[merge-train skip]

[ci skip]

[ci skip]

Merge branch 'security-46403887-fix-list-dependencies-undefined-method-licenses-bug-16-2' into '16-2-stable-ee'

Fix undefined method licenses for nil:NilClass bug

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3471



Merged-by: Reuben Pereira <2967854-rpereira2@users.noreply.gitlab.com>
Approved-by: Kerri Miller <kerrizor@kerrizor.com>
Co-authored-by: Adam Cohen <acohen@gitlab.com>

Merge branch 'security-46403887-fix-list-dependencies-undefined-method-licenses-bug-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3471

Changelog: security

Fix undefined method page error in list dependencies

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3470



Merged-by: Reuben Pereira <2967854-rpereira2@users.noreply.gitlab.com>
Approved-by: Kerri Miller <kerrizor@kerrizor.com>
Co-authored-by: Adam Cohen <acohen@gitlab.com>

Merge branch 'security-46403887-fix-list-dependencies-bug-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3470

Changelog: security

Add pagination for license scanning

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3467



Merged-by: Steve Abrams <sabrams@gitlab.com>
Approved-by: Tetiana Chupryna <tchupryna@gitlab.com>
Co-authored-by: atiwari71 <atiwari@gitlab.com>

Aditya Tiwari authored 1 year ago and Steve Abrams committed 1 year ago

Merge branch 'security-paginate-dependency-list-dos-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3467

Changelog: security

Prevent leaking emails of newly created users

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3449



Merged-by: Reuben Pereira <2967854-rpereira2@users.noreply.gitlab.com>
Approved-by: Sashi Kumar Kumaresan <skumar@gitlab.com>
Co-authored-by: Bogdan Denkovych <bdenkovych@gitlab.com>

Merge branch 'security-prevent-leaking-emails-of-newly-created-users-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3449

Changelog: security

Added redirect to filtered params

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3441



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Jessie Young <jessieyoung@gitlab.com>
Co-authored-by: smriti <sgarg@gitlab.com>

Smriti Garg authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-906-glpat-logging-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3441

Changelog: security

Relocate PlantUML config and disable SVG support

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3438



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: John Mason <9717668-johnmason@users.noreply.gitlab.com>
Co-authored-by: Robert May <rmay@gitlab.com>

Robert May authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-416902-config-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3438

Changelog: security

Sanitize multiple hardlinks from import archives

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3435



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: George Koltsov <gkoltsov@gitlab.com>
Co-authored-by: Luke Duncalfe <lduncalfe@eml.cc>

Luke Duncalfe authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-hardlinks-in-import-archives-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3435

Changelog: security

Validates project path availability

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3426



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Vasilii Iakliushin <viakliushin@gitlab.com>
Co-authored-by: Kassio Borges <kassioborgesm@gmail.com>

Kassio Borges authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-validate-project-path-availability-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3426

Changelog: security

Fix policy project assign

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3423



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Huzaifa Iftikhar <hiftikhar@gitlab.com>
Co-authored-by: mc_rocha <mrocha@gitlab.com>

Marcos Rocha authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-fix-policy-project-assign-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3423

Changelog: security

Fix bug where comments on files with incorrect sha breaks UI

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3446



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Kushal Pandya <kushal@gitlab.com>
Co-authored-by: Phil Hughes <me@iamphill.com>

Phil Hughes authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-diff-comment-file-fix-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3446

Changelog: security

Merge branch 'security-407166-fix-protected-branch-for-pipeline-schedule-16.2' into '16-2-stable-ee'

Fix pipeline schedule authorization for protected branch/tag

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3413



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Vasilii Iakliushin <viakliushin@gitlab.com>
Co-authored-by: Tianwen Chen <tchen@gitlab.com>

Tianwen Chen authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-407166-fix-protected-branch-for-pipeline-schedule-16.2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3413

Changelog: security

Mitigate autolink filter ReDOS

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3434



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: charlie ablett <cablett@gitlab.com>
Approved-by: Bala Kumar <sbalakumar@gitlab.com>
Co-authored-by: Brett Walker <bwalker@gitlab.com>

Brett Walker authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-untrusted-autolink-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3434

Changelog: security

Fix XSS vector in Web IDE

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3409



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Enrique Alcántara <ealcantara@gitlab.com>
Co-authored-by: Paul Slaughter <pslaughter@gitlab.com>

Paul Slaughter authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-ps-fix-web-ide-xss-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3409

Changelog: security

Mitigate project reference filter ReDOS

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3431



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: charlie ablett <cablett@gitlab.com>
Co-authored-by: Brett Walker <bwalker@gitlab.com>

Brett Walker authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-project-reference-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3431

Changelog: security

Add a stricter regex for the Harbor search param

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3408



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Heinrich Lee Yu <heinrich@gitlab.com>
Co-authored-by: Adie Po <avpfestin@gitlab.com>

Adie Po authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-add-untrusted-regexp-to-harbor-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3408

Changelog: security

Update pipeline user to the last policy MR author

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3421



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Ahmed Hemdan <ahemdan@gitlab.com>
Reviewed-by: Ahmed Hemdan <ahemdan@gitlab.com>
Co-authored-by: mc_rocha <mrocha@gitlab.com>

Marcos Rocha authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-fix-user-pipeline-job-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3421

Changelog: security

Prohibit 40 character hex plus a hyphen if branch name is path

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3405



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Allen Cook <acook@gitlab.com>
Co-authored-by: ghinfeydesktop <ghinfey@gitlabdesktop.com>

Gavin Hinfey authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-416252-16-2' into '16-2-stable-ee'

See merge request gitlab-org/security/gitlab!3405

Changelog: security

BitBucket Server Importer - Preserve PR (MR) reviewers

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/127777



Merged-by: Reuben Pereira <2967854-rpereira2@users.noreply.gitlab.com>
Approved-by: George Koltsov <gkoltsov@gitlab.com>
Co-authored-by: bmarjanovic <bmarjanovic@gitlab.com>

Changelog: added

Disable IAT verification by default

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/127516



Merged-by: Steve Abrams <sabrams@gitlab.com>
Approved-by: Steve Abrams <sabrams@gitlab.com>
Co-authored-by: Stan Hu <stanhu@gmail.com>