Add latest changes from gitlab-org/gitlab@12-4-stable-ee

97a41ac6 · GitLab Bot · 6051a4b2 · 97a41ac6 · 97a41ac6 · 97a41ac6
Commit 97a41ac6 authored 5 years ago by GitLab Bot
--- a/CHANGELOG-EE.md
+++ b/CHANGELOG-EE.md
 Please view this file on the master branch, on stable branches it's out of date.
  
+## 12.4.5
+
+- No changes.
+
+## 12.4.4
+
+### Security (6 changes)
+
+- Protect Jira integration endpoints from guest users.
+- Fix private comment Elasticsearch leak on project search scope.
+- Filter snippet search results by feature visibility.
+- Hide AWS secret on Admin Integration page.
+- Fail pull mirror when mirror user is blocked.
+- Prevent IDOR when adding users to protected environments.
+
+
 ## 12.4.3
  
 ### Fixed (2 changes)

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,17 +8,20 @@ entry.
  
 ## 12.4.4
  
-### Security (9 changes)
+### Security (12 changes)
  
- Check permissions before showing a forked project's source.
+- Do not create todos for approvers without access. !1442
+- Limit potential for DNS rebind SSRF in chat notifications.
 - Encrypt application setting tokens.
 - Update Workhorse and Gitaly to fix a security issue.
+- Add maven file_name regex validation on incoming files.
 - Hide commit counts from guest users in Cycle Analytics.
- Limit potential for DNS rebind SSRF in chat notifications.
+- Check permissions before showing a forked project's source.
 - Fix 500 error caused by invalid byte sequences in links.
 - Ensure are cleaned by ImportExport::AttributeCleaner.
 - Remove notes regarding Related Branches from Issue activity feeds for guest users.
 - Escape namespace in label references to prevent XSS.
+- Add authorization to using filter vulnerable in Dependency List.
  
  
 ## 12.4.3

--- a/VERSION
+++ b/VERSION
-12.4.5
+12.4.5-ee
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -701,6 +701,9 @@ msgstr ""
 msgid "API Token"
 msgstr ""
  
+msgid "AWS Secret Access Key"
+msgstr ""
+
 msgid "Abort"
 msgstr ""
  
@@ -6129,6 +6132,9 @@ msgstr ""
 msgid "Enter merge request URLs"
 msgstr ""
  
+msgid "Enter new AWS Secret Access Key"
+msgstr ""
+
 msgid "Enter the issue description"
 msgstr ""
  

--- a/spec/features/groups/settings/group_badges_spec.rb
+++ b/spec/features/groups/settings/group_badges_spec.rb
@@ -7,8 +7,9 @@ describe 'Group Badges' do
  
  let(:user) { create(:user) }
  let(:group) { create(:group) }
-  let(:badge_link_url) { 'https://gitlab.com/gitlab-org/gitlab/commits/master'}
-  let(:badge_image_url) { 'https://gitlab.com/gitlab-org/gitlab/badges/master/build.svg'}
+  let(:project) { create(:project, namespace: group) }
+  let(:badge_link_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/commits/master" }
+  let(:badge_image_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/badges/master/pipeline.svg" }
  let!(:badge_1) { create(:group_badge, group: group) }
  let!(:badge_2) { create(:group_badge, group: group) }
  

--- a/spec/features/projects/settings/project_badges_spec.rb
+++ b/spec/features/projects/settings/project_badges_spec.rb
@@ -8,8 +8,8 @@ describe 'Project Badges' do
  let(:user) { create(:user) }
  let(:group) { create(:group) }
  let(:project) { create(:project, namespace: group) }
-  let(:badge_link_url) { 'https://gitlab.com/gitlab-org/gitlab/commits/master'}
-  let(:badge_image_url) { 'https://gitlab.com/gitlab-org/gitlab/badges/master/build.svg'}
+  let(:badge_link_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/commits/master" }
+  let(:badge_image_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/badges/master/pipeline.svg" }
  let!(:project_badge) { create(:project_badge, project: project) }
  let!(:group_badge) { create(:group_badge, group: group) }