Commits · v14.4.2-ee · dDenys Mishunov / GitLab

Nov 08, 2021
- Update VERSION files · 84aa6daa
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v14.4.2-ee v14.4.2-ee
  
  84aa6daa
- Update changelog for 14.4.2 · 40f7b9d1
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  40f7b9d1
- Update Gitaly version to 14.4.2 · 5aaecc2c
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  5aaecc2c
- Merge branch '14-4-stable-ee-patch-2' into '14-4-stable-ee' · 27ce3ca3
  Reuben Pereira authored 3 years ago
  
  Prepare 14.4.2-ee release See merge request gitlab-org/gitlab!73919
  27ce3ca3
- Merge branch 'gobump' into 'master' · dad663d9
  Stan Hu authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  Bump Go dependency to 1.16 See merge request gitlab-org/gitlab!73829 (cherry picked from commit 73ad6282) 4e97ef7a Bump Go dependency to 1.16
  dad663d9
- Skip retrying for reads on connection errors if primary only · 8e1976ed
  Yorick Peterse authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/73715 Changelog: fixed
  8e1976ed
- Merge branch 'jc-improve-praefect-subcommand-docs' into 'master' · 02909409
  Evan Read authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  Document track-repository praefect subcommand See merge request gitlab-org/gitlab!73488 (cherry picked from commit 8024148e) a47fdccc Document track-repository praefect subcommand
  02909409
- Remove skip_legacy_diff_note_callback_on_import from legacy diff note · 547a2ec2
  Mikołaj Wawrzyniak authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/73207 Changelog: changed
  547a2ec2
- Merge branch '343694-fix-issue-metrics-index-creation-error' into 'master' · a894bc78
  Yannis Roussos authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  Fix issue_metrics index creation error See merge request gitlab-org/gitlab!72928 (cherry picked from commit e30842f1) 22366a0c Fix issue_metrics index creation error
  a894bc78
- Fix error 500 loading branch with UTF-8 characters with performance bar · 67ddc428
  Douglas Barbosa Alexandre authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/72925 Changelog: fixed
  67ddc428
- Merge branch 'mk-whats-new-144' into 'master' · 5435af9e
  Alper Akgun authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  Create 14.4 What's New entry See merge request gitlab-org/gitlab!72900 (cherry picked from commit 7e66d89d) 30fa075c Create 14.4 What's New entry
  5435af9e
- Skip st_diff callback setting on LegacyDiffNote when importing · 84f5c663
  Sean McGivern authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/72897 Changelog: fixed
  84f5c663
- Prevent Sidekiq size limiter middleware from running multiple times on the same job · 294c01be
  Etienne Baqué authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/72435 Changelog: performance
  294c01be
- Merge branch 'psi-fix-focus' into 'master' · 9a3693be
  E'zeki&el Kigbo authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  Fix focus mode on boards See merge request gitlab-org/gitlab!72382 (cherry picked from commit f8a75d53) 9abc4ce6 Fix focus mode on boards
  9a3693be
Oct 28, 2021
- Merge remote-tracking branch 'dev/14-4-stable-ee' into 14-4-stable-ee · 0cc9eb8b
  GitLab Release Tools Bot authored 3 years ago
  
  0cc9eb8b
- Update VERSION files · abc23a14
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v14.4.1-ee v14.4.1-ee
  
  abc23a14
- Update changelog for 14.4.1 · 00d2da7e
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  00d2da7e
- Update Gitaly version to 14.4.1 · ab9755c3
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  ab9755c3
Oct 27, 2021
- Merge branch... · 38b6d974
  Reuben Pereira authored 3 years ago
  
  Merge branch 'security-518-fix-change-project-visibility-to-restricted-option-14-4' into '14-4-stable-ee' Change project visibility to a restricted option See merge request gitlab-org/security/gitlab!1903
  38b6d974
- Merge branch 'security-337193-14-4' into '14-4-stable-ee' · fbd559f8
  GitLab Release Tools Bot authored 3 years ago
  
  Highlight usage of unicode bidi characters See merge request gitlab-org/security/gitlab!1937
  fbd559f8
- Merge branch 'security-522-scim-token-is-still-viewable-after-creation-14-4' into '14-4-stable-ee' · b5c3e37b
  GitLab Release Tools Bot authored 3 years ago
  
  SCIM token is still Viewable After Creation See merge request gitlab-org/security/gitlab!1906
  b5c3e37b
- Merge branch 'security-28226-redact-groups-shared-with-14-4' into '14-4-stable-ee' · 8cc5788c
  GitLab Release Tools Bot authored 3 years ago
  
  Redact list of groups a project is shared with See merge request gitlab-org/security/gitlab!1910
  8cc5788c
- Redact list of groups a project is shared with · 68a28c50
  Alexis Kalderimis authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  68a28c50
- Merge branch 'security-dompurify-normalize-path-14-4' into '14-4-stable-ee' · a2f75186
  GitLab Release Tools Bot authored 3 years ago
  
  Fix path traversal issue with SVG hrefs See merge request gitlab-org/security/gitlab!1929
  a2f75186
- Merge branch 'security-id-workhorse-tiff-14-4' into '14-4-stable-ee' · 6c793290
  GitLab Release Tools Bot authored 3 years ago
  
  Avoid decoding the whole tiff image on isTIFF check See merge request gitlab-org/security/gitlab!1899
  6c793290
- Merge branch 'security-id-limit-uploading-files-14-4' into '14-4-stable-ee' · 4ed45dcc
  GitLab Release Tools Bot authored 3 years ago
  
  Workhorse: Allow uploading only a single file See merge request gitlab-org/security/gitlab!1913
  4ed45dcc
- Merge branch 'security-applications-api-scope-14-4' into '14-4-stable-ee' · cc582abe
  GitLab Release Tools Bot authored 3 years ago
  
  Do not allow Applications API to create apps with blank scopes See merge request gitlab-org/security/gitlab!1922
  cc582abe
- Merge branch 'security-project-group-share-on-group-transfer-14-4' into '14-4-stable-ee' · 0803b160
  GitLab Release Tools Bot authored 3 years ago
  
  Refresh authorizations on transfer of groups having project shares See merge request gitlab-org/security/gitlab!1916
  0803b160
- Merge branch 'security-mr-discussions-locked-fix-14-4' into '14-4-stable-ee' · 1675d679
  GitLab Release Tools Bot authored 3 years ago
  
  Don't allow author to resolve discussions when MR is locked via GraphQL See merge request gitlab-org/security/gitlab!1919
  1675d679
- Merge branch 'security-28074-root-passwork-in-migration-output-14-4' into '14-4-stable-ee' · efd17390
  GitLab Release Tools Bot authored 3 years ago
  
  Do not display the root password by default See merge request gitlab-org/security/gitlab!1909
  efd17390
- Merge branch 'security-516-namespace-path-cleaning-vulnerable-14-4' into '14-4-stable-ee' · c93035de
  GitLab Release Tools Bot authored 3 years ago
  
  Iterate over trailing space regex replacements See merge request gitlab-org/security/gitlab!1912
  c93035de
- Merge branch 'security-297470-fix-public-email-disclosure-14-4' into '14-4-stable-ee' · ea938156
  GitLab Release Tools Bot authored 3 years ago
  
  Prevent private e-mail from being shown in webhook data See merge request gitlab-org/security/gitlab!1927
  ea938156
- Merge branch 'security-335191-use-verified-emails-to-avoid-bypass-14.4' into '14-4-stable-ee' · f3763f55
  GitLab Release Tools Bot authored 3 years ago
  
  Match with verified_email? rather than any_email? See merge request gitlab-org/security/gitlab!1926
  f3763f55
- Merge branch 'security-guest-update-incident-severity-14-4' into '14-4-stable-ee' · 86384c7c
  GitLab Release Tools Bot authored 3 years ago
  
  Disallow guests to change severity on incidents See merge request gitlab-org/security/gitlab!1902
  86384c7c
- Disallow guests to change severity on incidents · 7459bcb9
  Peter Leitzen authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  7459bcb9
- Merge branch 'security-337824-set-pipeline-schedule-default-14-4' into '14-4-stable-ee' · 677e5935
  GitLab Release Tools Bot authored 3 years ago
  
  Set imported PipelineSchedules to inactive See merge request gitlab-org/security/gitlab!1911
  677e5935
- Merge branch 'security-remove-external-webhook-token-from-export-14-4' into '14-4-stable-ee' · b792e18e
  GitLab Release Tools Bot authored 3 years ago
  
  Remove external_webhook_token from exported project See merge request gitlab-org/security/gitlab!1872
  b792e18e
Oct 26, 2021

Highlight usage of unicode bidi characters · cef762a2

Robert May authored 3 years ago

Adds markup around unicode bidi characters when highlighting
code. These are used primarily for text direction in
right-to-left languages, but can be used as an exploit.

Changelog: security

cef762a2

Fix dompurify.js to prevent path traversal attacks · 9a891cbe

Dheeraj Joshi authored 3 years ago

This fixes an issue with SVGs href sanitization
which was bypassable using path traversal

Changelog: security

9a891cbe

Oct 25, 2021

Refresh authorizations on transfer of groups having project shares · bdf8b6e9

Manoj M J authored 3 years ago

This change makes sure that when a group that
has any project-group shares is transferred,
it refresh authorizations of projects that are
shared to the group.

Changelog: security

bdf8b6e9

Admin message

Admin message