[merge-train skip]

[ci skip]

[ci skip]

[ci skip]

Sanitize target branch

See merge request gitlab-org/security/gitlab!1202

Add routes for unmatched url for not-get requests

See merge request gitlab-org/security/gitlab!1126

Fix DNS rebinding protection for Outbound Requests

See merge request gitlab-org/security/gitlab!1192

Filter sensitive variables from GraphQL logs

See merge request gitlab-org/security/gitlab!1186

Sanitize XSS in Epic milestone due date

See merge request gitlab-org/security/gitlab!1160

Remove Kubernetes IP address from errors returned in Threat Monitoring

See merge request gitlab-org/security/gitlab!1158

Avoid exposing release links when the user cannot read git-tag/repository

See merge request gitlab-org/security/gitlab!1170

Sanitized the target branch to prevent XSS

This fixes DNS rebinding protection bypass when allowing an IP address
in Outbound Requests setting.

[merge-train skip]

[ci skip]

[ci skip]

[ci skip]

Prepare 13.7.5-ee release

See merge request gitlab-org/gitlab!52366

Mayra Cabrera authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Fix LFS not working with S3 specific-storage settings

See merge request gitlab-org/gitlab!52296

(cherry picked from commit 8066d3d2)

da419833 Fix LFS not working with S3 specific-storage settings

Martin Wortschack authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Only use top level groups in devops adoption

See merge request gitlab-org/gitlab!51565

(cherry picked from commit deccc605)

36bf03d5 DA fetch top level groups

Vitaly Slobodin authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Fix brand_new_project_guidelines not being displayed

See merge request gitlab-org/gitlab!50736

(cherry picked from commit d921fc2f)

495e4e2b Fix new project page by adding brand_new_project_guidelines again
4a11e413 Apply 2 suggestion(s) to 1 file(s)
d6e37df1 Apply 2 suggestion(s) to 1 file(s)

This uses the same config we setup for config.filter_parameters

Add changelog entry

Fix typo in routes

Fix git http spec

Fix uploads routing spec

Add matchers only to project facing paths

Add more specs for new routes

Add different shared examples

Fix rubocop offence

Add failure message to new matcher

Add cr remarks

Add cr remarks

[merge-train skip]

[ci skip]

[ci skip]

[ci skip]

Deny implicit flow for confidential apps

See merge request gitlab-org/security/gitlab!1166

This commit fixes the security vulnerability that guest
can read git-tag through release links.

[merge-train skip]

[ci skip]

[ci skip]

[ci skip]

Prepare 13.7.3-ee release

See merge request gitlab-org/gitlab!51125

Merge branch '289925-subscription-expiration-banner-not-dismissable' into 'master'

See merge request gitlab-org/gitlab!51150

Jake Burden authored 4 years ago and Mayra Cabrera committed 4 years ago

Fix(eetrialbanner): fix EE trial banner to allow dismiss

See merge request gitlab-org/gitlab!50436

Merge branch '13-7-stable-ee-patch_10io-fix-graphql-container-repository-tag-size-type' into '13-7-stable-ee-patch-3'

Fix the graphQL type for container repository tags

See merge request gitlab-org/gitlab!51141

Properly encode the total size as a BigInt