Commits · v14.1.3-ee · Maxime Orefice / GitLab

Aug 17, 2021
- Update VERSION files · 77e6fa75
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v14.1.3-ee v14.1.3-ee
  
  77e6fa75
- Update changelog for 14.1.3 · 97862e4e
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  97862e4e
- Update Gitaly version to 14.1.3 · b6d37eb4
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  b6d37eb4
- Merge branch '14-1-stable-ee-patch-3' into '14-1-stable-ee' · 86304aea
  Robert Speicher authored 3 years ago
  
  Prepare 14.1.3-ee release See merge request gitlab-org/gitlab!68383
  86304aea
- Geo 2.0 Regression - Add ability to remove primary · 1635f3d0
  Andrew Fontaine authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68005 Changelog: fixed EE: true
  1635f3d0
- Resolve "operator does not exist: integer[] || bigint in... · 99e6457b
  Mark Chao authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  Resolve "operator does not exist: integer[] || bigint in app/models/namespace/traversal_hierarchy.rb" See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/67288 Changelog: changed
  99e6457b
- Merge branch 'ash2k/kas-14.1.1' into 'master' · 82cd2adc
  Thong Kuah authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  Bump kas to v14.1.1 See merge request gitlab-org/gitlab!66806 (cherry picked from commit 5651fc98) b7a2bbf8 Bump kas to v14.1.1
  82cd2adc
- [RUN AS-IF-FOSS] AS Fix SAML SSO login redirects not working · 7b551e3d
  Imre (Admin) authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66791 Changelog: fixed EE: true
  7b551e3d
- Merge branch 'selhorn-patch-14-1' into '14-1-stable-ee' · 834ad265
  Robert Speicher authored 3 years ago
  
  Updating docs to fix UI link See merge request gitlab-org/gitlab!67732
  834ad265
Aug 09, 2021

Suzanne Selhorn authored 3 years ago

The docs were not updated in time for 14.1
and so the UI help link does not work properly.
This MR fixes that issue.
https://gitlab.com/gitlab-org/gitlab/-/issues/337876

525e444d

Aug 03, 2021
- Merge remote-tracking branch 'dev/14-1-stable-ee' into 14-1-stable-ee · ae3bef82
  GitLab Release Tools Bot authored 3 years ago
  
  ae3bef82
- Update VERSION files · 0bf9b154
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v14.1.2-ee v14.1.2-ee
  
  0bf9b154
- Update changelog for 14.1.2 · 79bbec00
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  79bbec00
- Update Gitaly version to 14.1.2 · fbdc9137
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  fbdc9137
- Merge branch 'security-validate-project-members-14-1' into '14-1-stable-ee' · 6024b648
  GitLab Release Tools Bot authored 3 years ago
  
  Don't allow to add users to project with email different than group sett See merge request gitlab-org/security/gitlab!1564
  6024b648
- Merge branch 'security-nfriend-hide-project-ci-cd-analytics-for-guests-14-1' into '14-1-stable-ee' · a4a62de2
  Henri Philipps authored 3 years ago
  
  Hide project-level CI/CD Analytics page for Guest users See merge request gitlab-org/security/gitlab!1600
  a4a62de2
- Merge branch... · e299beb1
  GitLab Release Tools Bot authored 3 years ago
  
  Merge branch 'security-not-allow-to-impersonate-tokens-while-impersonation-is-off-14-1' into '14-1-stable-ee' Block pushing with impersonation token if impersonation is disabled See merge request gitlab-org/security/gitlab!1583
  e299beb1
- Add project member validation for domain limitation · d17016dd
  mksionek authored 3 years ago
  
  Changelog: security
  d17016dd
Aug 02, 2021
- Hide project-level CI/CD Analytics for Guests · ce3b41da
  Nathan Friend authored 3 years ago
  
  This commit updates the project-level CI/CD Analytics page to not be accessible by Guest users of private projects. Changelog: security
  Unverified
  
  ce3b41da
- Merge branch 'security-jivanvl-fix-pipeline-show-page-permissions-14-1' into '14-1-stable-ee' · be958e37
  GitLab Release Tools Bot authored 3 years ago
  
  Add permissions check to pipelines#show action See merge request gitlab-org/security/gitlab!1612
  be958e37
- Merge branch 'security-336301-let-only-guest-members-edit-metadata-14-1' into '14-1-stable-ee' · 033c5baf
  GitLab Release Tools Bot authored 3 years ago
  
  Disallow non-members to set issue metadata on issue create See merge request gitlab-org/security/gitlab!1586
  033c5baf
- Merge branch 'security-email-invite-error-message-14-1' into '14-1-stable-ee' · f708e843
  GitLab Release Tools Bot authored 3 years ago
  
  Do not show email address in error message See merge request gitlab-org/security/gitlab!1596
  f708e843
- Merge branch 'security-300265-14-1' into '14-1-stable-ee' · 85b6a555
  GitLab Release Tools Bot authored 3 years ago
  
  Misleading username could lead to impersonation in using SSH Certificates See merge request gitlab-org/security/gitlab!1609
  85b6a555
- Merge branch 'security-impersonation-tokens-listed-14-1' into '14-1-stable-ee' · dcbea6f2
  GitLab Release Tools Bot authored 3 years ago
  
  Remove impersonation token from api response for non-admin user See merge request gitlab-org/security/gitlab!1565
  dcbea6f2
- Merge branch 'security-security_dblessing_invite_link_any_email-14-1' into '14-1-stable-ee' · e0cac0ed
  GitLab Release Tools Bot authored 3 years ago
  
  Only allow invite to be accepted by user with matching email See merge request gitlab-org/security/gitlab!1632
  e0cac0ed
- Merge branch 'security-djadmin-branch-name-xss-14-1' into '14-1-stable-ee' · 9fcffe9d
  Robert Speicher authored 3 years ago
  
  Add html escaping for default branch name See merge request gitlab-org/security/gitlab!1630
  9fcffe9d
- Merge branch 'security-security_dblessing_omniauth_logging-14-1' into '14-1-stable-ee' · 33d40608
  GitLab Release Tools Bot authored 3 years ago
  
  Configure OmniAuth to use GitLab AppLogger See merge request gitlab-org/security/gitlab!1615
  33d40608
- Merge branch... · 05d486af
  GitLab Release Tools Bot authored 3 years ago
  
  Merge branch 'security-prevent-guests-from-creating-issues-with-sentry-error-14-1' into '14-1-stable-ee' Prevent Guest users from creating issues linked to Sentry errors See merge request gitlab-org/security/gitlab!1587
  05d486af
- Merge branch 'security-customers_dot_oauth_app_id_14-1' into '14-1-stable-ee' · e82c2de0
  GitLab Release Tools Bot authored 3 years ago
  
  Use oauth_app id instead of uid See merge request gitlab-org/security/gitlab!1603
  e82c2de0
- Merge branch 'security-oauth-0-5-6-14-1' into '14-1-stable-ee' · b13f7232
  GitLab Release Tools Bot authored 3 years ago
  
  Updates oauth to 0.5.6 See merge request gitlab-org/security/gitlab!1592
  b13f7232
- Merge branch 'security-fix-protected-environment-access-cleanup-14-1' into '14-1-stable-ee' · 2e4d589d
  GitLab Release Tools Bot authored 3 years ago
  
  Unauthorized User Can Trigger Deployment to the Protected Environment See merge request gitlab-org/security/gitlab!1606
  2e4d589d
- Merge branch 'security-fix-tag-ref-detection-14-1' into '14-1-stable-ee' · fc51066b
  GitLab Release Tools Bot authored 3 years ago
  
  Fix tag ref detection for pipelines See merge request gitlab-org/security/gitlab!1591
  fc51066b
- Merge branch 'security_299039_restrict_access_for_reporter_and_below_14_1' into '14-1-stable-ee' · 39c696de
  GitLab Release Tools Bot authored 3 years ago
  
  Restrict access to instance-level security features for reporters See merge request gitlab-org/security/gitlab!1561
  39c696de
- Merge branch 'security/sh-mermaid-avoid-html-injection-13-11' into '14-1-stable-ee' · 3039bd55
  GitLab Release Tools Bot authored 3 years ago
  
  [14.1] Fix XSS in Mermaid Markdown rendering See merge request gitlab-org/security/gitlab!1488
  3039bd55
- Merge branch 'security-282445-read-todo-target-14-1' into '14-1-stable-ee' · 808bf085
  GitLab Release Tools Bot authored 3 years ago
  
  Filter todos whose target users no longer have access to [RUN AS-IF-FOSS] See merge request gitlab-org/security/gitlab!1556
  808bf085
Jul 30, 2021

Only allow invite to be accepted by user with matching email · 9d9e439c

Drew Blessing authored 3 years ago

Previously, any user was able to accept an invite even if the
user's email addresses didn't match the invite. A note was
displayed but the invite could still be accepted. With this
change, a user without a matching, confirmed email address
is unable to accept the invite.

Changelog: security

Unverified

9d9e439c

Add html escaping for default branch name · 54910100

Dheeraj Joshi authored 3 years ago

This escapes html chars for default branch
name value in initializing repository instructions

This is to prevent XSS vulnerability

Changelog: security

54910100

Jul 28, 2021
- Update VERSION files · f331f932
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v14.1.1-ee v14.1.1-ee
  
  f331f932
- Update changelog for 14.1.1 · 3f7205e2
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  3f7205e2
- Update Gitaly version to 14.1.1 · 8c355694
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  8c355694

Admin message

Admin message