Commits · v16.0.8-ee · Mark Lapierre / GitLab

Aug 01, 2023
- Update VERSION files · b989ef13
  GitLab Release Tools Bot authored 1 year ago
  
  [merge-train skip]
  View commits for tag v16.0.8-ee v16.0.8-ee
  
  b989ef13
- Update changelog for 16.0.8 · 24e4d919
  GitLab Release Tools Bot authored 1 year ago
  
  [ci skip]
  24e4d919
- Update managed components version to 16.0.8 · 7c5be703
  GitLab Release Tools Bot authored 1 year ago
  
  [ci skip]
  7c5be703
Jul 31, 2023

Merge branch 'security-prevent-leaking-emails-of-newly-created-users-16-0' into '16-0-stable-ee' · 97bc8664

Reuben Pereira authored 1 year ago

Prevent leaking emails of newly created users

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3451

Merged-by: Reuben Pereira <2967854-rpereira2@users.noreply.gitlab.com>
Approved-by: Sashi Kumar Kumaresan <skumar@gitlab.com>
Co-authored-by: Bogdan Denkovych <bdenkovych@gitlab.com>

97bc8664

Prevent leaking emails of newly created users · b2872b39

Bogdan Denkovych authored 1 year ago

Merge branch 'security-prevent-leaking-emails-of-newly-created-users-16-0' into '16-0-stable-ee'

See merge request gitlab-org/security/gitlab!3451

Changelog: security

b2872b39

Merge branch 'security-906-glpat-logging-16-0' into '16-0-stable-ee' · afc3f9a6

GitLab Release Tools Bot authored 1 year ago

Added redirect to filtered params

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3443



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Jessie Young <jessieyoung@gitlab.com>
Co-authored-by: smriti <sgarg@gitlab.com>

afc3f9a6

Added redirect to filtered params · 49ffc2cc

Smriti Garg authored 1 year ago and

GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-906-glpat-logging-16-0' into '16-0-stable-ee'

See merge request gitlab-org/security/gitlab!3443

Changelog: security

49ffc2cc

Merge branch 'security-416902-config-16-0' into '16-0-stable-ee' · 2318b28b

GitLab Release Tools Bot authored 1 year ago

Relocate PlantUML config and disable SVG support

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3440

Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: John Mason <9717668-johnmason@users.noreply.gitlab.com>
Co-authored-by: Robert May <rmay@gitlab.com>

2318b28b

Relocate PlantUML config and disable SVG support · c6ded17a
Robert May authored 1 year ago and GitLab Release Tools Bot committed 1 year ago
```
Merge branch 'security-416902-config-16-0' into '16-0-stable-ee'

See merge request gitlab-org/security/gitlab!3440

Changelog: security
```
c6ded17a

Merge branch 'security-hardlinks-in-import-archives-16-0' into '16-0-stable-ee' · 858d0db6

GitLab Release Tools Bot authored 1 year ago

Sanitize multiple hardlinks from import archives

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3437

Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: George Koltsov <gkoltsov@gitlab.com>
Co-authored-by: Luke Duncalfe <lduncalfe@eml.cc>

858d0db6

Sanitize multiple hardlinks from import archives · 9dabd8eb

Luke Duncalfe authored 1 year ago and

GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-hardlinks-in-import-archives-16-0' into '16-0-stable-ee'

See merge request gitlab-org/security/gitlab!3437

Changelog: security

9dabd8eb

Merge branch 'security-validate-project-path-availability-16-0' into '16-0-stable-ee' · e7fb5914

GitLab Release Tools Bot authored 1 year ago

Validates project path availability

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3428

Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Vasilii Iakliushin <viakliushin@gitlab.com>
Co-authored-by: Kassio Borges <kassioborgesm@gmail.com>

e7fb5914

Validates project path availability · 97e6ce4d

Kassio Borges authored 1 year ago and

GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-validate-project-path-availability-16-0' into '16-0-stable-ee'

See merge request gitlab-org/security/gitlab!3428

Changelog: security

97e6ce4d

Merge branch 'security-fix-policy-project-assign-16-0' into '16-0-stable-ee' · 702bfce0

GitLab Release Tools Bot authored 1 year ago

Fix policy project assign

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3425



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Huzaifa Iftikhar <hiftikhar@gitlab.com>
Co-authored-by: mc_rocha <mrocha@gitlab.com>

702bfce0

Fix policy project assign · c1cca8ce

Marcos Rocha authored 1 year ago and

GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-fix-policy-project-assign-16-0' into '16-0-stable-ee'

See merge request gitlab-org/security/gitlab!3425

Changelog: security

c1cca8ce

Merge branch 'security-407166-fix-protected-branch-for-pipeline-schedule-16.0'... · 1ac62927

GitLab Release Tools Bot authored 1 year ago

Merge branch 'security-407166-fix-protected-branch-for-pipeline-schedule-16.0' into '16-0-stable-ee'

Fix pipeline schedule authorization for protected branch/tag

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3363

Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Vasilii Iakliushin <viakliushin@gitlab.com>
Co-authored-by: Tianwen Chen <tchen@gitlab.com>

1ac62927

Fix pipeline schedule authorization for protected branch/tag · 0c7017d9

Tianwen Chen authored 1 year ago and

GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-407166-fix-protected-branch-for-pipeline-schedule-16.0' into '16-0-stable-ee'

See merge request gitlab-org/security/gitlab!3363

Changelog: security

0c7017d9

Merge branch 'security-untrusted-autolink-16-0' into '16-0-stable-ee' · 478d3bb7

GitLab Release Tools Bot authored 1 year ago

Mitigate autolink filter ReDOS

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3432



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: charlie ablett <cablett@gitlab.com>
Approved-by: Bala Kumar <sbalakumar@gitlab.com>
Co-authored-by: Brett Walker <bwalker@gitlab.com>

478d3bb7

Mitigate autolink filter ReDOS · 9072c630

Brett Walker authored 1 year ago and

GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-untrusted-autolink-16-0' into '16-0-stable-ee'

See merge request gitlab-org/security/gitlab!3432

Changelog: security

9072c630

Merge branch 'security-ps-fix-web-ide-xss-16-0' into '16-0-stable-ee' · ea7b811b

GitLab Release Tools Bot authored 1 year ago

Fix XSS vector in Web IDE

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3411



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Enrique Alcántara <ealcantara@gitlab.com>
Co-authored-by: Paul Slaughter <pslaughter@gitlab.com>

ea7b811b

Fix XSS vector in Web IDE · 2832d1ae

Paul Slaughter authored 1 year ago and

GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-ps-fix-web-ide-xss-16-0' into '16-0-stable-ee'

See merge request gitlab-org/security/gitlab!3411

Changelog: security

2832d1ae

Merge branch 'security-project-reference-16-0' into '16-0-stable-ee' · ddb490d0

GitLab Release Tools Bot authored 1 year ago

Mitigate project reference filter ReDOS

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3429



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: charlie ablett <cablett@gitlab.com>
Co-authored-by: Brett Walker <bwalker@gitlab.com>

ddb490d0

Mitigate project reference filter ReDOS · 9c73619a

Brett Walker authored 1 year ago and

GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-project-reference-16-0' into '16-0-stable-ee'

See merge request gitlab-org/security/gitlab!3429

Changelog: security

9c73619a

Merge branch 'security-add-untrusted-regexp-to-harbor-16-0' into '16-0-stable-ee' · 08e3d9f4

GitLab Release Tools Bot authored 1 year ago

Add a stricter regex for the Harbor search param

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3396

Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Heinrich Lee Yu <heinrich@gitlab.com>
Co-authored-by: Adie Po <avpfestin@gitlab.com>

08e3d9f4

Add a stricter regex for the Harbor search param · c27e5e48

Adie Po authored 1 year ago and

GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-add-untrusted-regexp-to-harbor-16-0' into '16-0-stable-ee'

See merge request gitlab-org/security/gitlab!3396

Changelog: security

c27e5e48

Merge branch 'security-fix-user-pipeline-job-16-0' into '16-0-stable-ee' · 5904cefb

GitLab Release Tools Bot authored 1 year ago

Update pipeline user to the last policy MR author

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3393



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Ahmed Hemdan <ahemdan@gitlab.com>
Co-authored-by: mc_rocha <mrocha@gitlab.com>

5904cefb

Update pipeline user to the last policy MR author · b1e9bcb3

Marcos Rocha authored 1 year ago and

GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-fix-user-pipeline-job-16-0' into '16-0-stable-ee'

See merge request gitlab-org/security/gitlab!3393

Changelog: security

b1e9bcb3

Merge branch 'security-416252-16-0' into '16-0-stable-ee' · 9123c6fd

GitLab Release Tools Bot authored 1 year ago

Prohibit 40 character hex plus a hyphen if branch name is path

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3406

Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Allen Cook <acook@gitlab.com>
Co-authored-by: ghinfeydesktop <ghinfey@gitlabdesktop.com>

9123c6fd

Prohibit 40 character hex plus a hyphen if branch name is path · 66c81ff6
Gavin Hinfey authored 1 year ago and GitLab Release Tools Bot committed 1 year ago
```
Merge branch 'security-416252-16-0' into '16-0-stable-ee'

See merge request gitlab-org/security/gitlab!3406

Changelog: security
```
66c81ff6

Jul 26, 2023

Merge branch 'sh-disable-verify-iat-default-16-0' into '16-0-stable-ee' · 848f8d91

Steve Abrams authored 1 year ago

Disable IAT verification by default

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/127518



Merged-by: Steve Abrams <sabrams@gitlab.com>
Approved-by: Drew Blessing <drew@gitlab.com>
Approved-by: Steve Abrams <sabrams@gitlab.com>
Co-authored-by: Stan Hu <stanhu@gmail.com>

848f8d91

Jul 25, 2023

Disable IAT verification by default · 6d17a505

Stan Hu authored 1 year ago

https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117468 in GitLab
15.11 updated the ruby-jwt gem to v2.5.0. In v2.2.0, ruby-jwt removed
the `iat_leeway` parameter (https://github.com/jwt/ruby-jwt/pull/274).

As a result, if a gitlab-shell host creates a JWT token with an
issued-at (IAT) claim that is slightly behind the host handling API
the request, users will receive a 401 error.

Disable this IAT verification by default since it's not serving a
useful purpose, since expiration times are already validated. We
already made a similar change in Geo.

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/417543

Changelog: fixed

Unverified

6d17a505

Jul 05, 2023
- Merge remote-tracking branch 'dev/16-0-stable-ee' into 16-0-stable-ee · 09c1f37e
  GitLab Release Tools Bot authored 1 year ago
  
  09c1f37e
Jul 04, 2023
- Update VERSION files · 5ed4b9a2
  GitLab Release Tools Bot authored 1 year ago
  
  [merge-train skip]
  View commits for tag v16.0.7-ee v16.0.7-ee
  
  5ed4b9a2
- Update changelog for 16.0.7 · 1485c3e8
  GitLab Release Tools Bot authored 1 year ago
  
  [ci skip]
  1485c3e8
- Update managed components version to 16.0.7 · 28986e3a
  GitLab Release Tools Bot authored 1 year ago
  
  [ci skip]
  28986e3a
- Merge branch 'security-416797-fix-auth-issue-16-0' into '16-0-stable-ee' · 25c866ce
  Mayra Cabrera authored 1 year ago
  
  Add authorization to the subscriptions group controller See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3380 Merged-by: Mayra Cabrera <mcabrera@gitlab.com> Approved-by: Doug Stull <dstull@gitlab.com> Approved-by: Thong Kuah <tkuah@gitlab.com> Co-authored-by: Doug Stull <dstull@gitlab.com>
  25c866ce
- Add authorization to the subscriptions group controller · 07fa510b
  Ryan Cobb authored 1 year ago and Mayra Cabrera committed 1 year ago
  
  Merge branch 'security-416797-fix-auth-issue-16-0' into '16-0-stable-ee' See merge request gitlab-org/security/gitlab!3380 Changelog: security
  07fa510b
Jun 29, 2023
- Merge remote-tracking branch 'dev/16-0-stable-ee' into 16-0-stable-ee · cd518fe5
  GitLab Release Tools Bot authored 1 year ago
  
  cd518fe5
Jun 28, 2023
- Update VERSION files · 1ca31874
  GitLab Release Tools Bot authored 1 year ago
  
  [merge-train skip]
  View commits for tag v16.0.6-ee v16.0.6-ee
  
  1ca31874
- Update changelog for 16.0.6 · 894b4954
  GitLab Release Tools Bot authored 1 year ago
  
  [ci skip]
  894b4954

Admin message

Admin message