Commits · v14.2.2-ee · Peter Leitzen / GitLab

Aug 31, 2021
- Update VERSION files · 406469ce
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v14.2.2-ee v14.2.2-ee
  
  406469ce
- Update changelog for 14.2.2 · ca84263a
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  ca84263a
- Update Gitaly version to 14.2.2 · 53761209
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  53761209
Aug 30, 2021
- Merge branch 'security-327062-jira-ns-perms-14-2' into '14-2-stable-ee' · 5cffa60d
  GitLab Release Tools Bot authored 3 years ago
  
  Enforce Jira namespace permissions See merge request gitlab-org/security/gitlab!1698
  5cffa60d
- Merge branch 'security-327062-jira-connect-app-conditions-14-2' into '14-2-stable-ee' · 2f4ab208
  GitLab Release Tools Bot authored 3 years ago
  
  Prevent non-admins from configuring Jira connect app See merge request gitlab-org/security/gitlab!1697
  2f4ab208
- Prevent non-admins from configuring Jira connect app · 1bc56361
  Alexis Kalderimis authored 3 years ago
  
  Changelog: security
  1bc56361
- Only create jira connect NS subscriptions for admins · c160da2c
  Alexis Kalderimis authored 3 years ago
  
  This prevents non-admins from creating Jira Connect namespace subscriptions. This additional check is controlled by a new ops feature flag (`jira_connect_require_site_admins`) so that it can be disabled for self-hosted installations if required. Changelog: security
  c160da2c
- Merge branch 'security-330561-apollo-upload-server-update-14-2' into '14-2-stable-ee' · 36607e44
  GitLab Release Tools Bot authored 3 years ago
  
  Update apollo_upload_server dependency See merge request gitlab-org/security/gitlab!1699
  36607e44
- Merge branch 'security-import-export-public-email-14-2' into '14-2-stable-ee' · 423069d3
  GitLab Release Tools Bot authored 3 years ago
  
  Update Import/Export to use public email when mapping users See merge request gitlab-org/security/gitlab!1669
  423069d3
- Merge branch 'security-fix-private-instance-keys-endpoint-access-14-2' into '14-2-stable-ee' · a30fd5d2
  GitLab Release Tools Bot authored 3 years ago
  
  Require sign in for .keys endpoint on non-public instances See merge request gitlab-org/security/gitlab!1676
  a30fd5d2
- Merge branch... · 24ce9346
  GitLab Release Tools Bot authored 3 years ago
  
  Merge branch 'security-fix-privelege-escalation-from-external-to-internal-14-2' into '14-2-stable-ee' Inherit user external status while creating project bots See merge request gitlab-org/security/gitlab!1675
  24ce9346
- Merge branch 'security-fix-design-pattern-14-2' into '14-2-stable-ee' · 2f8bf1fa
  GitLab Release Tools Bot authored 3 years ago
  
  Make design filename pattern stricter See merge request gitlab-org/security/gitlab!1680
  2f8bf1fa
- Merge branch 'security-fix-stored-xss-jira-issue-details-page-14-2' into '14-2-stable-ee' · bcc7fe60
  GitLab Release Tools Bot authored 3 years ago
  
  Fix stored XSS in the Jira issue detail pages See merge request gitlab-org/security/gitlab!1673
  bcc7fe60
- Merge branch 'security-fix-datadog-api-keys-url-xss-14-2' into '14-2-stable-ee' · 7e88b91a
  GitLab Release Tools Bot authored 3 years ago
  
  Fix stored XSS vulnerability in Datadog settings form See merge request gitlab-org/security/gitlab!1670
  7e88b91a
- Merge branch 'security-dblessing_shared_group_member_project_access-14-2' into '14-2-stable-ee' · 6323ff4e
  GitLab Release Tools Bot authored 3 years ago
  
  Ensure shared group members lose project access after group deletion See merge request gitlab-org/security/gitlab!1683
  6323ff4e
Aug 25, 2021

Update apollo_upload_server dependency · 5ef659b8

This enables us to make use of `strict_mode`, preventing denial of
service attacks.

Changelog: security

5ef659b8

Aug 23, 2021

Ensure shared group members lose project access after group deletion · c94e9342

Drew Blessing authored 3 years ago

When a group is invited to shared access with a project, and the
group is later deleted, this change ensures the members
of the group no longer have access to the project.

Changelog: security

Unverified

c94e9342

Update VERSION files · 018e6242
GitLab Release Tools Bot authored 3 years ago
```
[merge-train skip]
```
View commits for tag v14.2.1-ee v14.2.1-ee

018e6242
Update changelog for 14.2.1 · 8f28fde5
GitLab Release Tools Bot authored 3 years ago
```
[ci skip]
```
8f28fde5
Update Gitaly version to 14.2.1 · 5c441e49
GitLab Release Tools Bot authored 3 years ago
```
[ci skip]
```
5c441e49
Merge branch '14-2-stable-ee-patch-1' into '14-2-stable-ee' · 748716bf
Henri Philipps authored 3 years ago
```
Prepare 14.2.1-ee release

See merge request gitlab-org/gitlab!68723
```
748716bf
Drop un-used db/ci_migrate symlink · 11543116
Tiger Watson authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
```
See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68710

Changelog: fixed
```
11543116

Merge branch 'svedova-fix-get-action' into 'master' · ae5f1c14

Paul Slaughter authored 3 years ago and

GitLab Release Tools Bot committed 3 years ago

Fix getAction is undefined bug

See merge request gitlab-org/gitlab!68583

(cherry picked from commit 68a1bbf8)

e2c3e429 Fix getAction is undefined bug
17ee120d Apply code review suggestions
83aced3a Remove unused constant
f00c004c Apply 2 suggestion(s) to 1 file(s)

ae5f1c14

Reorder vuln check criteria · 9bbb20db
Savas Vedova authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
```
See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68503

Changelog: changed
EE: true
```
9bbb20db
Don't override vulnerability feedback UUID anymore · 5f8372fb
Saikat Sarkar authored 3 years ago and GitLab Release Tools Bot committed 3 years ago
```
See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68313

Changelog: changed
EE: true
```
5f8372fb

Merge branch 'craig-gomes-master-patch-13964' into 'master' · 22b71021

Achilleas Pipinellis authored 3 years ago and

GitLab Release Tools Bot committed 3 years ago

Adding upgrade messaging for PK migrations

See merge request gitlab-org/gitlab!68088

(cherry picked from commit 5294ec47)

c4e15b8c Adding upgrade messaging for PK migrations
92504d7c Apply 1 suggestion(s) to 1 file(s)
ea7ce211 Apply 1 suggestion(s) to 1 file(s)
25aae5a8 Apply 1 suggestion(s) to 1 file(s)
43845e24 Apply 2 suggestion(s) to 1 file(s)

22b71021

Make design filename patter stricter · 8aef0498

Jan Provaznik authored 3 years ago

The pattern which detects possible design filenames should
be stricter to make sure that we don't match any special characters
or quoted strings which could lead to XSS.

Change: security

8aef0498

Aug 20, 2021
- Update Import/Export to use public email when mapping users · 13fb902c
  George Koltsov authored 3 years ago
  
  Changelog: security EE: true
  13fb902c
- Require sign in for .keys endpoint on non-public instances · 0979dd45
  pshutsin authored 3 years ago
  
  To make the behavior of /username.keys endpoint with /api/v4/users/:id/keys endpoint Changelog: security
  0979dd45
- Inherit user external status while creating project bots · 93062909
  pshutsin authored 3 years ago
  
  Project bots should be external if created by external user Changelog: security
  93062909
- Update VERSION files · 38bbb40b
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v14.2.0-ee v14.2.0-ee
  
  38bbb40b
- Update changelog for 14.2.0 · 8debb5a5
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  8debb5a5
- Update Gitaly version to 14.2.0 · f238f15f
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  f238f15f
Aug 19, 2021

Escape issue reference and title for Jira issues · d25ef859
Tom Quirk authored 3 years ago
```
Changelog: security
EE: true
```
Unverified

d25ef859

Fix stored XSS vulnerability in Datadog settings form · 23b98dac

Markus Koller authored 3 years ago

Previously we generated the URL for the link in the help text based on
the user-submitted value in `datadog_site`, which caused a stored XSS
vulnerability.

This was accidentally fixed with the HTML-escaping we added in
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66391 while
improving the help texts for this integration.

But this still leaves some room for exploitation by changing the URL
of a seemingly-trusted link, so instead we just hard-code the default
link to the documentation on docs.datadoghq.com, and remove the custom
link which goes directly to the user's API settings.

Changelog: security

Unverified

23b98dac

Update VERSION files · 7d809bd2
GitLab Release Tools Bot authored 3 years ago
```
[merge-train skip]
```
View commits for tag v14.2.0-rc42-ee v14.2.0-rc42-ee

7d809bd2
Merge branch '338729-use-upsert-for-storing-mentions' into 'master' · a14946fd
Stan Hu authored 3 years ago
```
Use UPSERT when storing user mentions

See merge request gitlab-org/gitlab!68433
```
a14946fd
Merge branch 'sk/33415-scheduled-secret-detection' into 'master' · 6791a6bf
James Fargher authored 3 years ago
```
Scheduled secret detection scan for security policy

See merge request gitlab-org/gitlab!67752
```
6791a6bf
Scheduled secret detection scan for security policy · 394a3e49
Sashi Kumar authored 3 years ago

394a3e49
Add store_mentions_without_subtransaction FF · 99acb6ae
Heinrich Lee Yu authored 3 years ago
```
Adds a feature flag to the optimization done for store_mentions!
```
Unverified

99acb6ae

Admin message

Admin message