Commits · fcf9700aae78344b7e768f63ec7c333442ccb53c · Robert May / GitLab

Apr 27, 2021
- Update VERSION files · fcf9700a
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v13.10.4-ee v13.10.4-ee
  
  fcf9700a
- Update CHANGELOG.md for 13.10.4-ee · 080082fb
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  080082fb
- Update CHANGELOG-EE.md for 13.10.4-ee · b8daaff0
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  b8daaff0
- Update Gitaly version to 13.10.4 · f6cd5d5c
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  f6cd5d5c
- Merge branch 'security-mermaid-8-9-2-13-10' into '13-10-stable-ee' · ff8d8953
  Henri Philipps authored 3 years ago
  
  Update mermaid to version 8.9.2 See merge request gitlab-org/security/gitlab!1363
  ff8d8953
- Merge branch 'security-pull-mirror-token-13-9-13-10' into '13-10-stable-ee' · 95d49041
  GitLab Release Tools Bot authored 3 years ago
  
  Do not expose pull mirror username and password See merge request gitlab-org/security/gitlab!1355
  95d49041
- Merge branch... · 7a835d56
  GitLab Release Tools Bot authored 3 years ago
  
  Merge branch 'security-disallow-changing-timestamps-on-issue-create-update-13-10' into '13-10-stable-ee' Prevent non-owners to set system_note_timestamp See merge request gitlab-org/security/gitlab!1359
  7a835d56
- Merge branch... · b7eaee21
  GitLab Release Tools Bot authored 3 years ago
  
  Merge branch 'security-322500-disable-gitaly-branch-pagination-ff-by-default-13-10' into '13-10-stable-ee' Disable keyset pagination for branches by default See merge request gitlab-org/security/gitlab!1367
  b7eaee21
- Merge branch 'security-10io-dependency-proxy-and-deploy-tokens-13-10' into '13-10-stable-ee' · 5d1816f4
  GitLab Release Tools Bot authored 3 years ago
  
  Restrict the dependency proxy auth service See merge request gitlab-org/security/gitlab!1370
  5d1816f4
- Merge branch 'security-bump-carrierwave-to-1-3-2-13-10' into '13-10-stable-ee' · d2bde484
  GitLab Release Tools Bot authored 3 years ago
  
  Bump Carrierwave gem to v1.3.2 See merge request gitlab-org/security/gitlab!1350
  d2bde484
- Merge branch... · bb19d262
  GitLab Release Tools Bot authored 3 years ago
  
  Merge branch 'security-327155-prevent-mutation-execution-with-read-api-tokens-13-10' into '13-10-stable-ee' Prevent mutation execution with read api tokens See merge request gitlab-org/security/gitlab!1343
  bb19d262
Apr 26, 2021
- Restrict the dependency proxy auth service · a3fcfa42
  David Fernandez authored 3 years ago
  
  Any objects other than `User` (such as `DeployToken`) are not allowed Changelog: security
  Unverified
  
  a3fcfa42
Apr 23, 2021

Disable keyset pagination for branches by default · e0e36afc

Nick Thomas authored 3 years ago

It seems that with this feature flag enabled, pagination doesn't work
correctly in conjunction with a search. The FF is already disabled on
GitLab.com, but disabling it in the YAML file means that self-managed
instances will also be protected from the security issue (unless they
explicitly opt-in to some beta code, of course).

Changelog: security

e0e36afc

Update mermaid to 8.9.2 · de1acdcb
Dominic Couture authored 3 years ago

Unverified

de1acdcb

Apr 22, 2021

Prevent non-owners to set system_note_timestamp · 44cb1cb3

Alexandru Croitor authored 4 years ago

When an issue is created or updated though API for import
purposes we allow providing created_at and updated_at params
these would then be reflected also in system notes. Only admins
and project owners should be able to set these dates.

44cb1cb3

Apr 20, 2021

Do not expose pull mirror username and password · 19bfb4fc

Vasilli Iakliushin authored 3 years ago

Contributes to https://gitlab.com/gitlab-org/gitlab/-/issues/230864

* Remove password value from the pull mirror form
* Hide username from mirror url

19bfb4fc

Apr 14, 2021
- Merge remote-tracking branch 'dev/13-10-stable-ee' into 13-10-stable-ee · f899c10d
  GitLab Release Tools Bot authored 3 years ago
  
  f899c10d
- Bump Carrierwave gem to v1.3.2 · c6631fd4
  Mike Kozono authored 3 years ago
  
  Unverified
  
  c6631fd4
Apr 13, 2021
- Update VERSION files · db2e358d
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v13.10.3-ee v13.10.3-ee
  
  db2e358d
- Update CHANGELOG.md for 13.10.3-ee · 4b2d1279
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  4b2d1279
- Update CHANGELOG-EE.md for 13.10.3-ee · 8051a7a0
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  8051a7a0
- Update Gitaly version to 13.10.3 · e7a52c31
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  e7a52c31
- Merge branch 'security-content-type-check-13-10' into '13-10-stable-ee' · 1f379bbc
  Robert Speicher authored 3 years ago
  
  Check content type before running exiftool See merge request gitlab-org/security/gitlab!1341
  1f379bbc
- Merge branch 'security-ruby-saml-auth-bypass-fix-13-10' into '13-10-stable-ee' · 7c2b1c07
  Robert Speicher authored 3 years ago
  
  Security ruby saml auth bypass fix See merge request gitlab-org/security/gitlab!1332
  7c2b1c07
- Merge branch 'security-327154-only-jpeg-tiff-13-10' into '13-10-stable-ee' · 4cc1c49e
  Robert Speicher authored 3 years ago
  
  Detect file format before checking exif headers See merge request gitlab-org/security/gitlab!1338
  4cc1c49e
Apr 12, 2021

Require 'api' scope to execute mutations · 915b1f7b

Alexis Kalderimis authored 3 years ago

Verify that read_api tokens cannot run mutations.

Also: adds tests use of OAuth tokens for GraphQL

We make some changes to the sessionless_authentication module
in order to capture the request_authenticator, so that we can access
the token scopes, without making any extra queries.

We ensure we always authorize the mutation, which, like all resolvers,
needs to opt in to the check.

Unlike resolvers, mutations should always raise. So
`BaseMutation.authorized?` raises on failure.

Logic for handling scopes is pushed down to the `ObjectAuthorization`
class, and encapsulated in the `ScopeValidator`, which limits the
methods that can be called by resolvers.

915b1f7b

Apr 11, 2021
- Check content type before running exiftool · 6f8d9618
  Jan Provaznik authored 3 years ago
  
  Assures that exiftool runs for jpeg/tiff images only.
  6f8d9618
Apr 09, 2021
- Detect file MIME type before checking exif headers · 134180d5
  Charlie Ablett authored 3 years ago and Jan Provaznik committed 3 years ago
  
  Before running exiftool from rake task, file's MIME type is checked.
  134180d5
Apr 08, 2021

Update ruby-saml and rexml gems · 33226dce
alex pooley authored 3 years ago and Imre (Admin) committed 3 years ago

33226dce

Fix broken dora4 spec · 0e17f95b

Vladimir Shushlin authored 3 years ago

By default dora4 metrics controller returns data for last 3 months

We use 2021-01-01 as fixture date in specs.

So controllers stoped returning this data on 2021-04-02

Also, max range was calculated as 91 days, while it's actually
possible to have 92 days in 3 months.
I caught this trying to fix the issue


(cherry picked from commit b76bd0d8)

0e17f95b

Apr 01, 2021
- Update VERSION files · cc422422
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v13.10.2-ee v13.10.2-ee
  
  cc422422
- Update CHANGELOG.md for 13.10.2-ee · e3470734
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  e3470734
- Update CHANGELOG-EE.md for 13.10.2-ee · 3353a1d0
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  3353a1d0
- Update Gitaly version to 13.10.2 · 4a041127
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  4a041127
- Merge branch '13-10-stable-ee-patch-2' into '13-10-stable-ee' · 6407cff0
  Robert Speicher authored 3 years ago
  
  Prepare 13.10.2-ee release See merge request gitlab-org/gitlab!58151
  6407cff0
- Merge branch 'ph/emojiPickerFrequentlyUsedEmojis' into 'master' · db41ee76
  Kushal Pandya authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  Added frequently used emojis to new picker See merge request gitlab-org/gitlab!56332 (cherry picked from commit 189bf0ed) 1b94ec93 Added frequently used emojis to new picker d16914b7 Moved some re-used values into constants file 0361f42c Added specs to util methods
  db41ee76
Mar 31, 2021

Merge branch 'sh-revert-long-polling-default' into 'master' · 1ddcef52

Jacob Vosmaer (GitLab) authored 3 years ago and

GitLab Release Tools Bot committed 3 years ago

Revert "Fix long polling to default to 50 s instead of 50 ns"

See merge request gitlab-org/gitlab!57903

(cherry picked from commit d6edae81)

3b59eb25 Revert "Fix long polling to default to 50 s instead of 50 ns"

1ddcef52

Merge branch '325864-fix-image-blob-rendering' into 'master' · 555c98a0

Simon Knox authored 3 years ago and

GitLab Release Tools Bot committed 3 years ago

Fixed rendering of the image blobs

See merge request gitlab-org/gitlab!57479

(cherry picked from commit 299fc1e4)

274c8a8e Fixed rendering of the image blobs

555c98a0

Merge branch 'msedlakjakubowski-master-patch-90604' into 'master' · 8baec418
Nick Gaskill authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
```
Fix epic boards tier in docs

See merge request gitlab-org/gitlab!57404

(cherry picked from commit e4f47488)

1653bed1 Fix epic boards tier in docs
```
8baec418
Merge branch 'mkarampalas-master-patch-91431' into 'master' · 581cbb26
Achilleas Pipinellis authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
```
Remove admin mode entry from What's New

See merge request gitlab-org/gitlab!57146

(cherry picked from commit 4662d25f)

562c88a9 Remove admin mode entry
```
581cbb26

Admin message

Admin message