Resolve "Add non ref contextual columns to the vulnerabilities table" (!205203) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

This change adds two new fields to the vulnerabilities database table: "solution" and "cve". The solution field can store up to 7,000 characters of text describing how to fix a security vulnerability, while the cve field can store up to 48,400 characters containing Common Vulnerabilities and Exposures (CVE) information - which is standardized data about known security flaws. The migration includes proper rollback functionality to remove these fields if needed, and updates the database structure with appropriate length constraints to prevent overly large text entries.

The columns already exist on the vulnerability_occurrences table, but as part of the paradigm shift we want to move non-contextual vulnerability definition information to the vulnerabilities table to appropriately normalize this information.

There is a known freeze on adding columns to this table, but we will be partitioning these tables in the coming months as part of the vulns across branches project.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #555979

Edited Oct 21, 2025 by Gregory Havenga

Resolve "Add non ref contextual columns to the vulnerabilities table"

What does this MR do and why?

MR acceptance checklist

Merge request reports