From 37bfce8d100fc0a857a2bd29b5ca92c2154cb223 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hannes=20H=C3=B6rl?=
 <2185075-hoegaarden@users.noreply.gitlab.com>
Date: Wed, 19 Feb 2025 05:27:00 +0000
Subject: [PATCH] Deprecation: Switch default for FF_GIT_URLS_WITHOUT_TOKENS to
 false

---
 ...tch-ff-git-urls-without-tokens-default.yml | 48 +++++++++++++++++++
 doc/update/deprecations.md                    | 31 ++++++++++++
 2 files changed, 79 insertions(+)
 create mode 100644 data/deprecations/18-0-runner-switch-ff-git-urls-without-tokens-default.yml

diff --git a/data/deprecations/18-0-runner-switch-ff-git-urls-without-tokens-default.yml b/data/deprecations/18-0-runner-switch-ff-git-urls-without-tokens-default.yml
new file mode 100644
index 0000000000000..dd551da037178
--- /dev/null
+++ b/data/deprecations/18-0-runner-switch-ff-git-urls-without-tokens-default.yml
@@ -0,0 +1,48 @@
+- title: "Default GitLab Runner's `FF_GIT_URLS_WITHOUT_TOKENS` feature flag to `true`"
+  removal_milestone: "18.0"
+  announcement_milestone: "17.9"
+  breaking_change: true
+  # window:  # Can be 1, 2, or 3 - The window when the breaking change will be deployed on GitLab.com
+  reporter: hoegaarden
+  stage: stage
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/518709
+  # Use the impact calculator https://gitlab-com.gitlab.io/gl-infra/breaking-change-impact-calculator/?
+  impact: medium # Can be one of: [critical, high, medium, low]
+  # scope:  # Can be one or a combination of: [instance, group, project]
+  resolution_role: Owner # Can be one of: [Admin, Owner, Maintainer, Developer]
+  manual_task: false # Can be true or false. Use this to denote whether a resolution action must be performed manually (true), or if it can be automated by using the API or other automation (false).
+  body: |
+    In GitLab Runner 18.0, to limit the potential for token leakage, the
+    default value for the `FF_GIT_URLS_WITHOUT_TOKENS` feature flag changes
+    to `true`.
+
+    This change affects users who:
+
+    - Use executors that share Git credential state across jobs (for example, shell executor).
+    - Have a caching Git credential helper installed (for example,
+      [gitforwindows](https://gitforwindows.org/) installs
+      [Git credential manager (GCM)](https://github.com/git-ecosystem/git-credential-manager)
+      system-wide by default).
+    - Run builds in parallel.
+
+    To prevent issues, ensure that you don't use any caching Git credential
+    helper with GitLab Runner, use an executor which runs jobs in isolated
+    environments, or run job serially only.
+# # ==============================
+# # OPTIONAL END-OF-SUPPORT FIELDS
+# # ==============================
+# #
+# # If an End of Support period applies:
+# # 1) Share this announcement in the `#spt_managers` Support channel in Slack
+# # 2) Mention `@gitlab-com/support` in this merge request.
+# #
+#   # When support for this feature ends, in XX.YY milestone format.
+#   end_of_support_milestone:
+#   # Array of tiers the feature is currently available to,
+#   # like [Free, Silver, Gold, Core, Premium, Ultimate]
+#   tiers:
+#   # Links to documentation and thumbnail image
+#   documentation_url:
+#   image_url:
+#   # Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
+#   video_url:
diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md
index 6d679776bf320..54de418e76b0f 100644
--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@@ -629,6 +629,37 @@ In most cases, the 45-second value was higher than the timeout value of many sca
 
 <div class="deprecation breaking-change" data-milestone="18.0">
 
+### Default GitLab Runner's `FF_GIT_URLS_WITHOUT_TOKENS` feature flag to `true`
+
+<div class="deprecation-notes">
+
+- Announced in GitLab <span class="milestone">17.9</span>
+- Removal in GitLab <span class="milestone">18.0</span> ([breaking change](https://docs.gitlab.com/update/terminology/#breaking-change))
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/518709).
+
+</div>
+
+In GitLab Runner 18.0, to limit the potential for token leakage, the
+default value for the `FF_GIT_URLS_WITHOUT_TOKENS` feature flag changes
+to `true`.
+
+This change affects users who:
+
+- Use executors that share Git credential state across jobs (for example, shell executor).
+- Have a caching Git credential helper installed (for example,
+  [gitforwindows](https://gitforwindows.org/) installs
+  [Git credential manager (GCM)](https://github.com/git-ecosystem/git-credential-manager)
+  system-wide by default).
+- Run builds in parallel.
+
+To prevent issues, ensure that you don't use any caching Git credential
+helper with GitLab Runner, use an executor which runs jobs in isolated
+environments, or run job serially only.
+
+</div>
+
+<div class="deprecation breaking-change" data-milestone="18.0">
+
 ### Dependency Proxy token scope enforcement
 
 <div class="deprecation-notes">
-- 
GitLab