Commits · 16c20745a286eb674f48366d84abe5f4dd5fb2c6 · Mark Lapierre / GitLab

Aug 31, 2023
- Update VERSION files · 16c20745
  GitLab Release Tools Bot authored 1 year ago
  
  [merge-train skip]
  View commits for tag v16.2.5-ee v16.2.5-ee
  
  16c20745
- Update changelog for 16.2.5 · 544de944
  GitLab Release Tools Bot authored 1 year ago
  
  [ci skip]
  544de944
- Update managed components version to 16.2.5 · e211175a
  GitLab Release Tools Bot authored 1 year ago
  
  [ci skip]
  e211175a
Aug 30, 2023

Merge branch 'security-415117-confidential-issue-16-2' into '16-2-stable-ee' · 52a4631a

GitLab Release Tools Bot authored 1 year ago

Add authorization checks to import status endpoint

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3514



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Dylan Griffith <dyl.griffith@gmail.com>
Approved-by: Luke Duncalfe <lduncalfe@gitlab.com>
Co-authored-by: bmarjanovic <bmarjanovic@gitlab.com>

52a4631a

Add authorization checks to import status endpoint · 4ace6aae
Bojan Marjanović authored 1 year ago and GitLab Release Tools Bot committed 1 year ago
```
Merge branch 'security-415117-confidential-issue-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3514

Changelog: security
```
4ace6aae

Merge branch 'security-update-commonmarker-16-2' into '16-2-stable-ee' · cb0ca6c6

GitLab Release Tools Bot authored 1 year ago

Update commonmarker to 0.23.10

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3508



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Mario Celi <mcelicalderon@gitlab.com>
Co-authored-by: Brett Walker <bwalker@gitlab.com>

cb0ca6c6

Update commonmarker to 0.23.10 · 41ae8c44

Brett Walker authored 1 year ago and

GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-update-commonmarker-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3508

Changelog: security

41ae8c44

Merge branch 'security-dast-reset-secrets-16-2' into '16-2-stable-ee' · 5b268986

GitLab Release Tools Bot authored 1 year ago

Remove DAST secret variables when URL is updated

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3499



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Aboobacker MK <akarakath@gitlab.com>
Approved-by: Himanshu Kapoor <info@fleon.org>
Co-authored-by: Dheeraj Joshi <djoshi@gitlab.com>

5b268986

Remove DAST secret variables when URL is updated · ab9b3384
Dheeraj Joshi authored 1 year ago and GitLab Release Tools Bot committed 1 year ago
```
Merge branch 'security-dast-reset-secrets-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3499

Changelog: security
```
ab9b3384

Merge branch 'security-422134-confidential-issue-16-2' into '16-2-stable-ee' · 7fd666a7

GitLab Release Tools Bot authored 1 year ago

Maintainer can leak sentry token by changing the configured URL

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3517

Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Allen Cook <acook@gitlab.com>
Co-authored-by: bmarjanovic <bmarjanovic@gitlab.com>

7fd666a7

Maintainer can leak sentry token by changing the configured URL · 8c423fdd
Bojan Marjanović authored 1 year ago and GitLab Release Tools Bot committed 1 year ago
```
Merge branch 'security-422134-confidential-issue-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3517

Changelog: security
```
8c423fdd

Merge branch... · a0c2523b

GitLab Release Tools Bot authored 1 year ago

Merge branch 'security-smriti-417664/external_user_escalated_service_account-16-2' into '16-2-stable-ee'

Service account users are external by default

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3502

Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Aboobacker MK <akarakath@gitlab.com>
Co-authored-by: smriti <sgarg@gitlab.com>

a0c2523b

Service account users are external by default · 9abbd558

Smriti Garg authored 1 year ago and

GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-smriti-417664/external_user_escalated_service_account-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3502

Changelog: security

9abbd558

Merge branch 'security-reporter-group-labels-16-2' into '16-2-stable-ee' · e275be3c

GitLab Release Tools Bot authored 1 year ago

Additional permission check when editing label

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3505



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Mark Chao <mchao@gitlab.com>
Co-authored-by: Brett Walker <bwalker@gitlab.com>

e275be3c

Additional permission check when editing label · 416b3a3d

Brett Walker authored 1 year ago and

GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-reporter-group-labels-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3505

Changelog: security

416b3a3d

Merge branch 'security-415067-redos-in-bulk_imports-api-16-2' into '16-2-stable-ee' · ad06ec7c

GitLab Release Tools Bot authored 1 year ago

Fix ReDOS in bulk_imports endpoint params

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3511



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Bojan Marjanovic <bmarjanovic@gitlab.com>
Co-authored-by: Luke Duncalfe <lduncalfe@eml.cc>

ad06ec7c

Fix ReDOS in bulk_imports endpoint params · 90dbac47

Luke Duncalfe authored 1 year ago and

GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-415067-redos-in-bulk_imports-api-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3511

Changelog: security

90dbac47

Merge branch... · c644ebdb

GitLab Release Tools Bot authored 1 year ago

Merge branch 'security-prevent-namespace-level-banned-users-from-accessing-api-16-2' into '16-2-stable-ee'

Prevent namespace level banned users from accessing API

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3484

Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Kassio Borges <kborges@gitlab.com>
Co-authored-by: Alex Buijs <abuijs@gitlab.com>

c644ebdb

Prevent namespace level banned users from accessing API · 76ce2605

Alex Buijs authored 1 year ago and

GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-prevent-namespace-level-banned-users-from-accessing-api-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3484

Changelog: security

76ce2605

Merge branch 'security-420301-requires-write-on-mlflow-endpoints-16-2' into '16-2-stable-ee' · 57b0a6fe

GitLab Release Tools Bot authored 1 year ago

Requires write_model_experiments on mlflow api

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3480



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Gary Holtz <gholtz@gitlab.com>
Approved-by: Ahmed Hemdan <ahemdan@gitlab.com>
Co-authored-by: Eduardo Bonet <ebonet@gitlab.com>

57b0a6fe

Requires write_model_experiments on mlflow api · a385fb7b

Eduardo Bonet authored 1 year ago and

GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-420301-requires-write-on-mlflow-endpoints-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3480

Changelog: security

a385fb7b

Merge branch 'security-415338-16-2' into '16-2-stable-ee' · aa9bf563

GitLab Release Tools Bot authored 1 year ago

Check prohibit_outer_forks in fork relationship api

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3477

Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Alexandru Croitor <acroitor@gitlab.com>
Co-authored-by: ghinfeydesktop <ghinfey@gitlabdesktop.com>

aa9bf563

Check prohibit_outer_forks in fork relationship api · d8ee7ec1
Gavin Hinfey authored 1 year ago and GitLab Release Tools Bot committed 1 year ago
```
Merge branch 'security-415338-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3477

Changelog: security
```
d8ee7ec1

Merge branch 'security-gcp-streaming-key-16-2' into '16-2-stable-ee' · 19a76199

GitLab Release Tools Bot authored 1 year ago

Remove GCP private key from streaming audit events UI

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3487



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Sean Arnold <sarnold@gitlab.com>
Approved-by: Miguel Rincon <mrincon@gitlab.com>
Reviewed-by: Nick Malcolm <nmalcolm@gitlab.com>
Co-authored-by: nrosandich <nrosandich@gitlab.com>

19a76199

Remove GCP private key from streaming audit events UI · 36b15be1
Nathan Rosandich authored 1 year ago and GitLab Release Tools Bot committed 1 year ago
```
Merge branch 'security-gcp-streaming-key-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3487

Changelog: security
```
36b15be1

Merge branch 'security-refs-switch-redirect-16-2' into '16-2-stable-ee' · b2a0b3be

GitLab Release Tools Bot authored 1 year ago

Prevent traversal for `path` parameter in refs/switch endpoint

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3475

Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Michael Kozono <mkozono@gitlab.com>
Co-authored-by: Thong Kuah <tkuah@gitlab.com>

b2a0b3be

Prevent traversal for `path` parameter in refs/switch endpoint · 89cd4dae
Thong Kuah authored 1 year ago and GitLab Release Tools Bot committed 1 year ago
```
Merge branch 'security-refs-switch-redirect-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3475

Changelog: security
```
89cd4dae

Merge branch 'security-414502-confidential-gitaly-keyset-16-2' into '16-2-stable-ee' · d126f4a4

GitLab Release Tools Bot authored 1 year ago

Gitaly keyset pager when pagination none only with tree view

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3481

Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Dmitry Gruzd <dgruzd@gitlab.com>
Co-authored-by: Patrick Cyiza <jpcyiza@gitlab.com>

d126f4a4

Gitaly keyset pager when pagination none only with tree view · 498f72ae

Patrick Cyiza authored 1 year ago and

GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-414502-confidential-gitaly-keyset-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3481

Changelog: security

498f72ae

Aug 23, 2023

Merge branch 'cherry-pick--2' into '16-2-stable-ee' · 0b363ae5

Mayra Cabrera authored 1 year ago

Backport "Geo: Resync direct upload object stored artifacts" to 16.2

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/129883

Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Douglas Barbosa Alexandre <dbalexandre@gmail.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: Douglas Barbosa Alexandre <dbalexandre@gmail.com>

0b363ae5

Aug 22, 2023

Geo: Resync direct upload object stored artifacts · 2b89dcd8

Douglas Barbosa Alexandre authored 1 year ago

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/128939



Merged-by: Douglas Barbosa Alexandre <dbalexandre@gmail.com>
Approved-by: Gregory Havenga <11164960-ghavenga@users.noreply.gitlab.com>
Approved-by: Douglas Barbosa Alexandre <dbalexandre@gmail.com>
Co-authored-by: Mike Kozono <mkozono@gitlab.com>

(cherry picked from commit eaa8da04)

33f2f25d Resync direct upload object stored artifacts
15737ede Perform update queries in Sidekiq job

Changelog: fixed
EE: true

Unverified

2b89dcd8

Aug 14, 2023

Merge branch '16-2-danger-current-stable-version' into '16-2-stable-ee' · 67f72ed9

Reuben Pereira authored 1 year ago

Adjust Danger logic for stable branches

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/128763



Merged-by: Reuben Pereira <2967854-rpereira2@users.noreply.gitlab.com>
Approved-by: David Dieulivol <ddieulivol@gitlab.com>
Co-authored-by: Steve Abrams <sabrams@gitlab.com>

67f72ed9

Aug 11, 2023
- Update VERSION files · 9544e545
  GitLab Release Tools Bot authored 1 year ago
  
  [merge-train skip]
  View commits for tag v16.2.4-ee v16.2.4-ee
  
  9544e545
- Update changelog for 16.2.4 · c18e34a1
  GitLab Release Tools Bot authored 1 year ago
  
  [ci skip]
  c18e34a1
- Update managed components version to 16.2.4 · 4919fd98
  GitLab Release Tools Bot authored 1 year ago
  
  [ci skip]
  4919fd98
Aug 10, 2023

Merge branch 'cherry-pick--3' into '16-2-stable-ee' · c2cb52e4

Kerri Miller authored 1 year ago

Replace vscode-cdn.net with web-ide.gitlab-static.net (Backport)

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/128950



Merged-by: Kerri Miller <kerrizor@kerrizor.com>
Approved-by: Kerri Miller <kerrizor@kerrizor.com>
Co-authored-by: Enrique Alcántara <ealcantara@gitlab.com>

c2cb52e4

Merge branch '420664-fix-dependency-list-bug-backport' into '16-2-stable-ee' · 8f60d1e4

Kerri Miller authored 1 year ago

Fix broken dependency list for invalid Container Scanning pkg mgr type

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/128942



Merged-by: Kerri Miller <kerrizor@kerrizor.com>
Approved-by: Adam Cohen <acohen@gitlab.com>
Approved-by: Kerri Miller <kerrizor@kerrizor.com>

8f60d1e4

Replace vscode-cdn.net with web-ide.gitlab-static.net · b19d3d64
Enrique Alcántara authored 1 year ago and Paul Slaughter committed 1 year ago
```
- (cherry picked from commit ae41ed4d)
- https://gitlab.com/gitlab-org/gitlab/-/issues/414488

Changelog: fixed
```
b19d3d64

Aug 09, 2023

Merge branch '420664-fix-dependency-list-bug' into 'master' · 92fe2de8

Kerri Miller authored 1 year ago and

Thiago Figueiro committed 1 year ago

Fix broken dependency list for invalid Container Scanning pkg mgr type

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/128385



Merged-by: Kerri Miller <kerrizor@kerrizor.com>
Approved-by: Kerri Miller <kerrizor@kerrizor.com>
Co-authored-by: Adam Cohen <acohen@gitlab.com>

Verified

92fe2de8

Merge branch 'revert--16-2-backport' into '16-2-stable-ee' · 841fbd0a

Bob Van Landuyt :neckbeard: authored 1 year ago

Revert "Remove log_response_length feature flag" - 16.2 Backport

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/128778



Merged-by: Bob Van Landuyt <bob@gitlab.com>
Approved-by: Bob Van Landuyt <bob@gitlab.com>
Co-authored-by: Robert May <rmay@gitlab.com>

841fbd0a

Admin message

Admin message