Commits · v14.0.8-ee · Peter Leitzen / GitLab

Aug 25, 2021
- Update VERSION files · 87e52923
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v14.0.8-ee v14.0.8-ee
  
  87e52923
- Update changelog for 14.0.8 · 8cb83fd7
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  8cb83fd7
- Update Gitaly version to 14.0.8 · e1e6d3a6
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  e1e6d3a6
- Merge branch '14-0-stable-ee-patch-8' into '14-0-stable-ee' · 76c296dd
  Robert Speicher authored 3 years ago
  
  Prepare 14.0.8-ee release See merge request gitlab-org/gitlab!68761
  76c296dd
- Merge branch 'rp/fix-spec' into '14-0-stable-ee-patch-8' · a2e29440
  Reuben Pereira authored 3 years ago
  
  Backport fix for flaky spec to 14.0 See merge request gitlab-org/gitlab!68959
  a2e29440
- Backport fix for flaky spec to 14.0 · 3da3ff6c
  Reuben Pereira authored 3 years ago
  
  Taken from https://gitlab.com/gitlab-org/gitlab/-/merge_requests/65153.
  3da3ff6c
- Merge branch '338231-fix-geo-removal-logic-patch' into '14-0-stable-ee-patch-8' · 2c9f14a7
  Reuben Pereira authored 3 years ago
  
  Geo 2.0 Regression - Add ability to remove primary See merge request gitlab-org/gitlab!68867
  2c9f14a7
- Geo 2.0 Regression - Add ability to remove primary · fe2ca005
  Zack Cuddy authored 3 years ago
  
  fe2ca005
- Merge branch 'mk-backport-fix-missing-sidekiq-metrics' into '14-0-stable-ee-patch-8' · eabd9f3d
  Reuben Pereira authored 3 years ago
  
  Backport: Fix Sidekiq workers delete each other's metrics See merge request gitlab-org/gitlab!68771
  eabd9f3d
Aug 23, 2021

Fix: Sidekiq workers delete each other's metrics · 98a85fcb

When we moved the logic that wipes the Prometheus metrics
dir out of the Rackup file and into the initializer, all
Sidekiq workers would call this and potentially enter a
race condition where they deleted each other's database
files.

Changelog: fixed

98a85fcb

Resolve "operator does not exist: integer[] || bigint in... · 273cc43f

Mark Chao authored 3 years ago and

GitLab Release Tools Bot committed 3 years ago

Resolve "operator does not exist: integer[] || bigint in app/models/namespace/traversal_hierarchy.rb"

See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/67288

Changelog: changed

273cc43f

Revert backfill on ci_build_trace_sections · 10a5ad9d
Andreas Brandl authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
```
See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66627

Changelog: other
```
10a5ad9d

Aug 03, 2021
- Merge remote-tracking branch 'dev/14-0-stable-ee' into 14-0-stable-ee · bcf7bc50
  GitLab Release Tools Bot authored 3 years ago
  
  bcf7bc50
- Update VERSION files · 2124823b
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v14.0.7-ee v14.0.7-ee
  
  2124823b
- Update changelog for 14.0.7 · c9a944d6
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  c9a944d6
- Update Gitaly version to 14.0.7 · 9dcfedd6
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  9dcfedd6
- Merge branch 'security-validate-project-members-14-0' into '14-0-stable-ee' · b7d2dd14
  GitLab Release Tools Bot authored 3 years ago
  
  Don't allow to add users to project with email different than group sett See merge request gitlab-org/security/gitlab!1563
  b7d2dd14
- Merge branch 'security-nfriend-hide-project-ci-cd-analytics-for-guests-14-0' into '14-0-stable-ee' · b42cfb6b
  Henri Philipps authored 3 years ago
  
  Hide project-level CI/CD Analytics page for Guest users See merge request gitlab-org/security/gitlab!1574
  b42cfb6b
- Merge branch... · fc211098
  GitLab Release Tools Bot authored 3 years ago
  
  Merge branch 'security-not-allow-to-impersonate-tokens-while-impersonation-is-off-14-0' into '14-0-stable-ee' Block pushing with impersonation token if impersonation is disabled See merge request gitlab-org/security/gitlab!1584
  fc211098
- Add project member validation for domain limitation · f9a0e781
  mksionek authored 3 years ago
  
  Changelog: security
  f9a0e781
Aug 02, 2021
- Hide project-level CI/CD Analytics for Guests · 56a17ae8
  Nathan Friend authored 3 years ago
  
  This commit updates the project-level CI/CD Analytics page to not be accessible by Guest users of private projects. Changelog: security
  Unverified
  
  56a17ae8
- Merge branch 'security-jivanvl-fix-pipeline-show-page-permissions-14-0' into '14-0-stable-ee' · 6995cbec
  GitLab Release Tools Bot authored 3 years ago
  
  Add permissions check to pipelines#show action See merge request gitlab-org/security/gitlab!1613
  6995cbec
- Merge branch 'security-336301-let-only-guest-members-edit-metadata-14-0' into '14-0-stable-ee' · 8f7070d8
  GitLab Release Tools Bot authored 3 years ago
  
  Disallow non-members to set issue metadata on issue create See merge request gitlab-org/security/gitlab!1581
  8f7070d8
- Merge branch 'security-email-invite-error-message-14-0' into '14-0-stable-ee' · 80fbb12b
  GitLab Release Tools Bot authored 3 years ago
  
  Do not show email address in error message See merge request gitlab-org/security/gitlab!1597
  80fbb12b
- Merge branch 'security-300265-14-0' into '14-0-stable-ee' · c8e20a49
  GitLab Release Tools Bot authored 3 years ago
  
  Misleading username could lead to impersonation in using SSH Certificates See merge request gitlab-org/security/gitlab!1610
  c8e20a49
- Merge branch 'security-impersonation-tokens-listed-14-0' into '14-0-stable-ee' · c0a09f97
  GitLab Release Tools Bot authored 3 years ago
  
  Remove impersonation token from api response for non-admin user See merge request gitlab-org/security/gitlab!1566
  c0a09f97
- Merge branch 'security-security_dblessing_invite_link_any_email-14-0' into '14-0-stable-ee' · 5273a0ca
  GitLab Release Tools Bot authored 3 years ago
  
  Only allow invite to be accepted by user with matching email See merge request gitlab-org/security/gitlab!1633
  5273a0ca
- Merge branch 'security-djadmin-branch-name-xss-14-0' into '14-0-stable-ee' · 2e2dcdc7
  Robert Speicher authored 3 years ago
  
  Add html escaping for default branch name See merge request gitlab-org/security/gitlab!1631
  2e2dcdc7
- Merge branch 'security-security_dblessing_omniauth_logging-14-0' into '14-0-stable-ee' · 935f6c53
  GitLab Release Tools Bot authored 3 years ago
  
  Configure OmniAuth to use GitLab AppLogger See merge request gitlab-org/security/gitlab!1616
  935f6c53
- Merge branch... · 4c2d8836
  GitLab Release Tools Bot authored 3 years ago
  
  Merge branch 'security-prevent-guests-from-creating-issues-with-sentry-error-14-0' into '14-0-stable-ee' Prevent Guest users from creating issues linked to Sentry errors See merge request gitlab-org/security/gitlab!1588
  4c2d8836
- Merge branch 'security-oauth-0-5-6-14-0' into '14-0-stable-ee' · b14bf78e
  GitLab Release Tools Bot authored 3 years ago
  
  Updates oauth to 0.5.6 See merge request gitlab-org/security/gitlab!1568
  b14bf78e
- Merge branch 'security-fix-protected-environment-access-cleanup-14-0' into '14-0-stable-ee' · c6d41337
  GitLab Release Tools Bot authored 3 years ago
  
  Unauthorized User Can Trigger Deployment to the Protected Environment See merge request gitlab-org/security/gitlab!1607
  c6d41337
- Merge branch 'security-fix-tag-ref-detection-14-0' into '14-0-stable-ee' · 9f41d302
  GitLab Release Tools Bot authored 3 years ago
  
  Fix tag ref detection for pipelines See merge request gitlab-org/security/gitlab!1548
  9f41d302
- Merge branch 'security_299039_restrict_access_for_reporter_and_below_14_0' into '14-0-stable-ee' · 76376a04
  GitLab Release Tools Bot authored 3 years ago
  
  Restrict access to instance-level security features for reporters See merge request gitlab-org/security/gitlab!1539
  76376a04
- Merge branch 'security/sh-mermaid-avoid-html-injection-13-10' into '14-0-stable-ee' · 01201e9a
  GitLab Release Tools Bot authored 3 years ago
  
  [14.0] Fix XSS in Mermaid Markdown rendering See merge request gitlab-org/security/gitlab!1489
  01201e9a
- Merge branch 'security-282445-read-todo-target-14-0' into '14-0-stable-ee' · 7134865f
  GitLab Release Tools Bot authored 3 years ago
  
  Filter todos whose target users no longer have access to [RUN AS-IF-FOSS] See merge request gitlab-org/security/gitlab!1554
  7134865f
Jul 30, 2021

Only allow invite to be accepted by user with matching email · a79d0e6d

Drew Blessing authored 3 years ago

Previously, any user was able to accept an invite even if the
user's email addresses didn't match the invite. A note was
displayed but the invite could still be accepted. With this
change, a user without a matching, confirmed email address
is unable to accept the invite.

Changelog: security

Unverified

a79d0e6d

Add html escaping for default branch name · d26f0c4d

Dheeraj Joshi authored 3 years ago

This escapes html chars for default branch
name value in initializing repository instructions

This is to prevent XSS vulnerability

Changelog: security

d26f0c4d

Jul 28, 2021

Configure OmniAuth to use GitLab AppLogger · dfcff90c

Drew Blessing authored 3 years ago

OmniAuth logger was not being configured properly and some logs
were being dropped. This change ensures OmniAuth log messages
are output to `application.log` and/or `application_json.log`
as appropriate depending on configuration.

Fix Group SAML Spec order dependency

Change `allow/expect_any_instance_of` to
`allow/expect_next_instance_of` to avoid leaking state from other
tests.

Changelog: security

Unverified

dfcff90c

Jul 27, 2021

Add permissions check to pipelines#show action · c611a815

Jose Ivan Vargas Lopez authored 3 years ago

This check renders a 404 in case the user trying
to access the pipeline details page doesn't have enough
permissions

Changelog: security

c611a815

Admin message

Admin message