[merge-train skip]

[ci skip]

[ci skip]

[ci skip]

Fix prometheus DoS through Workhorse

See merge request gitlab-org/security/gitlab!1144

vshushlin authored 4 years ago and Mayra Cabrera committed 4 years ago

too long method name results in too long
prometheus label name, which can crash prometheus

Deny implicit flow for confidential apps

See merge request gitlab-org/security/gitlab!1139

Set all trusted OAuth apps as confidential

See merge request gitlab-org/security/gitlab!1150

Fix regex backtracking issue in package_name_regex

See merge request gitlab-org/security/gitlab!1131

Fix stealing API token and Prometheus DoS through GitLab Pages

See merge request gitlab-org/security/gitlab!1136

vshushlin authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

It includes 2 security fixes

Update non-negative integer regex to protect against regex DoS

See merge request gitlab-org/security/gitlab!1129

Forbid public cache for private repos

See merge request gitlab-org/security/gitlab!1147

Vitaly Slobodin authored 4 years ago and Mayra Cabrera committed 4 years ago

Fix details_page/details_header_spec time dependent spec

See merge request gitlab-org/gitlab!50739

Ash McKenzie authored 4 years ago and Mayra Cabrera committed 4 years ago

Add project pipeline statistics test case for variable length months

See merge request gitlab-org/gitlab!50704

Migrate all trusted apps to confidential to avoid
potential access token leak abusing implicit flow

When project is public but the repository is private, we don't
want to cache it as public. In this case, anybody will be able
to see the cached version of the private content during 60s
after an eligible user has viewed it.

The regex now uses "Atomic Groups" to make sure there is no backtracking
and no performance issues on malicious package names

[merge-train skip]

[ci skip]

[ci skip]

[ci skip]

Prepare 13.7.1-ee release

See merge request gitlab-org/gitlab!50468

Run test at a fixed time

See merge request gitlab-org/gitlab!50487

Igor Drozdov authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Fix error for projects without security setting

See merge request gitlab-org/gitlab!50490

(cherry picked from commit da7bb81a)

6751d292 Fix error for projects without security setting
115f1801 Add changelog entry
9768c996 Apply 1 suggestion(s) to 1 file(s)

Albert Salim authored 4 years ago and Patrick Bajao committed 4 years ago

Due to how HLLRedisCounter#weekly_redis_keys converts
dates to calendar week, it would result in an empty
array when the calendar week of end_date occurs before
the calendar week of start_date.

For example, given start_date 2020-12-01 and
end_date 2021-01-01, the calendar week would be reversed,
resulting in empty array from #weekly_redis_keys

Mayra Cabrera authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Geo: Fix LFS for location-aware Git URL

See merge request gitlab-org/gitlab!50415

(cherry picked from commit 06d696a2)

467b9e5d Geo: Fix LFS for single Git URL

Stan Hu authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Always generate unique name for `DastSiteProfile` in specs

See merge request gitlab-org/gitlab!50361

(cherry picked from commit a6686e3a)

48a963a1 Always generate unique name for `DastSiteProfile` in specs
65756a48 Truncate the sample data to prevent validation failure

Alper Akgun authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Fix Redis HLL weekly keys

See merge request gitlab-org/gitlab!50358

(cherry picked from commit f6dab47b)

faf9de1a Fix redis weekly keys
d1317518 Fixed unique_events test for shared_examples
975c9ee8 Add tests for correct weekly redis keys
5e4cd617 Add usage ping tests for critical weeks
48dd729c Add 2 more tests for weekly keys

Amy Qualls authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Improve AWS EKS troubleshooting documentation

See merge request gitlab-org/gitlab!50336

(cherry picked from commit 8b6e8944)

04755790 Improve AWS EKS troubleshooting documentation
e2cbae1d Add blurb about supporting instance profiles
98962c29 Add screenshot of AWS console for troubleshooting
8376d8b5 Annotate loop section in Mermaid diagram
5a64702c Formatting tweak with instance profile introduction
6358c56d Apply 1 suggestion(s) to 1 file(s)
253117b3 Clarify Service Role and Kubernetes service account
8fd1fb4b Revisions for tone and style
048203c1 Update image to better aspect ratio
03c19c8e Apply 1 suggestion(s) to 1 file(s)

Marcia Ramos authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Update automation instructions for DB setup

See merge request gitlab-org/gitlab!50333

(cherry picked from commit 93c76ac4)

fdec8ca6 Update automation instructions for DB setup
a8ffe3d8 Update doc/development/rake_tasks.md
cf4c6abd Update doc/development/rake_tasks.md
d057f8b3 Apply 1 suggestion(s) to 1 file(s)

David O'Regan authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Fix DAST profiles deletion

See merge request gitlab-org/gitlab!50271

(cherry picked from commit 04dd5762)

556644e1 Fix DAST profiles deletion

Marcin Sedlak-Jakubowski authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Add roadmap filters to docs (FF enabled)

See merge request gitlab-org/gitlab!50202

(cherry picked from commit 68a12323)

ce2c6b44 Add roadmap filters to docs
12b3cdb9 Add roadmap filter image
8d03ec5a Remove extra blank line
3897c6e8 Roadmaps doc edits
ba2da04b Rename roadmaps image
854c45b5 Add feature flag info
d06dc53c Create a new section for filtering and sorting
ca131fe1 Add "roadmap" to spelling exceptions
1b0a885e Style and typo fixes
cd31daf6 Apply 1 suggestion(s) to 1 file(s)
795264cd Apply 1 suggestion(s) to 1 file(s)

Shinya Maeda authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Fix project transfer corrupting shared runners state

See merge request gitlab-org/gitlab!47316

(cherry picked from commit 2a9cfa06)

3cec4826 Fix project transfer corrupting shared runners state
f87a1221 Apply 1 suggestion(s) to 1 file(s)
1761fd0a squash!
4577aefd squash!
64eb1ae7 squash!
4b73a59e squash!
d7714ddb squash!

[merge-train skip]

[ci skip]

[ci skip]

[ci skip]