[ci skip]

[ci skip]

Prevent fetching repository code with unauthorized ci token

See merge request gitlab-org/security/gitlab!589

Users have ability to fetch other projects' code via gitlab-ci-token.
This permission is controlled by "build_download_code".
However, this permission is not prevented when "repository_disabled"
for the users. This commit fixes this.

Fix expired SSL cert in PagesDomain test

See merge request gitlab-org/gitlab!33462

[ci skip]

[ci skip]

Prepare 12.10.8-ee release

See merge request gitlab-org/gitlab!33328

Michael Kozono authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Merge branch '215616-geo-synchronisation-status-is-empty-when-nothing-is-synchronised' into 'master'

Geo: Fix empty synchronisation status when nothing is synchronised

Closes #215616

See merge request gitlab-org/gitlab!30710

(cherry picked from commit d59c866b)

a0b7c619 Geo: Synchronisation status is empty when nothing is synchronised
15fc37c9 Apply suggestion to...

Ash McKenzie authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Fix 404s downloading latest build artifacts

Closes #216055

See merge request gitlab-org/gitlab!32741

(cherry picked from commit 9f967024)

8a3879f3 Fix 404s downloading latest build artifacts

Douglas Barbosa Alexandre authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Resolve "Geo: Design thumbnails are not replicated"

Closes #218557

See merge request gitlab-org/gitlab!32703

(cherry picked from commit 64ae30b5)

56c14674 Add design thumbnails to Geo upload types
a17fc5d4 Apply suggestion to ee/spec/lib/gitlab/geo/replication/base_transfer_spec.rb
1bec3bd7 Apply suggestion to ee/spec/lib/gitlab/geo/replication/base_transfer_spec.rb
d7ffd8fa Add changelog entry

[ci skip]

[ci skip]

Fix failing user spec

See merge request gitlab-org/security/gitlab!552

Assures that user.emails is not empty

Added data integrity check before update

See merge request gitlab-org/security/gitlab!476

Display only verified emails on notifications page

See merge request gitlab-org/security/gitlab!549

Limit resources when processing artifacts metadata - gitlab-rails

See merge request gitlab-org/security/gitlab!532

Add an extra validation to Static Site Editor payload

See merge request gitlab-org/security/gitlab!498

Substitute variables using gsub in Prometheus proxy API

See merge request gitlab-org/security/gitlab!470

Fix email confirmation bug when soft email confirmation is enabled

See merge request gitlab-org/security/gitlab!516

Require confirmed email address for GitLab OAuth authentication

See merge request gitlab-org/security/gitlab!536

Merge branch 'security-fix-group-domain-allowed-email-should-be-verified-12-10' into '12-10-stable-ee'

Allow only verified user to be members of group with domain restriction

See merge request gitlab-org/security/gitlab!543

Respect forked projects permissions

See merge request gitlab-org/security/gitlab!437

Do not auto-confirm email in Trial registration

See merge request gitlab-org/security/gitlab!509

Hide EKS secret key in admin integrations settings

See merge request gitlab-org/security/gitlab!546

Fix file enuming using Group Import

See merge request gitlab-org/security/gitlab!485

Fix security issue in mermaid markdown

See merge request gitlab-org/security/gitlab!478

Scott Stern authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

Add data attr to close issue link
and avoid getting url from href
which can be set via mermaid

Prevent XSS in the monitoring dashboard

See merge request gitlab-org/security/gitlab!453

Jose Ivan Vargas Lopez authored 4 years ago and GitLab Release Tools Bot committed 4 years ago

This prevents the branch name from the duplicate
dashboard modal to execute XSS scripts

Do not expose Kubernetes cluster token

See merge request gitlab-org/security/gitlab!504