Commit 1d287b31 authored by GitLab Bot's avatar GitLab Bot

Add latest changes from gitlab-org/gitlab@13-12-stable-ee

parent fdcb3d47
......@@ -48,9 +48,12 @@ module IntegrationsActions
private
# rubocop: disable Gitlab/ModuleWithInstanceVariables
def integration
@integration ||= find_or_initialize_non_project_specific_integration(params[:id])
@service ||= @integration # TODO: remove references to @service https://gitlab.com/gitlab-org/gitlab/-/issues/329759
end
# rubocop: enable Gitlab/ModuleWithInstanceVariables
def success_message
if integration.active?
......
- title: On-demand DAST GA launch
body: |
After months of work, we are pleased to announce that our on-demand DAST scanning has reached a General Availability (GA) maturity level. It is ready for usage by anyone who needs to scan an already-deployed application or API outside of a CI/CD pipeline job. With the 13.11 release, we added to on-demand DAST Site profiles the ability to specify authentication information, exclude URLs, add additional request headers, and switch between scanning web applications and APIs. This is in addition to the ability to save scans for quick reusability that was added in 13.9, and the ability to select the branch that a scan is associated with that was added in 13.10. We believe this feature set meets the needs of a majority of GitLab customers.
As we continue to add features, such as scan scheduling, we expect on-demand DAST scanning to cover an ever-increasing range of use cases. As always, we would love as much feedback about these features as possible. Please let us know how things are working for you by leaving a comment in [issue 327396](https://gitlab.com/gitlab-org/gitlab/-/issues/327396).
stage: secure
self-managed: true
gitlab-com: true
packages: [Ultimate]
url: https://docs.gitlab.com/ee/user/application_security/dast/#on-demand-scans
image_url: https://about.gitlab.com/images/13_12/dast_on_demand_auth.png
published_at: 2021-05-22
release: 13.12
- title: Filter Project Vulnerability Report by vendor name
body: |
GitLab strives to play well with others and security is no exception. We provide many security scanners as part of our Secure offering. We also encourage 3rd party vendors to [integrate their scanning tools](https://docs.gitlab.com/ee/development/integrations/secure.html) using our open API and data interchange formats. A benefit of using GitLab is managing vulnerabilities from multiple scanners in a unified experience. While you were already able to filter by scanner type (SAST, DAST), it wasn't possible to drill down by the tool provider.
You now have even more granularity when managing vulnerabilities with the new ability to filter by scanner and vendor. You can look at all results across a single vendor's scanners or gain confidence in findings from one scan type (e.g. SAST) that are confirmed by both GitLab and the 3rd party tool. The new filtering capability is available now in Project Vulnerability Reports.
stage: secure
self-managed: true
gitlab-com: true
packages: [Ultimate]
url: https://docs.gitlab.com/ee/user/application_security/security_dashboard/#vulnerability-report
image_url: https://about.gitlab.com/images/13_12/select_scanner_by_vendor.png
published_at: 2021-05-22
release: 13.12
- title: Lock latest pipeline artifact to prevent deletion
body: |
GitLab now automatically locks the latest artifact produced from a successful pipeline on any active branch, merge request, or tag to prevent it from being deleted based on expiration if it is still the most recent artifact.
This makes it easier to set a more aggressive expiration policy to clean up older artifacts, helps reduce disk space consumption, and ensures you have always got a copy of the latest artifact from your pipeline.
Pipeline artifacts, such as those used by the [test coverage visualization feature](https://docs.gitlab.com/ee/user/project/merge_requests/test_coverage_visualization.html), are not explicitly managed by the `.gitlab-ci.yml` definitions.
stage: verify
self-managed: true
gitlab-com: true
packages: [Free, Premium, Ultimate]
url: https://docs.gitlab.com/ee/ci/yaml/README.html#artifactsexpire_in
image_url: https://about.gitlab.com/images/growth/verify.png
published_at: 2021-05-22
release: 13.12
- title: Delete associated package files via API
body: |
You use the GitLab Package Registry to publish, install, and share your dependencies. You may do this using a variety of package manager formats, such as Maven or npm. If you do this as part of your CI workflow, you may publish many packages to your registry. When you publish a dependency, it generates several files including the package archive.
Prior to GitLab 13.12, GitLab didn't provide a way to delete the files from a package. You could only delete the package itself. These extra files can clutter the user interface or result in someone installing an incorrect or outdated dependency.
In GitLab 13.12, you can now use the Packages API to delete files related to a given package, as well as the package itself. You can easily integrate this new endpoint into your CI workflow and start removing old, unused files. To give you another option for managing your registry, future releases will add the ability to [delete such files through the user interface](https://gitlab.com/gitlab-org/gitlab/-/issues/13537).
stage: package
self-managed: true
gitlab-com: true
packages: [Free, Premium, Ultimate]
url: https://docs.gitlab.com/ee/api/packages.html#delete-a-package-file
image_url: https://about.gitlab.com/images/growth/package.png
published_at: 2021-05-22
release: 13.12
- title: Configuration tool for Secret Detection
body: |
Following in the footsteps of the [GitLab SAST configuration tool](https://docs.gitlab.com/ee/user/application_security/sast/index.html#configure-sast-in-the-ui) we are adding support for Secret Detection on the Security Configuration page. We believe that [security is a team effort](https://about.gitlab.com/direction/secure/#security-is-a-team-effort) and this configuration experience makes it easier for non-CI experts to get started with [GitLab Secret Detection](https://docs.gitlab.com/ee/user/application_security/secret_detection/). The tool helps a user create a merge request to enable Secret Detection scanning while leveraging best configuration practices like using the GitLab-managed [`SAST.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml). The Configuration tool can create a new `.gitlab-ci.yml` file if one does not exist or update existing simple GitLab CI files, allowing the tool to be used with projects that already have GitLab CI setup.
stage: secure
self-managed: true
gitlab-com: true
packages: [Free, Premium, Ultimate]
url: https://docs.gitlab.com/ee/user/application_security/configuration/
image_url: https://about.gitlab.com/images/13_12/secret_config_button_13_12.png
published_at: 2021-05-22
release: 13.12
- title: Code quality violation notices in MR diffs
body: |
During code reviews, you may have wanted to highlight Code Quality violations and how to resolve them. Previously, this involved having a browser window open to see the violations on the Merge Request summary and another window reviewing the changes in the MR or your IDE. You may have found switching between them too difficult and given up.
Now, you can see if the file you are reviewing has new code quality violations that are part of the changes right in the Merge Request diff view. This gives you the necessary context to suggest a fix as part of your normal workflow within GitLab without having to keep additional windows open and context switch back and forth between them.
stage: verify
self-managed: true
gitlab-com: true
packages: [Ultimate]
url: https://docs.gitlab.com/ee/user/project/merge_requests/code_quality.html#code-quality-in-diff-view
image_url: https://about.gitlab.com/images/13_12/code-quality-mr-diff-mvc.png
published_at: 2021-05-22
release: 13.12
- title: Group-level deployment frequency CI/CD chart
body: |
As part of our efforts to natively support [DORA4 metrics](https://docs.gitlab.com/ee/user/analytics/ci_cd_analytics.html#devops-research-and-assessment-dora-key-metrics) in GitLab, the group-level deployment frequency chart is now available. This chart will show the aggregated deployment frequency metrics for all the projects that are part of the group, and allow you to get a full picture of the deployment frequency across multiple projects and teams, so that you can comprehend their efficiency more accurately. Monitoring deployment frequency helps you understand the efficiency of your deployments over time, find bottlenecks, and focus on improvement areas that span across your projects and teams.
stage: Release
self-managed: true
gitlab-com: true
packages: [Ultimate]
url: https://docs.gitlab.com/ee/user/analytics/ci_cd_analytics.html#deployment-frequency-charts
image_url: https://about.gitlab.com/images/13_12/group_deployment_frequency.png
published_at: 2021-05-22
release: 13.12
- title: Enforce delayed project removal for all subgroups
body: |
Group owners can now enable and enforce [delayed project removal](https://docs.gitlab.com/ee/user/group/#enable-delayed-project-removal) for all subgroups and projects in their group. Delayed project removal protects your data by placing deleted projects in a read-only state after deletion and can be restored, if required. We plan to expand our settings model and allow more settings to be inherited and enforced in subgroups and projects in future milestones. Our new settings management model gives group owners a way to ensure that their subgroups and projects settings adhere to their organization's security and compliance needs.
stage: manage
self-managed: true
gitlab-com: true
packages: [Premium, Ultimate]
url: https://docs.gitlab.com/ee/user/group/#enable-delayed-project-removal
image_url: https://about.gitlab.com/images/13_12/mushakov_delayed_deletion.png
published_at: 2021-05-22
release: 13.12
- title: Mobile application binary scanning support
body: |
Since GitLab 13.6, we've offered [SAST for Android and iOS mobile projects](https://about.gitlab.com/releases/2020/10/22/gitlab-13-5-released/#sast-support-for-ios-and-android-mobile-apps). Initially our Mobile App SAST supported the automatic detection of Xcode projects and Android manifest files. With this release and contribution from community contributor [@proletarius101](https://gitlab.com/proletarius101), GitLab SAST now also supports the automatic detection of .ipa (iOS) and .apk (Android) binary files enabling the security scanning of fully built mobile application artifacts. This offers mobile teams more flexibility with how they build and scan their mobile projects with GitLab SAST for security vulnerabilities.
Please note that mobile application scanning is still an experimental feature and [requires enabling the experimental flag](https://docs.gitlab.com/ee/user/application_security/sast/#experimental-features) in your CI template. We will make the mobile application scanner generally available without this flag [in the near future](https://gitlab.com/groups/gitlab-org/-/epics/5977).
stage: secure
self-managed: true
gitlab-com: true
packages: [Free, Premium, Ultimate]
url: https://docs.gitlab.com/ee/user/application_security/sast/#supported-languages-and-frameworks
image_url: https://about.gitlab.com/images/growth/verify.png
published_at: 2021-05-22
release: 13.12
- title: Instance-level Federated Learning of Cohorts (FLoC) opt-in
body: |
[Federated Learning of Cohorts (FLoC)](https://en.wikipedia.org/wiki/Federated_Learning_of_Cohorts) is a new type of web tracking, intended to replace the use of third-party cookies. It does this by grouping users into cohorts based on their browsing history, for the primary purpose of interest-based advertising. FLoC is being activated in the Chrome browser in some regions.
With GitLab 13.12, FLoC will not incorporate GitLab browsing activity by default. If an instance administrator would like their users' GitLab instance usage to contribute to FLoC, they can re-enable in instance settings.
stage: enablement
self-managed: true
gitlab-com: true
packages: [Free, Premium, Ultimate]
url: https://docs.gitlab.com/ee/user/admin_area/settings/floc.html
image_url: https://about.gitlab.com/images/growth/enablement.png
published_at: 2021-05-22
release: 13.12
......@@ -722,18 +722,21 @@ Example response:
}
```
### Disabling the results limit
### Disable the results limit **(FREE SELF)**
The 100 results limit can be disabled if it breaks integrations developed using GitLab
12.4 and earlier.
The 100 results limit can break integrations developed using GitLab 12.4 and earlier.
To disable the limit while migrating to using the [list a group's projects](#list-a-groups-projects) endpoint, ask a GitLab administrator
with Rails console access to run the following command:
For GitLab 12.5 to GitLab 13.12, the limit can be disabled while migrating to using the
[list a group's projects](#list-a-groups-projects) endpoint.
Ask a GitLab administrator with Rails console access to run the following command:
```ruby
Feature.disable(:limit_projects_in_groups_api)
```
For GitLab 14.0 and later, the [limit cannot be disabled](https://gitlab.com/gitlab-org/gitlab/-/issues/257829).
## New group
Creates a new project group. Available only for users who can create groups.
......@@ -918,19 +921,21 @@ Example response:
}
```
### Disabling the results limit
### Disable the results limit **(FREE SELF)**
The 100 results limit can be disabled if it breaks integrations developed using GitLab
12.4 and earlier.
The 100 results limit can break integrations developed using GitLab 12.4 and earlier.
To disable the limit while migrating to using the
[list a group's projects](#list-a-groups-projects) endpoint, ask a GitLab administrator
with Rails console access to run the following command:
For GitLab 12.5 to GitLab 13.12, the limit can be disabled while migrating to using the
[list a group's projects](#list-a-groups-projects) endpoint.
Ask a GitLab administrator with Rails console access to run the following command:
```ruby
Feature.disable(:limit_projects_in_groups_api)
```
For GitLab 14.0 and later, the [limit cannot be disabled](https://gitlab.com/gitlab-org/gitlab/-/issues/257829).
### Options for `shared_runners_setting`
The `shared_runners_setting` attribute determines whether shared runners are enabled for a group's subgroups and projects.
......
......@@ -194,8 +194,10 @@ NOTE:
For a detailed flow diagram, see the [RFC specification](https://tools.ietf.org/html/rfc6749#section-4.2).
WARNING:
The Implicit grant flow is inherently insecure. The IETF plans to remove it in
[OAuth 2.1](https://oauth.net/2.1/).
Implicit grant flow is inherently insecure and the IETF has removed it in [OAuth 2.1](https://oauth.net/2.1/).
For this reason, [support for it is deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/288516).
In GitLab 14.0, new applications can't be created using it. In GitLab 14.4, support for it is
scheduled to be removed for existing applications.
We recommend that you use [Authorization code with PKCE](#authorization-code-with-proof-key-for-code-exchange-pkce) instead. If you choose to use Implicit flow, be sure to verify the
`application id` (or `client_id`) associated with the access token before granting
......
---
stage: none
group: unassigned
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
# Federated Learning of Cohorts (FLoC) **(FREE SELF)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/60933) in GitLab Free 13.12.
Federated Learning of Conhorts (FLoC) is a feature that the Chrome browser has
rolled out, where users are categorized into different cohorts, so that
advertisers can use this data to uniquely target and track users. For more
information, visit the [FLoC repository](https://github.com/WICG/floc).
To avoid users being tracked and categorized in any GitLab instance, FLoC is
disabled by default by sending the following header:
```plaintext
Permissions-Policy: interest-cohort=()
```
To enable it:
1. Go to the Admin Area (**{admin}**) and select **Settings > General**.
1. Expand **Federated Learning of Cohorts**.
1. Check the box.
1. Click **Save changes**.
<!-- ## Troubleshooting
Include any troubleshooting steps that you can foresee. If you know beforehand what issues
one might have when setting this up, or when something is changed, or on upgrading, it's
important to describe those, too. Think of things that may go wrong and include them here.
This is important to minimize requests for support, and to avoid doc comments with
questions that you know someone might ask.
Each scenario can be a third-level heading, e.g. `### Getting error message X`.
If you have none to add when creating a doc, leave this section in place
but commented out to help encourage others to add to it in the future. -->
......@@ -28,6 +28,7 @@ Access the default page for admin area settings by navigating to **Admin Area >
| [External Authentication](external_authorization.md#configuration) | External Classification Policy Authorization |
| [Web terminal](../../../administration/integration/terminal.md#limiting-websocket-connection-time) | Set max session time for web terminal. |
| [Web IDE](../../project/web_ide/index.md#enabling-live-preview) | Manage Web IDE Features. |
| [FLoC](floc.md) | Enable or disable [Federated Learning of Cohorts (FLoC)](https://en.wikipedia.org/wiki/Federated_Learning_of_Cohorts) tracking. |
## Integrations
......
......@@ -49,7 +49,7 @@ You can filter the vulnerabilities table by:
|:---------|:------------------|
| Status | Detected, Confirmed, Dismissed, Resolved. |
| Severity | Critical, High, Medium, Low, Info, Unknown. |
| Scanner | [Available scanners](../index.md#security-scanning-tools). |
| Scanner | For more details, see [Scanner filter](#scanner-filter). |
| Project | For more details, see [Project filter](#project-filter). |
| Activity | For more details, see [Activity filter](#activity-filter). |
......@@ -61,12 +61,27 @@ To filter the list of vulnerabilities:
1. Select values from the dropdown.
1. Repeat the above steps for each desired filter.
The vulnerability table is applied immediately. The vulnerability severity totals are also updated.
After each filter is selected:
- The list of matching vulnerabilities is updated.
- The vulnerability severity totals are updated.
The filters' criteria are combined to show only vulnerabilities matching all criteria.
An exception to this behavior is the Activity filter. For more details about how it works, see
[Activity filter](#activity-filter).
## Scanner filter
The scanner filter allows you to focus on vulnerabilities detected by selected scanners.
When using the scanner filter, you can choose:
- **All scanners** (default).
- Individual GitLab-provided scanners.
- Any integrated 3rd-party scanner. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/229661) in GitLab 13.12.
For details of each of the available scanners, see [Security scanning tools](../index.md#security-scanning-tools).
### Project filter
The content of the Project filter depends on the current level:
......@@ -89,8 +104,8 @@ Selection behavior when using the Activity filter:
| Activity selection | Results displayed |
|:------------------------------------|:------------------|
| All | Vulnerabilities with any Activity status (same as ignoring this filter). Selecting this will deselect any other Activity filter options. |
| No activity | Only vulnerabilities without either an associated Issue or that are no longer detected. Selecting this will deselect any other Activity filter options. |
| All | Vulnerabilities with any Activity status (same as ignoring this filter). Selecting this deselects any other Activity filter options. |
| No activity | Only vulnerabilities without either an associated Issue or that are no longer detected. Selecting this deselects any other Activity filter options. |
| With issues | Only vulnerabilities with one or more associated issues. Does not include vulnerabilities that also are no longer detected. |
| No longer detected | Only vulnerabilities that are no longer detected in the latest pipeline scan of the `default` branch. Does not include vulnerabilities with one or more associated issues. |
| With issues and No longer detected | Only vulnerabilities that have one or more associated issues and also are no longer detected in the latest pipeline scan of the `default` branch. |
......
......@@ -40,7 +40,7 @@ module Gitlab
def filter_signature_attachments(message)
attachments = message.attachments
content_type = normalize_mime(message.content_type)
protocol = normalize_mime(message.content_type_parameters[:protocol])
protocol = normalize_mime(message.content_type_parameters&.fetch(:protocol, nil))
if content_type == 'multipart/signed' && protocol
attachments.delete_if { |attachment| protocol == normalize_mime(attachment.content_type) }
......
......@@ -13,6 +13,10 @@ module GoogleApi
LEAST_TOKEN_LIFE_TIME = 10.minutes
CLUSTER_MASTER_AUTH_USERNAME = 'admin'
CLUSTER_IPV4_CIDR_BLOCK = '/16'
# Don't upgrade to > 1.18 before we move away from Basic Auth
# See issue: https://gitlab.com/gitlab-org/gitlab/-/issues/331582
# Possible solution: https://gitlab.com/groups/gitlab-org/-/epics/6049
GKE_VERSION = '1.18'
CLUSTER_OAUTH_SCOPES = [
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
......@@ -90,6 +94,7 @@ module GoogleApi
cluster: {
name: cluster_name,
initial_node_count: cluster_size,
initial_cluster_version: GKE_VERSION,
node_config: {
machine_type: machine_type,
oauth_scopes: CLUSTER_OAUTH_SCOPES
......
......@@ -278,8 +278,9 @@ RSpec.describe 'Merge request > User creates image diff notes', :js do
end
def create_image_diff_note
expand_text = 'Click to expand it.'
page.all('a', text: expand_text, wait: false).each do |element|
wait_for_all_requests
page.all('a', text: 'Click to expand it.', wait: false).each do |element|
element.click
end
......
Return-path: <frank@example.org>
Envelope-to: gitlab+gitlab-instance-administrators-9a72b788-code-hello-world-php-2-issue-@qyber.black
Delivery-date: Sun, 23 May 2021 10:28:57 +0100
Received: from example.plus.com ([212.159.19.195] helo=nut.example.org)
by se.example.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.93)
(envelope-from <frank@example.org>)
id 1lkkPp-009OFG-9z
for gitlab+gitlab-instance-administrators-9a72b788-code-hello-world-php-2-issue-@qyber.black; Sun, 23 May 2021 10:28:57 +0100
Received: ***REMOVED***
To: <gitlab+gitlab-instance-administrators-9a72b788-code-hello-world-php-2-issue-@qyber.black>
X-Mailer: mail (GNU Mailutils 3.10)
Message-Id: <E1lkkPn-00DuvG-Rf@set>
From: Frank C Example <frank@example.org>
Date: Sun, 23 May 2021 10:28:55 +0100
Subject: Testing Service Desk E-Mail
Test.
......@@ -46,5 +46,15 @@ RSpec.describe Gitlab::Email::AttachmentUploader do
expect(image_link[:url]).to include('gitlab_logo.png')
end
end
context 'with a message with no content type' do
let(:message_raw) { fixture_file("emails/no_content_type.eml") }
it 'uploads all attachments except the signature' do
links = described_class.new(message).execute(upload_parent: project, uploader_class: FileUploader)
expect(links).to eq([])
end
end
end
end
......@@ -91,6 +91,7 @@ RSpec.describe GoogleApi::CloudPlatform::Client do
cluster: {
name: cluster_name,
initial_node_count: cluster_size,
initial_cluster_version: '1.18',
node_config: {
machine_type: machine_type,
oauth_scopes: [
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment