- Aug 01, 2023
-
-
GitLab Release Tools Bot authored
[merge-train skip]
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
[ci skip]
-
- Jul 31, 2023
-
-
Reuben Pereira authored
Prevent leaking emails of newly created users See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3450 Merged-by:
Reuben Pereira <2967854-rpereira2@users.noreply.gitlab.com> Approved-by:
Sashi Kumar Kumaresan <skumar@gitlab.com> Co-authored-by:
Bogdan Denkovych <bdenkovych@gitlab.com>
-
Bogdan Denkovych authored
Merge branch 'security-prevent-leaking-emails-of-newly-created-users-16-1' into '16-1-stable-ee' See merge request gitlab-org/security/gitlab!3450 Changelog: security
-
GitLab Release Tools Bot authored
Added redirect to filtered params See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3442 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Jessie Young <jessieyoung@gitlab.com> Co-authored-by:
smriti <sgarg@gitlab.com>
-
Merge branch 'security-906-glpat-logging-16-1' into '16-1-stable-ee' See merge request gitlab-org/security/gitlab!3442 Changelog: security
-
GitLab Release Tools Bot authored
Relocate PlantUML config and disable SVG support See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3439 Merged-by:
John Mason <9717668-johnmason@users.noreply.gitlab.com> Co-authored-by:
Robert May <rmay@gitlab.com>
-
Merge branch 'security-416902-config-16-1' into '16-1-stable-ee' See merge request gitlab-org/security/gitlab!3439 Changelog: security
-
GitLab Release Tools Bot authored
Sanitize multiple hardlinks from import archives See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3436 Merged-by:
George Koltsov <gkoltsov@gitlab.com> Co-authored-by:
Luke Duncalfe <lduncalfe@eml.cc>
-
Merge branch 'security-hardlinks-in-import-archives-16-1' into '16-1-stable-ee' See merge request gitlab-org/security/gitlab!3436 Changelog: security
-
GitLab Release Tools Bot authored
Validates project path availability See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3427 Merged-by:
Vasilii Iakliushin <viakliushin@gitlab.com> Co-authored-by:
Kassio Borges <kassioborgesm@gmail.com>
-
Merge branch 'security-validate-project-path-availability-16-1' into '16-1-stable-ee' See merge request gitlab-org/security/gitlab!3427 Changelog: security
-
GitLab Release Tools Bot authored
Fix policy project assign See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3424 Merged-by:
Huzaifa Iftikhar <hiftikhar@gitlab.com> Co-authored-by:
mc_rocha <mrocha@gitlab.com>
-
Merge branch 'security-fix-policy-project-assign-16-1' into '16-1-stable-ee' See merge request gitlab-org/security/gitlab!3424 Changelog: security
-
GitLab Release Tools Bot authored
Fix bug where comments on files with incorrect sha breaks UI See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3447 Merged-by:
Kushal Pandya <kushal@gitlab.com> Co-authored-by:
Phil Hughes <me@iamphill.com>
-
Merge branch 'security-diff-comment-file-fix-16-1' into '16-1-stable-ee' See merge request gitlab-org/security/gitlab!3447 Changelog: security
-
GitLab Release Tools Bot authored
Merge branch 'security-407166-fix-protected-branch-for-pipeline-schedule-16.1' into '16-1-stable-ee' Fix pipeline schedule authorization for protected branch/tag See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3364 Merged-by:
Tianwen Chen <tchen@gitlab.com>
-
Merge branch 'security-407166-fix-protected-branch-for-pipeline-schedule-16.1' into '16-1-stable-ee' See merge request gitlab-org/security/gitlab!3364 Changelog: security
-
GitLab Release Tools Bot authored
Mitigate autolink filter ReDOS See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3433 Merged-by:
charlie ablett <cablett@gitlab.com> Approved-by:
Bala Kumar <sbalakumar@gitlab.com> Co-authored-by:
Brett Walker <bwalker@gitlab.com>
-
Merge branch 'security-untrusted-autolink-16-1' into '16-1-stable-ee' See merge request gitlab-org/security/gitlab!3433 Changelog: security
-
GitLab Release Tools Bot authored
Fix XSS vector in Web IDE See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3410 Merged-by:
Enrique Alcántara <ealcantara@gitlab.com> Co-authored-by:
Paul Slaughter <pslaughter@gitlab.com>
-
Merge branch 'security-ps-fix-web-ide-xss-16-1' into '16-1-stable-ee' See merge request gitlab-org/security/gitlab!3410 Changelog: security
-
GitLab Release Tools Bot authored
Mitigate project reference filter ReDOS See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3430 Merged-by:
-
Merge branch 'security-project-reference-16-1' into '16-1-stable-ee' See merge request gitlab-org/security/gitlab!3430 Changelog: security
-
GitLab Release Tools Bot authored
Add a stricter regex for the Harbor search param See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3395 Merged-by:
Heinrich Lee Yu <heinrich@gitlab.com> Co-authored-by:
Adie Po <avpfestin@gitlab.com>
-
Merge branch 'security-add-untrusted-regexp-to-harbor-16-1' into '16-1-stable-ee' See merge request gitlab-org/security/gitlab!3395 Changelog: security
-
GitLab Release Tools Bot authored
Update pipeline user to the last policy MR author See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3392 Merged-by:
Ahmed Hemdan <ahemdan@gitlab.com> Co-authored-by:
-
Merge branch 'security-fix-user-pipeline-job-16-1' into '16-1-stable-ee' See merge request gitlab-org/security/gitlab!3392 Changelog: security
-
GitLab Release Tools Bot authored
Prohibit 40 character hex plus a hyphen if branch name is path See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3407 Merged-by:
Allen Cook <acook@gitlab.com> Co-authored-by:
ghinfeydesktop <ghinfey@gitlabdesktop.com>
-
Merge branch 'security-416252-16-1' into '16-1-stable-ee' See merge request gitlab-org/security/gitlab!3407 Changelog: security
-
Reuben Pereira authored
BitBucket Server Importer - Preserve PR (MR) reviewers See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/127778 Merged-by:
bmarjanovic <bmarjanovic@gitlab.com>
-
Bojan Marjanović authoredChangelog: added
-
Reuben Pereira authored
Backport fix for pending direct uploads completion to 16.1 See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/127402 Merged-by:
Michael Kozono <mkozono@gitlab.com> Reviewed-by:
-
- Jul 26, 2023
-
-
Steve Abrams authored
Disable IAT verification by default See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/127517 Merged-by:
Steve Abrams <sabrams@gitlab.com> Approved-by:
Drew Blessing <drew@gitlab.com> Approved-by:
Andrejs Cunskis <acunskis@gitlab.com> Co-authored-by:
Stan Hu <stanhu@gmail.com>
-
Steve Abrams authored
[16.1] Repair the trigger for Release Environments See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/127515 Merged-by:
John T Skarbek <jskarbek@gitlab.com>
-
- Jul 25, 2023
-
-
Stan Hu authored
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117468 in GitLab 15.11 updated the ruby-jwt gem to v2.5.0. In v2.2.0, ruby-jwt removed the `iat_leeway` parameter (https://github.com/jwt/ruby-jwt/pull/274). As a result, if a gitlab-shell host creates a JWT token with an issued-at (IAT) claim that is slightly behind the host handling API the request, users will receive a 401 error. Disable this IAT verification by default since it's not serving a useful purpose, since expiration times are already validated. We already made a similar change in Geo. Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/417543 Changelog: fixed
-
John Skarbek authored
* In https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121536 we appear to rename a slew of jobs but forgot a `needs` * This adjusts such to rid of a pipeline build failure
-
- Jul 24, 2023
-
-
Fix completion of pending direct upload See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/127017 Merged-by:
Albert Salim <asalim@gitlab.com> Approved-by:
Erick Bajao <fbajao@gitlab.com> (cherry picked from commit 26ed6f8d) a3e85cee Fix completion of pending direct upload
-
- Jul 20, 2023
-
-
Ezekiel Kigbo authored
Fix FOUC when new sidebar enabled See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/126783 Merged-by:
Ezekiel Kigbo <3397881-ekigbo@users.noreply.gitlab.com> Approved-by:
Simon Knox <simon@gitlab.com>
-
