[merge-train skip]

[ci skip]

[ci skip]

Prepare 13.12.4-ee release

See merge request gitlab-org/gitlab!63974

Thong Kuah authored 3 years ago and GitLab Release Tools Bot committed 3 years ago

See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63784

Changelog: fixed

Patrick Bajao authored 3 years ago and GitLab Release Tools Bot committed 3 years ago

See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62535

Changelog: fixed

Dmitry Gruzd authored 3 years ago and GitLab Release Tools Bot committed 3 years ago

See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62053

Changelog: fixed
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62053

[merge-train skip]

[ci skip]

[ci skip]

Upgrade ruby-magic in db-migration patch [RUN ALL RSPEC]

See merge request gitlab-org/gitlab!63366

(cherry picked from commit cc520095)

df42b9ef Upgrade ruby-magic to 0.4.0

Fix referrer option passed to Akismet client, it
was changed to an unsupported spelling in a
previous commit.

See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/52385#note_591568296

- It needs 'referrer', not 'referer'
- Improve error handling to no longer ignore ArgumentError
- Give different error messages for Akismet::Error
  vs. StandardError.

Changelog: fixed

Changelog: fixed

The required URLs are added to the CSP
and nonces are added to the tags

Changelog: fixed

This commit adds an option to expose the `description_html`
field in Release LIST Rest API.

Changelog: added

Previously the emails sent about SSH key expiration did not explain
that expired SSH keys will no longer be usable in GitLab 14.0. That is
critical information, because without it even users who receive a
warning email might still be surprised when their SSH key stops being
usable. This adds that information to the emails so users cannot be
surprised by the change in SSH behavior after upgrading to GitLab 14.0.

Changelog: changed

Changelog: fixed

Fix maven & gradle examples in the docs, enabling line-by-line display of test coverage in merge requests out-of-the-box (for java & kotlin)

[13-12-stable-ee] Revert google-protobuf update and handle PgQuery::ParseError errors

See merge request gitlab-org/gitlab!62795

[merge-train skip]

[ci skip]

Use tag helper for javascript tag in redirect

See merge request gitlab-org/security/gitlab!1457

This will automatically include the nonce for CSP

Bump BinData version

See merge request gitlab-org/security/gitlab!1414

Changelog: security

Updates authorization for lint

See merge request gitlab-org/security/gitlab!1429

Adds redirect page to OAuth

See merge request gitlab-org/security/gitlab!1441

Block access to gitlab for users with expired password

See merge request gitlab-org/security/gitlab!1446

Limit rotations when removing members to those accessible to the member

See merge request gitlab-org/security/gitlab!1410

OAuth implicit grant access tokens are not logged

See merge request gitlab-org/security/gitlab!1435

Use xpath instead of css for searching in banzai [RUN AS-IF-FOSS]

See merge request gitlab-org/security/gitlab!1416

Truncate all non-blob markdown to 1MB by default

See merge request gitlab-org/security/gitlab!1420

Merge branch 'security-dblessing_update_users_two_factor_required_from_group-13-12' into '13-12-stable-ee'

Update users two factor required from group

See merge request gitlab-org/security/gitlab!1432

Opt in to Atlassians new context qsh

See merge request gitlab-org/security/gitlab!1408

Merge branch 'security-297665-validate-commit-author-for-x509-signatures-13-12-ee' into '13-12-stable-ee'

Only verify commit signatures if the user email is verified

See merge request gitlab-org/security/gitlab!1385

Prevent XSS on notebooks

See merge request gitlab-org/security/gitlab!1421