Gitlab XSS in markdown preview page

See merge request gitlab/gitlabhq!3400

Merge branch 'security-12717-fix-confidential-issue-assignee-visible-to-guests-12-1' into '12-1-stable'

Display only participants that user has permission to see

See merge request gitlab/gitlabhq!3403

Prevent Bypassing Email Verification using Salesforce

See merge request gitlab/gitlabhq!3407

Only render fixed number of mermaid blocks

See merge request gitlab/gitlabhq!3413

Hide disabled project milestones in project settings on group level

See merge request gitlab/gitlabhq!3416

Redirect user to root path after unsubscribing from private resource

See merge request gitlab/gitlabhq!3418

Add policy check if cross reference system notes are accessible

See merge request gitlab/gitlabhq!3428

Cancel all running CI jobs when user is blocked

See merge request gitlab/gitlabhq!3438

Filter not accessible label events

See merge request gitlab/gitlabhq!3442

Add argument to catch

See merge request gitlab-org/gitlab-ee!15911

Label events may use cross-project or cross-group references,
if the projects are not accessible by user, we don't show these
label events.

This prevents a MITM attack where attacker could
still access Git repository if any jobs were
running long enough.

If user unsubsrcribes from a resource that they no longer have
access to they should not be revealed the resource path, but be
redirected to app root instead.

https://gitlab.com/gitlab-org/gitlab-ce/issues/64938

[ci skip]

[ci skip]

Prepare 12.1.10 release

See merge request gitlab-org/gitlab-foss!32979

Mayra Cabrera authored 5 years ago and John Jarvis committed 5 years ago

Fix order-dependent spec failures with reCAPTCHA

Closes #67133

See merge request gitlab-org/gitlab-ce!32771

[12-1-stable] Re-add ignore_column for import columns

See merge request gitlab-org/gitlab-foss!32977

This `ignore_column` was present for a while but recently removed, but
to ensure we don't get error 500s let's keep it for a while.

Fix rubocop offences and add changelog

Add email_verified key for feature specs

Add code review remarks

Add code review remarks

Fix specs

[ci skip]

Set max-age and secure flag for pages auth cookies

See merge request gitlab/gitlabhq!3380

Update mermaid to avoid xss surface area. The newer release
restricts script tags to be embedded in mermaid blocks.

[ci skip]

Jan Provaznik authored 5 years ago and John Skarbek committed 5 years ago

Merge branch '66641-broken-master-real-http-connections-are-disabled-unregistered-request' into 'master'

Use `stub_full_request` to fix spec failure

Closes #66641

See merge request gitlab-org/gitlab-ce!32259

This reverts commit 4f6293e2.

Return NO_ACCESS if user is nil

See merge request gitlab/gitlabhq!3389