[merge-train skip]

[ci skip]

[ci skip]

Backport "Drop bridge jobs on unknown failures" to 16.3

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/130833



Merged-by: Bob Van Landuyt <bob@gitlab.com>
Approved-by: Bob Van Landuyt <bob@gitlab.com>
Reviewed-by: Bob Van Landuyt <bob@gitlab.com>
Co-authored-by: Marius Bobin <mbobin@gitlab.com>

Sometimes the underlying systems fail to respond and
an error from them would leave the bridge in the running
state undefinetly. Since we don't know the full list of
errors that could cause this, we can catch everything
and let the user decide if they want to retry or not.

Changelog: fixed

Fix Code Suggestions in Web IDE on GitLab 16.3

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/130755



Merged-by: Paul Slaughter <pslaughter@gitlab.com>
Approved-by: Paul Slaughter <pslaughter@gitlab.com>
Co-authored-by: GitLab Renovate Bot <gitlab-bot@gitlab.com>

André Luís authored 1 year ago and Paul Slaughter committed 1 year ago

- https://gitlab.com/gitlab-org/gitlab/-/issues/424025
- https://gitlab.com/gitlab-org/gitlab/-/issues/405152#note_1534558771

Changelog: fixed

[merge-train skip]

[ci skip]

[ci skip]

Add authorization checks to import status endpoint

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3513



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Dylan Griffith <dyl.griffith@gmail.com>
Approved-by: Luke Duncalfe <lduncalfe@gitlab.com>
Co-authored-by: bmarjanovic <bmarjanovic@gitlab.com>

Bojan Marjanović authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-415117-confidential-issue-16-3' into '16-3-stable-ee'

See merge request gitlab-org/security/gitlab!3513

Changelog: security

Update commonmarker to 0.23.10

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3507



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Mario Celi <mcelicalderon@gitlab.com>
Co-authored-by: Brett Walker <bwalker@gitlab.com>

Brett Walker authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-update-commonmarker-16-3' into '16-3-stable-ee'

See merge request gitlab-org/security/gitlab!3507

Changelog: security

Remove DAST secret variables when URL is updated

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3498



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Aboobacker MK <akarakath@gitlab.com>
Approved-by: Himanshu Kapoor <info@fleon.org>
Co-authored-by: Dheeraj Joshi <djoshi@gitlab.com>

Dheeraj Joshi authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-dast-reset-secrets-16-3' into '16-3-stable-ee'

See merge request gitlab-org/security/gitlab!3498

Changelog: security

Maintainer can leak sentry token by changing the configured URL

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3516



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Allen Cook <acook@gitlab.com>
Co-authored-by: bmarjanovic <bmarjanovic@gitlab.com>

Bojan Marjanović authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-422134-confidential-issue-16-3' into '16-3-stable-ee'

See merge request gitlab-org/security/gitlab!3516

Changelog: security

Merge branch 'security-smriti-417664/external_user_escalated_service_account-16-3' into '16-3-stable-ee'

Service account users are external by default

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3501



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Aboobacker MK <akarakath@gitlab.com>
Co-authored-by: smriti <sgarg@gitlab.com>

Smriti Garg authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-smriti-417664/external_user_escalated_service_account-16-3' into '16-3-stable-ee'

See merge request gitlab-org/security/gitlab!3501

Changelog: security

Additional permission check when editing label

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3504



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Mark Chao <mchao@gitlab.com>
Co-authored-by: Brett Walker <bwalker@gitlab.com>

Brett Walker authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-reporter-group-labels-16-3' into '16-3-stable-ee'

See merge request gitlab-org/security/gitlab!3504

Changelog: security

Fix ReDOS in bulk_imports endpoint params

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3510



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Bojan Marjanovic <bmarjanovic@gitlab.com>
Co-authored-by: Luke Duncalfe <lduncalfe@eml.cc>

Luke Duncalfe authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-415067-redos-in-bulk_imports-api-16-3' into '16-3-stable-ee'

See merge request gitlab-org/security/gitlab!3510

Changelog: security

Merge branch 'security-prevent-namespace-level-banned-users-from-accessing-api-16-3' into '16-3-stable-ee'

Prevent namespace level banned users from accessing API

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3519



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Kassio Borges <kborges@gitlab.com>
Co-authored-by: Alex Buijs <abuijs@gitlab.com>

Alex Buijs authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-prevent-namespace-level-banned-users-from-accessing-api-16-3' into '16-3-stable-ee'

See merge request gitlab-org/security/gitlab!3519

Changelog: security

Check prohibit_outer_forks in fork relationship api

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3479



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Alexandru Croitor <acroitor@gitlab.com>
Co-authored-by: ghinfeydesktop <ghinfey@gitlabdesktop.com>

Gavin Hinfey authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-415338-16-3' into '16-3-stable-ee'

See merge request gitlab-org/security/gitlab!3479

Changelog: security

Prevent traversal for `path` parameter in refs/switch endpoint

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3491



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Michael Kozono <mkozono@gitlab.com>
Co-authored-by: Thong Kuah <tkuah@gitlab.com>

Thong Kuah authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-refs-switch-redirect-16-3' into '16-3-stable-ee'

See merge request gitlab-org/security/gitlab!3491

Changelog: security

Gitaly keyset pager when pagination none only with tree view

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3495



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Dmitry Gruzd <dgruzd@gitlab.com>
Co-authored-by: Patrick Cyiza <jpcyiza@gitlab.com>

Patrick Cyiza authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-414502-confidential-gitaly-keyset-16-3' into '16-3-stable-ee'

See merge request gitlab-org/security/gitlab!3495

Changelog: security

Backport LicenseScanning fix for AutoDevOps

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/129971



Merged-by: Brian Williams <bwilliams@gitlab.com>
Approved-by: Brian Williams <bwilliams@gitlab.com>
Co-authored-by: Tetiana Chupryna <tchupryna@gitlab.com>
Co-authored-by: Mayra Cabrera <mcabrera@gitlab.com>

Tetiana Chupryna authored 1 year ago and Brian Williams committed 1 year ago

Fix AutoDevOps for projects that configured license scanning job

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/129658



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Adam Cohen <acohen@gitlab.com>
Reviewed-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: Oscar Tovar <otovar@gitlab.com>

(cherry picked from commit dfc7ae92)

36c3ea86 Fix AutoDevOps for projects that configured license scanning job

CSP: disable LFS url when not using object storage

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/130200



Merged-by: Stan Hu <stanhu@gmail.com>
Approved-by: Joe Woodward <jwoodward@gitlab.com>
Approved-by: Jason Plum <jplum@gitlab.com>
Co-authored-by: Jason Plum <jplum@gitlab.com>

Disable the `allow_lfs` when object storage is not enabled for LFS.

1. When using local storage, the path will come from within GitLab's
primary URL
2. When using local storage, Fog/CarrierWave will fail, unless user
always supplies a bogus `connection` hash.
    - Omnibus leave this empty unless provided.

Related to https://gitlab.com/gitlab-org/gitlab/-/issues/422936

Backport "Geo: Resync direct upload object stored artifacts" to 16.3

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/129882



Merged-by: Douglas Barbosa Alexandre <dbalexandre@gmail.com>
Approved-by: Douglas Barbosa Alexandre <dbalexandre@gmail.com>

Add .net to context selector to skip live envs

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/129922



Merged-by: Steve Abrams <sabrams@gitlab.com>
Approved-by: Steve Abrams <sabrams@gitlab.com>
Approved-by: Reuben Pereira <2967854-rpereira2@users.noreply.gitlab.com>
Co-authored-by: Mark Lapierre <mlapierre@gitlab.com>

Revert migration to backfill archived in wikis

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/129910



Merged-by: Dmitry Gruzd <dgruzd@gitlab.com>
Approved-by: Dmitry Gruzd <dgruzd@gitlab.com>
Co-authored-by: rkumar555 <rkumar@gitlab.com>