[merge-train skip]

[ci skip]

[ci skip]

Update ruby-saml and omniauth-saml

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/166197



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Drew Blessing <drew@gitlab.com>
Approved-by: Harsha Muralidhar <hmuralidhar@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: Drew Blessing <drew@gitlab.com>

[merge-train skip]

[ci skip]

[ci skip]

Backport add Rake task to show token expiration info

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/159414



Merged-by: John Skarbek <jskarbek@gitlab.com>
Approved-by: Jon Glassman <jglassman@gitlab.com>
Approved-by: Sofia Vistas <svistas@gitlab.com>
Approved-by: Imre Farkas <ifarkas@gitlab.com>
Reviewed-by: Imre Farkas <ifarkas@gitlab.com>
Co-authored-by: smriti <sgarg@gitlab.com>
Co-authored-by: Stan Hu <stanhu@gmail.com>
Co-authored-by: Jon Glassman <jglassman@gitlab.com>

This task adds a Rake task `gitlab:tokens:analyze` and gives
a readout to the admin about:

- When the migration in 16.0 for
  https://gitlab.com/gitlab-org/gitlab/-/issues/369123 started and
  finished

- The top 10 expiration dates
  (https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157782)
  https://gitlab.com/gitlab-org/gitlab/-/issues/467313

There should be a strong correlation with the migration dates and the
expiration dates. Seeing both of them together helps focus on the
tokens that were assigned an `expires_at` field in the background
migration.

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/467313

Changelog: added

Add a banner informing about token expiration (16.1)

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/158476



Merged-by: John Skarbek <jskarbek@gitlab.com>
Approved-by: Imre Farkas <ifarkas@gitlab.com>
Approved-by: Richard Chong <rchong@gitlab.com>
Co-authored-by: Eduardo Sanz García <esanz-garcia@gitlab.com>
Co-authored-by: Savas Vedova <svedova@gitlab.com>

Display a banner to all users, similar to broadcast banners, for GitLab
version between 16.0 and 17.0, both included. The banner informs about
upcoming expiration of tokens and how to troubleshoot the expiration.

The banner is dismissable. The data is persisted in the browser cookie
and expires in one year from the date it has been dismissed. Like other
broadcast banners, if the user opens an incognito window the banner
reappears.

Changelog: changed

Do not enqueue PAT expiry enforcement migration

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153448



Merged-by: John Skarbek <jskarbek@gitlab.com>
Approved-by: Alper Akgun <aakgun@gitlab.com>
Approved-by: Smriti Garg <sgarg@gitlab.com>
Approved-by: Sofia Vistas <svistas@gitlab.com>
Co-authored-by: Imre Farkas <ifarkas@gitlab.com>
Co-authored-by: agius <andrew@atevans.com>

Changelog: changed

Fix order-dependent test failure in loose_foreign_keys_spec.rb

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/160238



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: pkanellidis <pkanellidis@gitlab.com>

Changelog: other

Prevent starting multiple Capybara proxy servers

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/156435



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: Heinrich Lee Yu <heinrich@gitlab.com>

Update an expired test certificate

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/156403



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: Vasilii Iakliushin <viakliushin@gitlab.com>

This code is run every time a new Capybara browser session is started.
Running this code multiple times causes subsequent feature specs to slow
down considerably.

Contributes to
https://gitlab.com/gitlab-org/quality/engineering-productivity/master-broken-incidents/-/issues/6747

**Problem**

The previous certificate that was used in tests got expired. As a result
tests started failing with "tls: failed to verify certificate: x509:
certificate has expired or is not yet valid: current time
2024-06-07T06:16:03Z is after 2024-06-07T04:31:24Z"

**Solution**

Reissue a certificate with an expiration date "Aug 24 09:26:29 2032 GMT"

Changelog: fixed

Fix flaky specs in 16-1-stable-ee

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/154617



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Nao Hashizume <nhashizume@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: Lin Jen-Shin <jen-shin@gitlab.com>
Co-authored-by: Stan Hu <stanhu@gmail.com>

This test was failing because `Feature.enabled?(:redis_hll_tracking)`
was called in the migration and expecting the `feature_names` database
table to be accessed. However, it wasn't accessed for two reasons:

1. In tests we stub out feature flag access and use an in-memory
cache. However, even though the test had `stub_feature_flags: false`
set in the metadata, a stale `Feature` was still memoized and had to be
cleared out.

2. With the feature flag stubs disabled, this enabled the Redis cache
for feature flags. We need to clear this out between tests to ensure
the database is hit.

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/416143

Fix Geo migration spec

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/154494



Merged-by: Stan Hu <stanhu@gmail.com>
Approved-by: Rémy Coutable <remy@rymai.me>
Co-authored-by: agius <andrew@atevans.com>

The test was failing in CI because the Geo CI job artifact registry
had cached the newer state of the columns that no longer had the
`success` column. `migrate!` doesn't reset the column information.
This change resets the state so that the migration spec passes.

Remove build-gdk-image and e2e:test-on-gdk jobs for 16.1

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/154452



Merged-by: Stan Hu <stanhu@gmail.com>
Co-authored-by: David Dieulivol <ddieulivol@gitlab.com>
Co-authored-by: Mehmet Emin INAC <minac@gitlab.com>
Co-authored-by: Nao Hashizume <nhashizume@gitlab.com>

Fix broken master

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/145948



Merged-by: Mehmet Emin INAC <minac@gitlab.com>
Approved-by: Doug Stull <dstull@gitlab.com>

[merge-train skip]

[merge-train skip]

[ci skip]

[ci skip]

User password reset accepts multiple email addresses

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3798



Merged-by: Ahmad Tolba <atolba@gitlab.com>
Approved-by: Bogdan Denkovych <bdenkovych@gitlab.com>
Approved-by: Imre Farkas <ifarkas@gitlab.com>
Co-authored-by: Bogdan Denkovych <bdenkovych@gitlab.com>
Co-authored-by: Aboobacker MK <akarakath@gitlab.com>
Co-authored-by: Rémy Coutable <remy@rymai.me>
Co-authored-by: Drew Blessing <drew@gitlab.com>

Aboobacker MK authored 1 year ago and Ahmad Tolba committed 1 year ago

Merge branch 'security-dblessing_password_reset-16-1' into '16-1-stable-ee'

See merge request gitlab-org/security/gitlab!3798

Changelog: security

[merge-train skip]

[ci skip]

[ci skip]

Add authorization checks to import status endpoint

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3515



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Dylan Griffith <dyl.griffith@gmail.com>
Approved-by: Luke Duncalfe <lduncalfe@gitlab.com>
Co-authored-by: bmarjanovic <bmarjanovic@gitlab.com>

Bojan Marjanović authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-415117-confidential-issue-16-1' into '16-1-stable-ee'

See merge request gitlab-org/security/gitlab!3515

Changelog: security