Commits · e8824bdbcb70ab6210d3de565d52662d95c96978 · Peter Leitzen / GitLab

Aug 31, 2021
- Update VERSION files · e8824bdb
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v14.0.9-ee v14.0.9-ee
  
  e8824bdb
- Update changelog for 14.0.9 · a319d9af
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  a319d9af
- Update Gitaly version to 14.0.9 · 64110f37
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  64110f37
Aug 30, 2021
- Merge branch 'security-327062-jira-ns-perms-14-0' into '14-0-stable-ee' · 1f59dc87
  GitLab Release Tools Bot authored 3 years ago
  
  Enforce Jira namespace permissions See merge request gitlab-org/security/gitlab!1647
  1f59dc87
- Merge branch 'security-327062-jira-connect-app-conditions-14-0' into '14-0-stable-ee' · b699250a
  GitLab Release Tools Bot authored 3 years ago
  
  Prevent non-admins from configuring Jira connect app See merge request gitlab-org/security/gitlab!1643
  b699250a
- Merge branch 'security-330561-apollo-upload-server-update-14-0' into '14-0-stable-ee' · d4fa49a2
  GitLab Release Tools Bot authored 3 years ago
  
  Update apollo_upload_server dependency See merge request gitlab-org/security/gitlab!1701
  d4fa49a2
- Merge branch 'security-import-export-public-email-14-0' into '14-0-stable-ee' · d31fe73f
  GitLab Release Tools Bot authored 3 years ago
  
  Update Import/Export to use public email when mapping users See merge request gitlab-org/security/gitlab!1654
  d31fe73f
- Merge branch... · 7d478506
  GitLab Release Tools Bot authored 3 years ago
  
  Merge branch 'security-fix-private-instance-keys-endpoint-access-backport-14-0' into '14-0-stable-ee' Require sign in for .keys endpoint on non-public instances See merge request gitlab-org/security/gitlab!1659
  7d478506
- Merge branch... · f9bc761f
  GitLab Release Tools Bot authored 3 years ago
  
  Merge branch 'security-fix-privelege-escalation-from-external-to-internal-14-0' into '14-0-stable-ee' Inherit user external status while creating project bots See merge request gitlab-org/security/gitlab!1666
  f9bc761f
- Merge branch 'security-fix-stored-xss-jira-issue-details-page-14.0' into '14-0-stable-ee' · 150eb232
  GitLab Release Tools Bot authored 3 years ago
  
  Fix stored XSS in the Jira issue detail pages See merge request gitlab-org/security/gitlab!1663
  150eb232
- Merge branch 'security-fix-design-pattern-14-0' into '14-0-stable-ee' · 910e3583
  GitLab Release Tools Bot authored 3 years ago
  
  Make design filename pattern stricter See merge request gitlab-org/security/gitlab!1623
  910e3583
- Merge branch 'security-fix-datadog-api-keys-url-xss-14-0' into '14-0-stable-ee' · 860452c0
  GitLab Release Tools Bot authored 3 years ago
  
  Fix stored XSS vulnerability in Datadog settings form See merge request gitlab-org/security/gitlab!1672
  860452c0
- Merge branch 'security-dblessing_shared_group_member_project_access-14-0' into '14-0-stable-ee' · 9e44291f
  GitLab Release Tools Bot authored 3 years ago
  
  Ensure shared group members lose project access after group deletion See merge request gitlab-org/security/gitlab!1685
  9e44291f
Aug 25, 2021
- Update apollo_upload_server dependency · ced741d9
  Alexis Kalderimis authored 3 years ago
  
  This enables us to make use of `strict_mode`, preventing denial of service attacks. Changelog: security
  ced741d9
- Update VERSION files · 87e52923
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v14.0.8-ee v14.0.8-ee
  
  87e52923
- Update changelog for 14.0.8 · 8cb83fd7
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  8cb83fd7
- Update Gitaly version to 14.0.8 · e1e6d3a6
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  e1e6d3a6
- Merge branch '14-0-stable-ee-patch-8' into '14-0-stable-ee' · 76c296dd
  Robert Speicher authored 3 years ago
  
  Prepare 14.0.8-ee release See merge request gitlab-org/gitlab!68761
  76c296dd
- Merge branch 'rp/fix-spec' into '14-0-stable-ee-patch-8' · a2e29440
  Reuben Pereira authored 3 years ago
  
  Backport fix for flaky spec to 14.0 See merge request gitlab-org/gitlab!68959
  a2e29440
- Backport fix for flaky spec to 14.0 · 3da3ff6c
  Reuben Pereira authored 3 years ago
  
  Taken from https://gitlab.com/gitlab-org/gitlab/-/merge_requests/65153.
  3da3ff6c
- Merge branch '338231-fix-geo-removal-logic-patch' into '14-0-stable-ee-patch-8' · 2c9f14a7
  Reuben Pereira authored 3 years ago
  
  Geo 2.0 Regression - Add ability to remove primary See merge request gitlab-org/gitlab!68867
  2c9f14a7
- Geo 2.0 Regression - Add ability to remove primary · fe2ca005
  Zack Cuddy authored 3 years ago
  
  fe2ca005
- Merge branch 'mk-backport-fix-missing-sidekiq-metrics' into '14-0-stable-ee-patch-8' · eabd9f3d
  Reuben Pereira authored 3 years ago
  
  Backport: Fix Sidekiq workers delete each other's metrics See merge request gitlab-org/gitlab!68771
  eabd9f3d
Aug 23, 2021

Ensure shared group members lose project access after group deletion · 3a41f4e2

Drew Blessing authored 3 years ago

When a group is invited to shared access with a project, and the
group is later deleted, this change ensures the members
of the group no longer have access to the project.

Changelog: security

Unverified

3a41f4e2

Fix: Sidekiq workers delete each other's metrics · 98a85fcb

Matthias Käppler authored 3 years ago

When we moved the logic that wipes the Prometheus metrics
dir out of the Rackup file and into the initializer, all
Sidekiq workers would call this and potentially enter a
race condition where they deleted each other's database
files.

Changelog: fixed

98a85fcb

Resolve "operator does not exist: integer[] || bigint in... · 273cc43f

Mark Chao authored 3 years ago and

GitLab Release Tools Bot committed 3 years ago

Resolve "operator does not exist: integer[] || bigint in app/models/namespace/traversal_hierarchy.rb"

See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/67288

Changelog: changed

273cc43f

Revert backfill on ci_build_trace_sections · 10a5ad9d
Andreas Brandl authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
```
See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66627

Changelog: other
```
10a5ad9d

Aug 19, 2021

Fix stored XSS vulnerability in Datadog settings form · 269e5bf9

Markus Koller authored 3 years ago

Previously we generated the URL for the link in the help text based on
the user-submitted value in `datadog_site`, which caused a stored XSS
vulnerability.

This was accidentally fixed with the HTML-escaping we added in
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66391 while
improving the help texts for this integration.

But this still leaves some room for exploitation by changing the URL
of a seemingly-trusted link, so instead we just hard-code the default
link to the documentation on docs.datadoghq.com, and remove the custom
link which goes directly to the user's API settings.

Changelog: security

Unverified

269e5bf9

Aug 18, 2021
- Inherit user external status while creating project bots · 5bae4e53
  pshutsin authored 3 years ago
  
  Project bots should be external if created by external user Changelog: security
  5bae4e53
Aug 13, 2021
- Escape issue reference and title for Jira issues · 0397f2b3
  Tom Quirk authored 3 years ago
  
  Changelog: security EE: true
  0397f2b3
Aug 12, 2021

Require sign in for .keys endpoint on non-public instances · 13a7f600

pshutsin authored 3 years ago

To make the behavior of /username.keys endpoint
with /api/v4/users/:id/keys endpoint

Changelog: security

13a7f600

Aug 10, 2021
- Update Import/Export to use public email when mapping users · f3d1b800
  George Koltsov authored 3 years ago
  
  Changelog: security EE: true
  f3d1b800
Aug 03, 2021
- Merge remote-tracking branch 'dev/14-0-stable-ee' into 14-0-stable-ee · bcf7bc50
  GitLab Release Tools Bot authored 3 years ago
  
  bcf7bc50
- Only create jira connect NS subscriptions for admins · 34bdcd45
  Alexis Kalderimis authored 3 years ago
  
  This prevents non-admins from creating Jira Connect namespace subscriptions. This additional check is controlled by a new ops feature flag (`jira_connect_require_site_admins`) so that it can be disabled for self-hosted installations if required. Changelog: security
  34bdcd45
- Prevent non-admins from configuring Jira connect app · 4af69224
  Alexis Kalderimis authored 3 years ago
  
  Changelog: security
  4af69224
- Update VERSION files · 2124823b
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v14.0.7-ee v14.0.7-ee
  
  2124823b
- Update changelog for 14.0.7 · c9a944d6
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  c9a944d6
- Update Gitaly version to 14.0.7 · 9dcfedd6
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  9dcfedd6
- Merge branch 'security-validate-project-members-14-0' into '14-0-stable-ee' · b7d2dd14
  GitLab Release Tools Bot authored 3 years ago
  
  Don't allow to add users to project with email different than group sett See merge request gitlab-org/security/gitlab!1563
  b7d2dd14
- Merge branch 'security-nfriend-hide-project-ci-cd-analytics-for-guests-14-0' into '14-0-stable-ee' · b42cfb6b
  Henri Philipps authored 3 years ago
  
  Hide project-level CI/CD Analytics page for Guest users See merge request gitlab-org/security/gitlab!1574
  b42cfb6b

Admin message

Admin message