[ci skip]

[ci skip]

[ci skip]

[ci skip]

Stop deploy token being used as user in ProjectPolicy and GroupPolicy

See merge request gitlab-org/security/gitlab!821

Add check for project access on deploy token check

See merge request gitlab-org/security/gitlab!817

This prevents deploy token from getting permissions for users that
happen to have the same id as the deploy token.

Steve Abrams authored 4 years ago and Jaime Martinez committed 4 years ago

When a deploy token is authenticated, project access
is checked and rejected if not allowed.

Auth spec is fixed to properly test this scenario

Update guard clause to allow nil projects to pass for registry access

Update LFS spec - now returns 401 for invalid deploy token

Fixing flaky tests

Add spec for group deploy token as well

[ci skip]

[ci skip]

Prepare 13.2.4-ee release

See merge request gitlab-org/gitlab!39093

Merge branch '233017-pick-preload-associations-in-graphql-vulnerability-type' into '13-2-stable-ee-patch-4'

Merge branch '233017-preload-associations-in-graphql-vulnerability-type' into '13-2-stable-ee-patch-4'

See merge request gitlab-org/gitlab!39119

Tiger Watson authored 4 years ago and Alan (Maciej) Paruszewski committed 4 years ago

Preload all associations in Vulnerability GraphQL API

See merge request gitlab-org/gitlab!38556

This reverts commit 39e376b3

markrian authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Add workaround for Chrome/Edge 84 SVG bug

See merge request gitlab-org/gitlab!38304

(cherry picked from commit c9455231)

f69c946e Add workaround for Chrome/Edge 84 SVG bug

Marcin Sedlak-Jakubowski authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

docs: Fix a typo in realtime feedback CI YAML

See merge request gitlab-org/gitlab!38271

(cherry picked from commit 6351f6a4)

3f0fef9b Fix a typo in realtime feedback CI YAML doc

Patrick Bajao authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Create issue automatically from Prometheus alert

Closes #231497

See merge request gitlab-org/gitlab!37884

(cherry picked from commit 275dd46f)

f085ec5f Create issue automatically from Prometheus alert
105f3b6d Ensure prometheus traited alert is valid
41833edb Add tests for Prometheus alert processing
96eb1301 Add changelog file
ee5157b0 Use strong memoization
6b5c7c91 Apply 1 suggestion(s) to 1 file(s)
b69e3a04 Rename some variables

Add decompressed archive size validation

See merge request gitlab-org/gitlab!38736

- Validate Project/Group Import incoming compressed
  archive to make sure decompressed size is within
  acceptabe range

[ci skip]

[ci skip]

2FA not enforced on /profile/applications

See merge request gitlab-org/security/gitlab!781

Małgorzata Ksionek authored 4 years ago and mksionek committed 4 years ago

Add one more spec

Add changelog entry

Fix changelog

Move concern to doorkeeper base controller

Add base metal controller

Add new controller

Fix

Remove 2FA from api-endpoints

Add if-clause block around helper method

Add controllers tests

And implement 2FA enforcement in tokens controllers

Remove obsolete let in spec

Fix

Fix

Upgrade kramdown to 2.3.0

See merge request gitlab-org/security/gitlab!780

Merge branch 'security-specialized_project_share_worker_to_respect_access_level-13-2' into '13-2-stable-ee'

Specialized worker for project share to respect access level

See merge request gitlab-org/security/gitlab!769

Update GitLab Runner version

See merge request gitlab-org/security/gitlab!754

Fix XSS on jobs view

See merge request gitlab-org/security/gitlab!737

Revoke OAuth grants when a user revokes an application

See merge request gitlab-org/security/gitlab!760

Add a prohibited branches system

See merge request gitlab-org/security/gitlab!763

Verify confirmed email for OAuth Authorize POST endpoint

See merge request gitlab-org/security/gitlab!740