[ci skip]

[ci skip]

Prepare 13.2.9-ee release

See merge request gitlab-org/gitlab!41342

Drew Blessing authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Update the 2FA user check to use timestamps

See merge request gitlab-org/gitlab!41327

(cherry picked from commit a69a59e5)

ebb99365 Update the 2FA user check to use timestamps

Douglas Barbosa Alexandre authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Fix ActiveRecord::IrreversibleOrderError during restore from backup

See merge request gitlab-org/gitlab!40789

(cherry picked from commit 43afd667)

fc715de9 Fix ActiveRecord::IrreversibleOrderError during restore from backup
20015839 Move application setting schema check into create_from_defaults

Amy Qualls authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Remove premium tag from environment scope

See merge request gitlab-org/gitlab!39386

(cherry picked from commit 6aaddc4a)

cb247bac Remove premium tag from environment scope
9fc5a587 Fix broken anchors

Michael Kozono authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Geo - Create repository updated events when mirrors are updated

Closes #235674

See merge request gitlab-org/gitlab!39295

(cherry picked from commit 035c81a1)

8b2c59c6 Create Geo repository updated events when mirrors are updated
58e27660 Add CHANGELOG entry

Mike Jang authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Update when pages custom CA issue fixed

See merge request gitlab-org/gitlab!37270

(cherry picked from commit eec3ee25)

28005634 Update when pages custom CA issue fixed

Update docs in 13-2-stable-ee to support updated lint test

See merge request gitlab-org/gitlab!41131

[ci skip]

[ci skip]

Protect OAuth endpoints from brute force/password stuffing

See merge request gitlab-org/security/gitlab!790

Signed-off-by: Rémy Coutable <remy@rymai.me>

[ci skip]

[ci skip]

[ci skip]

Security check validity of repository mirror urls

See merge request gitlab-org/security/gitlab!832

Add scopes presence validation on OAuth Application creation

See merge request gitlab-org/security/gitlab!906

George Koltsov authored 4 years ago and Drew Blessing committed 4 years ago

- Update OAuth Applications controllers to disallow empty scopes
  application creation

2FA requirement bypass using the API

See merge request gitlab-org/security/gitlab!875

Set maximum limit for profile events

See merge request gitlab-org/security/gitlab!878

GitLab Runner version upgrade

See merge request gitlab-org/security/gitlab!885

Malicious user can block gitlab.com users by exploiting 2FA inheritance logic

See merge request gitlab-org/security/gitlab!802

Previously created sessions remain active after activating 2FA

See merge request gitlab-org/security/gitlab!864

Delete members invites created by users being deleted

See merge request gitlab-org/security/gitlab!829

Pre-generation & Static 2FA Authenticator Secret Code can cause risks to accounts

See merge request gitlab-org/security/gitlab!809

Disabled Repository functionality - Still Able To Access The Project Files and Container Registry via Deploy Token

See merge request gitlab-org/security/gitlab!888

Improper Access Control on Deploy-Key

See merge request gitlab-org/security/gitlab!891

Validate Snippet global id in GraphQL destroy mutation

See merge request gitlab-org/security/gitlab!775

Merge branch 'security-220-dblessing-revoke-remember-me-on-session-revocation-13-2' into '13-2-stable-ee'

Invalidate remember me when an active session is revoked

See merge request gitlab-org/security/gitlab!854

Rate limit on webhooks testing feature

See merge request gitlab-org/security/gitlab!828

Upgrade jQuery to v3.5

See merge request gitlab-org/security/gitlab!835