGE_FIXTURE}`} | ${[SECURITY_PATCH_FINDER, SECURITY_MODAL_FINDER, VERSION_CHECK_BADGE_FINDER]} | ${[SECURITY_PATCH_TEXT, SECURITY_MODAL_TEXT, VERSION_BADGE_TEXT]}
+    description                                           | fixture                                                      | finders                                                | componentTexts
+    ${'with no version check elements'}                   | ${'<div></div>'}                                             | ${[]}                                                  | ${[]}
+    ${'with version check badge el but no prop data'}     | ${VERSION_CHECK_BADGE_NO_PROP_FIXTURE}                       | ${[VERSION_CHECK_BADGE_FINDER]}                        | ${[undefined]}
+    ${'with version check badge el but no severity data'} | ${VERSION_CHECK_BADGE_NO_SEVERITY_FIXTURE}                   | ${[VERSION_CHECK_BADGE_FINDER]}                        | ${[undefined]}
+    ${'with version check badge el and version data'}     | ${VERSION_CHECK_BADGE_FIXTURE}                               | ${[VERSION_CHECK_BADGE_FINDER]}                        | ${[VERSION_BADGE_TEXT]}
+    ${'with security modal el'}                           | ${SECURITY_MODAL_FIXTURE}                                    | ${[SECURITY_MODAL_FINDER]}                             | ${[SECURITY_MODAL_TEXT]}
+    ${'with security modal and version badge els'}        | ${`${SECURITY_MODAL_FIXTURE}${VERSION_CHECK_BADGE_FIXTURE}`} | ${[SECURITY_MODAL_FINDER, VERSION_CHECK_BADGE_FINDER]} | ${[SECURITY_MODAL_TEXT, VERSION_BADGE_TEXT]}
   `('$description', ({ fixture, finders, componentTexts }) => {
     beforeEach(() => {
       createApp(fixture);
diff --git a/spec/frontend/gitlab_version_check/mock_data.js b/spec/frontend/gitlab_version_check/mock_data.js
index 707d45550eb..fb8c9ec81a7 100644
--- a/spec/frontend/gitlab_version_check/mock_data.js
+++ b/spec/frontend/gitlab_version_check/mock_data.js
@@ -9,12 +9,6 @@ export const VERSION_CHECK_BADGE_FINDER = '[data-testid="badge-click-wrapper"]';
 
 export const VERSION_BADGE_TEXT = 'Up to date';
 
-export const SECURITY_PATCH_FIXTURE = `<div id="js-security-patch-upgrade-alert" data-current-version="15.1"></div>`;
-
-export const SECURITY_PATCH_FINDER = 'h2';
-
-export const SECURITY_PATCH_TEXT = 'Critical security upgrade available';
-
 export const SECURITY_MODAL_FIXTURE = `<div id="js-security-patch-upgrade-alert-modal" data-current-version="15.1" data-version='{ "details": "test details", "latest-stable-versions": "[]" }'></div>`;
 
 export const SECURITY_MODAL_FINDER = '[data-testid="alert-modal-title"]';
diff --git a/spec/helpers/version_check_helper_spec.rb b/spec/helpers/version_check_helper_spec.rb
index c76eb08820a..1c8eacf088a 100644
--- a/spec/helpers/version_check_helper_spec.rb
+++ b/spec/helpers/version_check_helper_spec.rb
@@ -49,26 +49,29 @@ RSpec.describe VersionCheckHelper do
 
   describe '#show_security_patch_upgrade_alert?' do
     describe 'return conditions' do
-      where(:feature_enabled, :show_version_check, :gitlab_version_check, :result) do
+      where(:show_version_check, :gitlab_version_check, :result) do
         [
-          [false, false, nil, false],
-          [false, false, { "severity" => "success" }, false],
-          [false, false, { "severity" => "danger" }, false],
-          [false, true, nil, false],
-          [false, true, { "severity" => "success" }, false],
-          [false, true, { "severity" => "danger" }, false],
-          [true, false, nil, false],
-          [true, false, { "severity" => "success" }, false],
-          [true, false, { "severity" => "danger" }, false],
-          [true, true, nil, false],
-          [true, true, { "severity" => "success" }, false],
-          [true, true, { "severity" => "danger" }, true]
+          [false, nil, false],
+          [false, { "severity" => "success" }, false],
+          [false, { "severity" => "danger" }, false],
+          [false, { "severity" => "danger", "critical_vulnerability" => 'some text' }, false],
+          [false, { "severity" => "danger", "critical_vulnerability" => 'false' }, false],
+          [false, { "severity" => "danger", "critical_vulnerability" => false }, false],
+          [false, { "severity" => "danger", "critical_vulnerability" => 'true' }, false],
+          [false, { "severity" => "danger", "critical_vulnerability" => true }, false],
+          [true, nil, false],
+          [true, { "severity" => "success" }, nil],
+          [true, { "severity" => "danger" }, nil],
+          [true, { "severity" => "danger", "critical_vulnerability" => 'some text' }, nil],
+          [true, { "severity" => "danger", "critical_vulnerability" => 'false' }, false],
+          [true, { "severity" => "danger", "critical_vulnerability" => false }, false],
+          [true, { "severity" => "danger", "critical_vulnerability" => 'true' }, true],
+          [true, { "severity" => "danger", "critical_vulnerability" => true }, true]
         ]
       end
 
       with_them do
         before do
-          stub_feature_flags(critical_security_alert: feature_enabled)
           allow(helper).to receive(:show_version_check?).and_return(show_version_check)
           allow(helper).to receive(:gitlab_version_check).and_return(gitlab_version_check)
         end
diff --git a/spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb b/spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb
index 12886c79d7d..5fbaae58a73 100644
--- a/spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb
+++ b/spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb
@@ -567,6 +567,28 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator, featu
         end
 
         it { is_expected.to match_array([message]) }
+
+        context 'without license', unless: Gitlab.ee? do
+          let(:schema_path) { Rails.root.join(*%w[lib gitlab ci parsers security validators schemas]) }
+
+          it 'tries to validate against the latest patch version available' do
+            expect(File).to receive(:file?).with("#{schema_path}/#{report_version}/#{report_type}-report-format.json")
+            expect(File).to receive(:file?).with("#{schema_path}/#{latest_patch_version}/#{report_type}-report-format.json")
+
+            subject
+          end
+        end
+
+        context 'with license', if: Gitlab.ee? do
+          let(:schema_path) { Rails.root.join(*%w[ee lib ee gitlab ci parsers security validators schemas]) }
+
+          it 'tries to validate against the latest patch version available' do
+            expect(File).to receive(:file?).with("#{schema_path}/#{report_version}/#{report_type}-report-format.json")
+            expect(File).to receive(:file?).with("#{schema_path}/#{latest_patch_version}/#{report_type}-report-format.json")
+
+            subject
+          end
+        end
       end
 
       context 'and the report is invalid' do
diff --git a/spec/views/shared/gitlab_version/_security_patch_upgrade_alert.html.haml_spec.rb b/spec/views/shared/gitlab_version/_security_patch_upgrade_alert.html.haml_spec.rb
index 4387a3f5b07..c94511a0c82 100644
--- a/spec/views/shared/gitlab_version/_security_patch_upgrade_alert.html.haml_spec.rb
+++ b/spec/views/shared/gitlab_version/_security_patch_upgrade_alert.html.haml_spec.rb
@@ -9,10 +9,6 @@ RSpec.describe 'shared/gitlab_version/_security_patch_upgrade_alert' do
       render
     end
 
-    it 'renders the security patch upgrade alert' do
-      expect(rendered).to have_selector('#js-security-patch-upgrade-alert')
-    end
-
     it 'renders the security patch upgrade alert modal' do
       expect(rendered).to have_selector('#js-security-patch-upgrade-alert-modal')
     end
diff --git a/workhorse/internal/badgateway/roundtripper.go b/workhorse/internal/badgateway/roundtripper.go
index cc982b092a7..ce4e9e6a177 100644
--- a/workhorse/internal/badgateway/roundtripper.go
+++ b/workhorse/internal/badgateway/roundtripper.go
@@ -2,6 +2,7 @@ package badgateway
 
 import (
 	"bytes"
+	"context"
 	_ "embed"
 	"encoding/base64"
 	"fmt"
@@ -47,9 +48,14 @@ func (t *roundTripper) RoundTrip(r *http.Request) (*http.Response, error) {
 	fields := log.Fields{"duration_ms": int64(time.Since(start).Seconds() * 1000)}
 	log.WithRequest(r).WithFields(fields).WithError(&sentryError{fmt.Errorf("badgateway: failed to receive response: %v", err)}).Error()
 
+	code := http.StatusBadGateway
+	if r.Context().Err() == context.Canceled {
+		code = 499 // Code used by NGINX when client disconnects
+	}
+
 	injectedResponse := &http.Response{
-		StatusCode: http.StatusBadGateway,
-		Status:     http.StatusText(http.StatusBadGateway),
+		StatusCode: code,
+		Status:     http.StatusText(code),
 
 		Request:    r,
 		ProtoMajor: r.ProtoMajor,
diff --git a/workhorse/internal/badgateway/roundtripper_test.go b/workhorse/internal/badgateway/roundtripper_test.go
index b59cb8d2c5b..ed2de452f80 100644
--- a/workhorse/internal/badgateway/roundtripper_test.go
+++ b/workhorse/internal/badgateway/roundtripper_test.go
@@ -1,9 +1,11 @@
 package badgateway
 
 import (
+	"context"
 	"errors"
 	"io"
 	"net/http"
+	"net/http/httptest"
 	"testing"
 
 	"github.com/stretchr/testify/require"
@@ -54,3 +56,36 @@ func TestErrorPage502(t *testing.T) {
 		})
 	}
 }
+
+func TestClientDisconnect499(t *testing.T) {
+	serverSync := make(chan struct{})
+	ts := httptest.NewServer(http.HandlerFunc(func(http.ResponseWriter, *http.Request) {
+		serverSync <- struct{}{}
+		<-serverSync
+	}))
+	defer func() {
+		close(serverSync)
+		ts.Close()
+	}()
+
+	clientResponse := make(chan *http.Response)
+	clientContext, clientCancel := context.WithCancel(context.Background())
+
+	go func() {
+		req, err := http.NewRequestWithContext(clientContext, "GET", ts.URL, nil)
+		require.NoError(t, err, "build request")
+
+		rt := NewRoundTripper(false, http.DefaultTransport)
+		response, err := rt.RoundTrip(req)
+		require.NoError(t, err, "perform roundtrip")
+		require.NoError(t, response.Body.Close())
+
+		clientResponse <- response
+	}()
+
+	<-serverSync
+
+	clientCancel()
+	response := <-clientResponse
+	require.Equal(t, 499, response.StatusCode, "response status")
+}