Commits · v14.3.5-ee · dDenys Mishunov / GitLab

Nov 26, 2021
- Update VERSION files · fc0a1471
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v14.3.5-ee v14.3.5-ee
  
  fc0a1471
- Update changelog for 14.3.5 · 37f4879e
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  37f4879e
- Update Gitaly version to 14.3.5 · 6d395549
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  6d395549
- Merge branch '14-3-stable-ee-patch-5' into '14-3-stable-ee' · da019fb3
  Henri Philipps authored 3 years ago
  
  Prepare 14.3.5-ee release See merge request gitlab-org/gitlab!75145
  da019fb3
- Merge branch 'shl-fix-2fa-e2e-tests' into 'master' · b3a98266
  Andrejs Cunskis authored 3 years ago
  
  Fix 2FA e2e tests by setting user password See merge request gitlab-org/gitlab!71528 (cherry picked from commit edd83af0) 04565a60 Set user password when enabling 2FA
  b3a98266
Nov 25, 2021
- Merge branch 'fix-registry-related-tests' into 'master' · e7a105f4
  Mark Lapierre authored 3 years ago and Sofia Vistas committed 3 years ago
  
  Fix registry related tests See merge request gitlab-org/gitlab!73825
  e7a105f4
- Merge branch 'object-storage-container-registry' into 'master' · 7bab97c8
  Mark Lapierre authored 3 years ago and Sofia Vistas committed 3 years ago
  
  Add container registry to object storage See merge request gitlab-org/gitlab!71905
  7bab97c8
Nov 23, 2021
- Allow SSO callbacks through maintenance mode · f9b25014
  John Skarbek authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74706 Changelog: fixed EE: true
  f9b25014
- Geo - Fix no repo error message for group-level wikis · 5560e012
  Michael Kozono authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74133 Changelog: fixed EE: true
  5560e012
- Prevent Git operations from checking replication lag on non-Geo-secondary sites · 35344d81
  Douglas Barbosa Alexandre authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/73952 Changelog: fixed EE: true
  35344d81
- Fix error 500 loading branch with UTF-8 characters with performance bar · 08b47c28
  Douglas Barbosa Alexandre authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/72925 Changelog: fixed
  08b47c28
- Remove defaultAuthors from MR Analytics and VSA · be95c921
  Jacques Erasmus authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/72492 Changelog: fixed
  be95c921
- Merge branch 'cat-sso-maintenance-mode-14-3' into '14-3-stable-ee' · d81d42af
  John Skarbek authored 3 years ago
  
  Allow SSO callbacks through maintenance mode See merge request gitlab-org/gitlab!74706
  d81d42af
Nov 17, 2021

Allow SSO callbacks through maintenance mode · 07277515

Catalin Irimie authored 3 years ago

When using other authentication methods, like SSO, LDAP,
the path and controllers are slightly different, as they
redirect back to a callback handled by Omniauth.

This adds the specific routes and controller to the allowlist
in the read-only middleware to allow them to go through.

Changelog: fixed
EE: true

07277515

Oct 28, 2021
- Merge remote-tracking branch 'dev/14-3-stable-ee' into 14-3-stable-ee · ac413c9c
  GitLab Release Tools Bot authored 3 years ago
  
  ac413c9c
- Update VERSION files · 3e776d83
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v14.3.4-ee v14.3.4-ee
  
  3e776d83
- Update changelog for 14.3.4 · e8044719
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  e8044719
- Update Gitaly version to 14.3.4 · d7e97149
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  d7e97149
Oct 27, 2021
- Merge branch... · 060bb070
  Reuben Pereira authored 3 years ago
  
  Merge branch 'security-518-fix-change-project-visibility-to-restricted-option-14-3' into '14-3-stable-ee' Change project visibility to a restricted option See merge request gitlab-org/security/gitlab!1904
  060bb070
- Merge branch 'security-337193-14-3' into '14-3-stable-ee' · 9f7cd4f5
  GitLab Release Tools Bot authored 3 years ago
  
  Highlight usage of unicode bidi characters See merge request gitlab-org/security/gitlab!1938
  9f7cd4f5
- Merge branch 'security-522-scim-token-is-still-viewable-after-creation-14-3' into '14-3-stable-ee' · c7951068
  GitLab Release Tools Bot authored 3 years ago
  
  SCIM token is still Viewable After Creation See merge request gitlab-org/security/gitlab!1907
  c7951068
- Merge branch 'security-28226-redact-groups-shared-with-14-3' into '14-3-stable-ee' · 7c690982
  GitLab Release Tools Bot authored 3 years ago
  
  Redact list of groups a project is shared with See merge request gitlab-org/security/gitlab!1798
  7c690982
- Redact list of groups a project is shared with · de22503b
  Alexis Kalderimis authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  de22503b
- Merge branch 'security-dompurify-normalize-path-14-3' into '14-3-stable-ee' · 1044ee23
  GitLab Release Tools Bot authored 3 years ago
  
  Fix path traversal issue with SVG hrefs See merge request gitlab-org/security/gitlab!1930
  1044ee23
- Merge branch 'security-id-workhorse-tiff-14-3' into '14-3-stable-ee' · 678e267b
  GitLab Release Tools Bot authored 3 years ago
  
  Avoid decoding the whole tiff image on isTIFF check See merge request gitlab-org/security/gitlab!1900
  678e267b
- Merge branch 'security-id-limit-uploading-files-14-3' into '14-3-stable-ee' · 3e609cdf
  GitLab Release Tools Bot authored 3 years ago
  
  Workhorse: Allow uploading only a single file See merge request gitlab-org/security/gitlab!1914
  3e609cdf
- Merge branch 'security-applications-api-scope-14-3' into '14-3-stable-ee' · fa6cdc06
  GitLab Release Tools Bot authored 3 years ago
  
  Do not allow Applications API to create apps with blank scopes See merge request gitlab-org/security/gitlab!1923
  fa6cdc06
- Merge branch 'security-project-group-share-on-group-transfer-14-3' into '14-3-stable-ee' · 03c9857a
  GitLab Release Tools Bot authored 3 years ago
  
  Refresh authorizations on transfer of groups having project shares See merge request gitlab-org/security/gitlab!1917
  03c9857a
- Merge branch 'security-mr-discussions-locked-fix-14-3' into '14-3-stable-ee' · 2102a66f
  GitLab Release Tools Bot authored 3 years ago
  
  Don't allow author to resolve discussions when MR is locked via GraphQL See merge request gitlab-org/security/gitlab!1920
  2102a66f
- Merge branch 'security-28074-root-passwork-in-migration-output-14-3' into '14-3-stable-ee' · 658838ab
  GitLab Release Tools Bot authored 3 years ago
  
  Never display the root password See merge request gitlab-org/security/gitlab!1803
  658838ab
- Merge branch 'security-516-namespace-path-cleaning-vulnerable-14-3' into '14-3-stable-ee' · 7dc3b63b
  GitLab Release Tools Bot authored 3 years ago
  
  Iterate over trailing space regex replacements See merge request gitlab-org/security/gitlab!1897
  7dc3b63b
- Merge branch 'security-297470-fix-public-email-disclosure-14-3-14-3' into '14-3-stable-ee' · b520ac9d
  GitLab Release Tools Bot authored 3 years ago
  
  Prevent private e-mail from being shown in webhook data See merge request gitlab-org/security/gitlab!1894
  b520ac9d
- Merge branch 'security-335191-use-verified-emails-to-avoid-bypass-14.3' into '14-3-stable-ee' · 0f7edf66
  GitLab Release Tools Bot authored 3 years ago
  
  Match with verified_email? rather than any_email?[RUN ALL RSPEC] [RUN AS-IF-FOSS] See merge request gitlab-org/security/gitlab!1882
  0f7edf66
- Merge branch 'security-guest-update-incident-severity-14-3' into '14-3-stable-ee' · a85d89b7
  GitLab Release Tools Bot authored 3 years ago
  
  Disallow guests to change severity on incidents See merge request gitlab-org/security/gitlab!1875
  a85d89b7
- Disallow guests to change severity on incidents · 77677fa8
  Peter Leitzen authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  77677fa8
- Merge branch 'security-337824-set-pipeline-schedule-default-14-3' into '14-3-stable-ee' · 17ce8e9a
  GitLab Release Tools Bot authored 3 years ago
  
  Set imported PipelineSchedules to inactive See merge request gitlab-org/security/gitlab!1879
  17ce8e9a
- Merge branch 'security-remove-external-webhook-token-from-export-14-3' into '14-3-stable-ee' · 764c5dc1
  GitLab Release Tools Bot authored 3 years ago
  
  Remove external_webhook_token from exported project See merge request gitlab-org/security/gitlab!1866
  764c5dc1
Oct 26, 2021

Highlight usage of unicode bidi characters · 0b9bcafa

Robert May authored 3 years ago

Adds markup around unicode bidi characters when highlighting
code. These are used primarily for text direction in
right-to-left languages, but can be used as an exploit.

Changelog: security

0b9bcafa

Fix dompurify.js to prevent path traversal attacks · 6599afd4

Dheeraj Joshi authored 3 years ago

This fixes an issue with SVGs href sanitization
which was bypassable using path traversal

Changelog: security

6599afd4

Oct 25, 2021

Refresh authorizations on transfer of groups having project shares · faad71f4

Manoj M J authored 3 years ago

This change makes sure that when a group that
has any project-group shares is transferred,
it refresh authorizations of projects that are
shared to the group.

Changelog: security

faad71f4

Admin message

Admin message