Add latest changes from gitlab-org/gitlab@12-3-stable-ee

CHANGELOG-EE.md

 Please view this file on the master branch, on stable branches it's out of date.
+## 12.3.8
+
+- No changes.
+
+## 12.3.7
+
+### Security (6 changes)
+
+- Protect Jira integration endpoints from guest users.
+- Fix private comment Elasticsearch leak on project search scope.
+- Filter snippet search results by feature visibility.
+- Hide AWS secret on Admin Integration page.
+- Fail pull mirror when mirror user is blocked.
+- Prevent IDOR when adding users to protected environments.
+
+
 ## 12.3.6
 ### Security (4 changes)

CHANGELOG.md

@@ -8,17 +8,20 @@ entry.
 ## 12.3.7
-### Security (9 changes)
-- Check permissions before showing a forked project's source.
+### Security (12 changes)
+- Do not create todos for approvers without access. !1442
+- Limit potential for DNS rebind SSRF in chat notifications.
 - Encrypt application setting tokens.
 - Update Workhorse and Gitaly to fix a security issue.
+- Add maven file_name regex validation on incoming files.
 - Hide commit counts from guest users in Cycle Analytics.
-- Limit potential for DNS rebind SSRF in chat notifications.
+- Check permissions before showing a forked project's source.
 - Fix 500 error caused by invalid byte sequences in links.
 - Ensure are cleaned by ImportExport::AttributeCleaner.
 - Remove notes regarding Related Branches from Issue activity feeds for guest users.
 - Escape namespace in label references to prevent XSS.
+- Add authorization to using filter vulnerable in Dependency List.
 ## 12.3.6

VERSION

-12.3.8
+12.3.8-ee

locale/gitlab.pot

@@ -666,6 +666,9 @@ msgstr ""
 msgid "API Token"
 msgstr ""
+msgid "AWS Secret Access Key"
+msgstr ""
+
 msgid "Abort"
 msgstr ""
@@ -5653,6 +5656,9 @@ msgstr ""
 msgid "Enter merge request URLs"
 msgstr ""
+msgid "Enter new AWS Secret Access Key"
+msgstr ""
+
 msgid "Enter the issue description"
 msgstr ""

spec/features/groups/settings/group_badges_spec.rb

@@ -7,8 +7,9 @@ describe 'Group Badges' do
   let(:user) { create(:user) }
   let(:group) { create(:group) }
-  let(:badge_link_url) { 'https://gitlab.com/gitlab-org/gitlab/commits/master'}
-  let(:badge_image_url) { 'https://gitlab.com/gitlab-org/gitlab/badges/master/build.svg'}
+  let(:project) { create(:project, namespace: group) }
+  let(:badge_link_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/commits/master" }
+  let(:badge_image_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/badges/master/pipeline.svg" }
   let!(:badge_1) { create(:group_badge, group: group) }
   let!(:badge_2) { create(:group_badge, group: group) }

spec/features/projects/settings/project_badges_spec.rb

@@ -8,8 +8,8 @@ describe 'Project Badges' do
   let(:user) { create(:user) }
   let(:group) { create(:group) }
   let(:project) { create(:project, namespace: group) }
-  let(:badge_link_url) { 'https://gitlab.com/gitlab-org/gitlab/commits/master'}
-  let(:badge_image_url) { 'https://gitlab.com/gitlab-org/gitlab/badges/master/build.svg'}
+  let(:badge_link_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/commits/master" }
+  let(:badge_image_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/badges/master/pipeline.svg" }
   let!(:project_badge) { create(:project_badge, project: project) }
   let!(:group_badge) { create(:group_badge, group: group) }

spec/support/shared_examples/models/concern/issuable_shared_examples.rb

@@ -2,7 +2,7 @@ shared_examples_for 'matches_cross_reference_regex? fails fast' do
   it 'fails fast for long strings' do
     # took well under 1 second in CI https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/3267#note_172823
     expect do
-      Timeout.timeout(3.seconds) { mentionable.matches_cross_reference_regex? }
+      Timeout.timeout(6.seconds) { mentionable.matches_cross_reference_regex? }
     end.not_to raise_error
   end
 end