Commits · v14.1.4-ee · Peter Leitzen / GitLab

Aug 31, 2021
- Update VERSION files · 467d2cb7
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v14.1.4-ee v14.1.4-ee
  
  467d2cb7
- Update changelog for 14.1.4 · 08f8018d
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  08f8018d
- Update Gitaly version to 14.1.4 · 87e71e73
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  87e71e73
Aug 30, 2021
- Merge branch 'security-327062-jira-ns-perms-14-1' into '14-1-stable-ee' · 7faa7f2e
  GitLab Release Tools Bot authored 3 years ago
  
  Enforce Jira namespace permissions See merge request gitlab-org/security/gitlab!1648
  7faa7f2e
- Merge branch 'security-327062-jira-connect-app-conditions-14-1' into '14-1-stable-ee' · ce645f43
  GitLab Release Tools Bot authored 3 years ago
  
  Prevent non-admins from configuring Jira connect app See merge request gitlab-org/security/gitlab!1644
  ce645f43
- Merge branch 'security-330561-apollo-upload-server-update-14-1' into '14-1-stable-ee' · a0aa5dce
  GitLab Release Tools Bot authored 3 years ago
  
  Update apollo_upload_server dependency See merge request gitlab-org/security/gitlab!1700
  a0aa5dce
- Merge branch 'security-import-export-public-email-14-1' into '14-1-stable-ee' · 16481560
  GitLab Release Tools Bot authored 3 years ago
  
  Update Import/Export to use public email when mapping users See merge request gitlab-org/security/gitlab!1655
  16481560
- Update Import/Export to use public email when mapping users · 9acb09e7
  George Koltsov authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  9acb09e7
- Merge branch... · e90b6f20
  GitLab Release Tools Bot authored 3 years ago
  
  Merge branch 'security-fix-private-instance-keys-endpoint-access-backport-14-1' into '14-1-stable-ee' Require sign in for .keys endpoint on non-public instances See merge request gitlab-org/security/gitlab!1658
  e90b6f20
- Merge branch... · 81bfa226
  GitLab Release Tools Bot authored 3 years ago
  
  Merge branch 'security-fix-privelege-escalation-from-external-to-internal-14-1' into '14-1-stable-ee' Inherit user external status while creating project bots See merge request gitlab-org/security/gitlab!1665
  81bfa226
- Merge branch 'security-fix-stored-xss-jira-issue-details-page-14.1' into '14-1-stable-ee' · 51abfba7
  GitLab Release Tools Bot authored 3 years ago
  
  Fix stored XSS in the Jira issue detail pages See merge request gitlab-org/security/gitlab!1662
  51abfba7
- Merge branch 'security-fix-design-pattern-14-1' into '14-1-stable-ee' · 67f10bf3
  GitLab Release Tools Bot authored 3 years ago
  
  Make design filename pattern stricter See merge request gitlab-org/security/gitlab!1622
  67f10bf3
- Merge branch 'security-fix-datadog-api-keys-url-xss-14-1' into '14-1-stable-ee' · 9efe89ec
  GitLab Release Tools Bot authored 3 years ago
  
  Fix stored XSS vulnerability in Datadog settings form See merge request gitlab-org/security/gitlab!1671
  9efe89ec
- Merge branch 'security-dblessing_shared_group_member_project_access-14-1' into '14-1-stable-ee' · 0cd7e98c
  GitLab Release Tools Bot authored 3 years ago
  
  Ensure shared group members lose project access after group deletion See merge request gitlab-org/security/gitlab!1684
  0cd7e98c
Aug 25, 2021

Update apollo_upload_server dependency · 34e7e3b7

This enables us to make use of `strict_mode`, preventing denial of
service attacks.

Changelog: security

34e7e3b7

Aug 23, 2021

Ensure shared group members lose project access after group deletion · 4a7b8203

Drew Blessing authored 3 years ago

When a group is invited to shared access with a project, and the
group is later deleted, this change ensures the members
of the group no longer have access to the project.

Changelog: security

Unverified

4a7b8203

Aug 19, 2021

Fix stored XSS vulnerability in Datadog settings form · 0906814a

Markus Koller authored 3 years ago

Previously we generated the URL for the link in the help text based on
the user-submitted value in `datadog_site`, which caused a stored XSS
vulnerability.

This was accidentally fixed with the HTML-escaping we added in
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66391 while
improving the help texts for this integration.

But this still leaves some room for exploitation by changing the URL
of a seemingly-trusted link, so instead we just hard-code the default
link to the documentation on docs.datadoghq.com, and remove the custom
link which goes directly to the user's API settings.

Changelog: security

Unverified

0906814a

Aug 18, 2021
- Inherit user external status while creating project bots · d5a26c41
  pshutsin authored 3 years ago
  
  Project bots should be external if created by external user Changelog: security
  d5a26c41
Aug 17, 2021
- Update VERSION files · 77e6fa75
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v14.1.3-ee v14.1.3-ee
  
  77e6fa75
- Update changelog for 14.1.3 · 97862e4e
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  97862e4e
- Update Gitaly version to 14.1.3 · b6d37eb4
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  b6d37eb4
- Merge branch '14-1-stable-ee-patch-3' into '14-1-stable-ee' · 86304aea
  Robert Speicher authored 3 years ago
  
  Prepare 14.1.3-ee release See merge request gitlab-org/gitlab!68383
  86304aea
- Geo 2.0 Regression - Add ability to remove primary · 1635f3d0
  Andrew Fontaine authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68005 Changelog: fixed EE: true
  1635f3d0
- Resolve "operator does not exist: integer[] || bigint in... · 99e6457b
  Mark Chao authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  Resolve "operator does not exist: integer[] || bigint in app/models/namespace/traversal_hierarchy.rb" See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/67288 Changelog: changed
  99e6457b
- Merge branch 'ash2k/kas-14.1.1' into 'master' · 82cd2adc
  Thong Kuah authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  Bump kas to v14.1.1 See merge request gitlab-org/gitlab!66806 (cherry picked from commit 5651fc98) b7a2bbf8 Bump kas to v14.1.1
  82cd2adc
- [RUN AS-IF-FOSS] AS Fix SAML SSO login redirects not working · 7b551e3d
  Imre (Admin) authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
  
  See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66791 Changelog: fixed EE: true
  7b551e3d
- Merge branch 'selhorn-patch-14-1' into '14-1-stable-ee' · 834ad265
  Robert Speicher authored 3 years ago
  
  Updating docs to fix UI link See merge request gitlab-org/gitlab!67732
  834ad265
Aug 13, 2021
- Escape issue reference and title for Jira issues · 4153444b
  Tom Quirk authored 3 years ago
  
  Changelog: security EE: true
  4153444b
Aug 12, 2021

Require sign in for .keys endpoint on non-public instances · b090b3f6

pshutsin authored 3 years ago

To make the behavior of /username.keys endpoint
with /api/v4/users/:id/keys endpoint

Changelog: security

b090b3f6

Aug 09, 2021

Updating docs to fix UI link · 525e444d

Suzanne Selhorn authored 3 years ago

The docs were not updated in time for 14.1
and so the UI help link does not work properly.
This MR fixes that issue.
https://gitlab.com/gitlab-org/gitlab/-/issues/337876

525e444d

Aug 03, 2021
- Merge remote-tracking branch 'dev/14-1-stable-ee' into 14-1-stable-ee · ae3bef82
  GitLab Release Tools Bot authored 3 years ago
  
  ae3bef82
- Only create jira connect NS subscriptions for admins · 3f2040c0
  Alexis Kalderimis authored 3 years ago
  
  This prevents non-admins from creating Jira Connect namespace subscriptions. This additional check is controlled by a new ops feature flag (`jira_connect_require_site_admins`) so that it can be disabled for self-hosted installations if required. Changelog: security
  3f2040c0
- Prevent non-admins from configuring Jira connect app · fa864c0a
  Alexis Kalderimis authored 3 years ago
  
  Changelog: security
  fa864c0a
- Update VERSION files · 0bf9b154
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v14.1.2-ee v14.1.2-ee
  
  0bf9b154
- Update changelog for 14.1.2 · 79bbec00
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  79bbec00
- Update Gitaly version to 14.1.2 · fbdc9137
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  fbdc9137
- Merge branch 'security-validate-project-members-14-1' into '14-1-stable-ee' · 6024b648
  GitLab Release Tools Bot authored 3 years ago
  
  Don't allow to add users to project with email different than group sett See merge request gitlab-org/security/gitlab!1564
  6024b648
- Merge branch 'security-nfriend-hide-project-ci-cd-analytics-for-guests-14-1' into '14-1-stable-ee' · a4a62de2
  Henri Philipps authored 3 years ago
  
  Hide project-level CI/CD Analytics page for Guest users See merge request gitlab-org/security/gitlab!1600
  a4a62de2
- Merge branch... · e299beb1
  GitLab Release Tools Bot authored 3 years ago
  
  Merge branch 'security-not-allow-to-impersonate-tokens-while-impersonation-is-off-14-1' into '14-1-stable-ee' Block pushing with impersonation token if impersonation is disabled See merge request gitlab-org/security/gitlab!1583
  e299beb1
- Add project member validation for domain limitation · d17016dd
  mksionek authored 3 years ago
  
  Changelog: security
  d17016dd

Admin message

Admin message