Commits · v13.7.8-ee · ci-test-user-mk / GitLab

Mar 04, 2021
- Update VERSION files · ded43137
  GitLab Release Tools Bot authored 4 years ago
  
  [merge-train skip]
  View commits for tag v13.7.8-ee v13.7.8-ee
  
  ded43137
- Update CHANGELOG.md for 13.7.8-ee · c91bf5de
  GitLab Release Tools Bot authored 4 years ago
  
  [ci skip]
  c91bf5de
- Update CHANGELOG-EE.md for 13.7.8-ee · b3343918
  GitLab Release Tools Bot authored 4 years ago
  
  [ci skip]
  b3343918
- Update Gitaly version to 13.7.8 · 11eb7fe5
  GitLab Release Tools Bot authored 4 years ago
  
  [ci skip]
  11eb7fe5
Mar 03, 2021
- Merge branch 'security-jv-workhorse-router-13-7' into '13-7-stable-ee' · 866d698e
  Robert Speicher authored 4 years ago
  
  Workhorse: prevent escaped router path traversal See merge request gitlab-org/security/gitlab!1267
  866d698e
- Merge branch 'security-clean-up-active-sessions-13-7' into '13-7-stable-ee' · 3e846cdb
  GitLab Release Tools Bot authored 4 years ago
  
  Clean up active session file See merge request gitlab-org/security/gitlab!1271
  3e846cdb
- Clean up active session file · d99b0c31
  mksionek authored 4 years ago and GitLab Release Tools Bot committed 4 years ago
  
  From to-do items Remove binding.pry Fix warden to-do Add warden guard clause Add changelog entry Change naming in changelog
  d99b0c31
- Merge branch 'security-upgrade-swagger-ui-13-7' into '13-7-stable-ee' · 08a57b0a
  GitLab Release Tools Bot authored 4 years ago
  
  Bump swagger-ui-dist version See merge request gitlab-org/security/gitlab!1278
  08a57b0a
- Merge branch 'security-bvl-update-thrift-gem-13-7' into '13-7-stable-ee' · 6b5b744b
  GitLab Release Tools Bot authored 4 years ago
  
  Bump thrift to 0.14.0 See merge request gitlab-org/security/gitlab!1274
  6b5b744b
- Merge branch 'security-ci-api-variables-permissions-13-7' into '13-7-stable-ee' · 3d9061b2
  GitLab Release Tools Bot authored 4 years ago
  
  Allow only group owners to manage group variables See merge request gitlab-org/security/gitlab!1258
  3d9061b2
- Update vendored workhorse to v8.58.4 · 16c61938
  Patrick Bajao authored 4 years ago
  
  16c61938
- Update GITLAB_WORKHORSE_VERSION · 6bf1e868
  Patrick Bajao authored 4 years ago
  
  6bf1e868
- Update VERSION to 8.58.4 · 048f6049
  Alessio Caiazza authored 4 years ago
  
  048f6049
- Update CHANGELOG for 8.58.4 · d46ede17
  Alessio Caiazza authored 4 years ago
  
  [ci skip]
  d46ede17
- Merge branch 'security-remove-validate-path-logging-8-58' into '8-58-stable' · 6d28fcb2
  Alessio Caiazza authored 4 years ago
  
  Stop logging when path is excluded See merge request gitlab-org/security/gitlab-workhorse!33
  6d28fcb2
- Stop logging when path is excluded · de415b01
  Patrick Bajao authored 4 years ago
  
  This causes logging a lot and reporting to sentry which can cause performance issues.
  de415b01
Mar 01, 2021
- Bump swagger-ui-dist version · 754c1be7
  Jacques Erasmus authored 4 years ago
  
  Bumped the swagger-ui-dist version to the latest
  754c1be7
Feb 25, 2021

Bob Van Landuyt authored 4 years ago

This is a minor bump of the thrift gem. This is a dependency of labkit
through jaeger-client

c2931429

Feb 24, 2021
- Update vendored workhorse to v8.58.3 · 122facc6
  Jacob Vosmaer (GitLab) authored 4 years ago
  
  122facc6
- Use Workhorse 8.58.3 · 0794d71e
  Jacob Vosmaer (GitLab) authored 4 years ago
  
  0794d71e
- Update VERSION to 8.58.3 · fec2cc97
  Patrick Bajao authored 4 years ago
  
  fec2cc97
- Update CHANGELOG for 8.58.3 · d3ffb246
  Patrick Bajao authored 4 years ago
  
  [ci skip]
  d3ffb246
- Merge branch 'jv-router-escape-path-8-58' into '8-58-stable' · 0ddefb0b
  Patrick Bajao authored 4 years ago
  
  Use URL.EscapePath() in upstream router (8-58-stable) See merge request gitlab-org/security/gitlab-workhorse!26
  0ddefb0b
Feb 23, 2021
- Use URL.EscapePath() in upstream router · 338be934
  Jacob Vosmaer (GitLab) authored 4 years ago
  
  338be934
Feb 19, 2021

Allow only group owners to manage group variables · 1108e755

Marius Bobin authored 4 years ago

Before this change we were allowing maintainers to manage
group variables even though our permissions page list only owners.

Unverified

1108e755

Feb 11, 2021
- Merge remote-tracking branch 'dev/13-7-stable-ee' into 13-7-stable-ee · 4cb37bd2
  GitLab Release Tools Bot authored 4 years ago
  
  4cb37bd2
- Update VERSION files · 1bb1e615
  GitLab Release Tools Bot authored 4 years ago
  
  [merge-train skip]
  View commits for tag v13.7.7-ee v13.7.7-ee
  
  1bb1e615
- Update CHANGELOG.md for 13.7.7-ee · a8ef1b65
  GitLab Release Tools Bot authored 4 years ago
  
  [ci skip]
  a8ef1b65
- Update CHANGELOG-EE.md for 13.7.7-ee · 81a6da4f
  GitLab Release Tools Bot authored 4 years ago
  
  [ci skip]
  81a6da4f
- Update Gitaly version to 13.7.7 · 965d6f03
  GitLab Release Tools Bot authored 4 years ago
  
  [ci skip]
  965d6f03
Feb 10, 2021
- Merge branch 'security-limit-fscanl-13-7' into '13-7-stable-ee' · 825326da
  Mayra Cabrera authored 4 years ago
  
  Prevent Denial of Service Attack on gitlab-shell See merge request gitlab-org/security/gitlab!1199
  825326da
- Merge branch... · 7cd703b0
  Mayra Cabrera authored 4 years ago
  
  Merge branch 'security-respect-analytics-enabled-rule-for-project-level-analytics-features-13-7' into '13-7-stable-ee' Respect analytics_enabled policy rule See merge request gitlab-org/security/gitlab!1228
  7cd703b0
- Merge branch 'security-ssl-verification-ftc-13-7' into '13-7-stable-ee' · 9e43ab91
  Mayra Cabrera authored 4 years ago
  
  Always perform SSL verification for FortiTokenCloud Integration See merge request gitlab-org/security/gitlab!1189
  9e43ab91
- Merge branch 'security-ssrf-prometheus-iap-13-7' into '13-7-stable-ee' · d5eaea4a
  GitLab Release Tools Bot authored 4 years ago
  
  Prevent SSRF requests for Prometheus when secured by Google IAP See merge request gitlab-org/security/gitlab!1234
  d5eaea4a
- Merge branch 'security-fix-unauthenticated-lint-13-7' into '13-7-stable-ee' · 4cc64695
  GitLab Release Tools Bot authored 4 years ago
  
  Change authorization policy for /lint See merge request gitlab-org/security/gitlab!1212
  4cc64695
- Merge branch 'security-check-user-access-on-api-mr-read-actions-13.7' into '13-7-stable-ee' · e7cbaa54
  GitLab Release Tools Bot authored 4 years ago
  
  Security check user access on API mr read actions See merge request gitlab-org/security/gitlab!1206
  e7cbaa54
- Merge branch 'security-confidential-titles-13-7' into '13-7-stable-ee' · a91ab2ab
  GitLab Release Tools Bot authored 4 years ago
  
  Prevent exposure of confidential issue titles in file browser See merge request gitlab-org/security/gitlab!1222
  a91ab2ab
- Merge branch 'security-cancel-pipelines-for-deleted-project-13-7' into '13-7-stable-ee' · 3576e936
  GitLab Release Tools Bot authored 4 years ago
  
  Cancel alive jobs on project deletion [RUN ALL RSPEC] [RUN AS-IF-FOSS] See merge request gitlab-org/security/gitlab!1246
  3576e936
- Cancel all cancelable jobs on project delete · 22935077
  Allison Browne authored 4 years ago and GitLab Release Tools Bot committed 4 years ago
  
  To avoid using runner resources on deleted projects we cancel all cancelable jobs as the first step in deletion
  22935077
- Merge branch 'security-300273-safe-geo-gl-id-13-7' into '13-7-stable-ee' · f68f868a
  GitLab Release Tools Bot authored 4 years ago
  
  Geo-GL-ID should be passed in JWT token so it's protected properly See merge request gitlab-org/security/gitlab!1217
  f68f868a

Admin message

Admin message