Details
-
Bug
-
Resolution: Not a bug
-
High
-
None
-
3.11.1
-
None
Description
Pull requests that were approved, not yet merged, then updated by the developer are not getting automatically unapproved. Merging them merges unapproved changes.
This results in unapproved code getting into the repository, which is a huge compliance and security hole.
Example:
Developer changes file f1 on feature/123, commits it, then pushes and creates pull request
Senior developer reviews and approves pull request (but it's not yet merged)
Developer changes file f2 on feature/123, commits it, then pushes again
Senior developer merges the pull request
At this point unreviewed and unapproved f2 gets into the system!
There's an unofficial plugin to address this, and it's unsupported by Atlassian. Pull requests are integral part of Atlassian Stash, and this is a bug that introduces a huge security and compliance issue.
Attachments
Issue Links
- is related to
-
BSERV-3887 Indicate which pull request approvals are "out of date"
- Gathering Interest