Commits · 00e2d9b2e9cd21cb29338a355727a60f475d1c9a · nexedi / gitlab-ce

28 Jan, 2020 40 commits
- Update CHANGELOG.md for 12.6.5 · 00e2d9b2
  GitLab Release Tools Bot authored Jan 28, 2020
```
[ci skip]
```
  00e2d9b2
- Update CHANGELOG-EE.md for 12.6.5-ee · 51334931
  GitLab Release Tools Bot authored Jan 28, 2020
```
[ci skip]
```
  51334931
- Update CHANGELOG.md for 12.7.3 · 7c5154e7
  GitLab Release Tools Bot authored Jan 28, 2020
```
[ci skip]
```
  7c5154e7
- Update CHANGELOG-EE.md for 12.7.3-ee · ed2d15f0
  GitLab Release Tools Bot authored Jan 28, 2020
```
[ci skip]
```
  ed2d15f0
- Merge branch 'security-dos-via-asciidoc-includes' into 'master' · 5957f5f1
  GitLab Release Tools Bot authored Jan 28, 2020
```
#40 - Denial of service via AsciiDoc include:: overuse

See merge request gitlab-org/security/gitlab!133
```
  5957f5f1
- Prevent DOS via excessive ASCIIDOC includes · a6cce3a6
  Alex Kalderimis authored Jan 28, 2020
```
This sets a maximum limit on the number of include directives that any
one file may use (transitively). This is set relatively low at the
moment to 32 since each one requires a gitlay call to retrieve a blob
from the repo, and experimentation suggests that this keeps processing
to under 10sec.

This approach prevents both cyclic imports as well as having a single
file with an extremely lang list of includes.
```
  a6cce3a6
- Merge branch 'security-commits-api-last-pipeline-status' into 'master' · 7402bea1
  GitLab Release Tools Bot authored Jan 28, 2020
```
Show last_pipeline in commits API only if user can read pipeline

Closes #5

See merge request gitlab-org/security/gitlab!13
```
  7402bea1
- Merge branch 'security-13-update-ruby-zip-pages-master' into 'master' · 91091445
  GitLab Release Tools Bot authored Jan 28, 2020
```
Bump rubyzip to 2.0.0

Closes #13

See merge request gitlab-org/security/gitlab!41
```
  91091445
- Merge branch 'security-remove-caching-from-api-project-raw-endpoint' into 'master' · c927d373
  GitLab Release Tools Bot authored Jan 28, 2020
```
Disable caching on API project/raw endpoint

See merge request gitlab-org/security/gitlab!49
```
  c927d373
- Merge branch 'security-fix-xss-on-frequent-groups-dropdown-ee' into 'master' · e437f902
  GitLab Release Tools Bot authored Jan 28, 2020
```
Fix xss on frequent groups dropdown

Closes #15

See merge request gitlab-org/security/gitlab!50
```
  e437f902
- Merge branch 'security-enforce-permissions-for-event-filter-ee' into 'master' · f5f6e6e5
  GitLab Release Tools Bot authored Jan 28, 2020
```
Enforce permission check when counting events

See merge request gitlab-org/security/gitlab!51
```
  f5f6e6e5
- Merge branch 'security-email-confirmation-bypass-via-api-ee' into 'master' · 79ec446e
  GitLab Release Tools Bot authored Jan 28, 2020
```
Prevent API access for unconfirmed users

See merge request gitlab-org/security/gitlab!52
```
  79ec446e
- Merge branch 'security-fix-grafana-token-leaked-in-plain-to-other-maintainers' into 'master' · 1f57aadd
  GitLab Release Tools Bot authored Jan 28, 2020
```
Mask grafana token with encryption

See merge request gitlab-org/security/gitlab!53
```
  1f57aadd
- Merge branch 'security-35235-todos-cleanup' into 'master' · 199926a5
  GitLab Release Tools Bot authored Jan 28, 2020
```
Remove todos for users from removed linked group

See merge request gitlab-org/security/gitlab!59
```
  199926a5
- Merge branch 'security-reference-check' into 'master' · a3ae2537
  GitLab Release Tools Bot authored Jan 28, 2020
```
Fix reference visibility check

Closes #23

See merge request gitlab-org/security/gitlab!66
```
  a3ae2537
- Merge branch 'security-project_export_permission_check-master' into 'master' · 9aff4f43
  GitLab Release Tools Bot authored Jan 28, 2020
```
ImportExport::ExportService to require admin_project permission

See merge request gitlab-org/security/gitlab!69
```
  9aff4f43
- Merge branch 'security-proctect-internal-builds-from-external-overrides' into 'master' · 55c7060e
  GitLab Release Tools Bot authored Jan 28, 2020
```
Protect internal builds from external overrides

Closes #22

See merge request gitlab-org/security/gitlab!72
```
  55c7060e
- Merge branch 'security-dependency-proxy-path-traversal' into 'master' · b3c2e64a
  GitLab Release Tools Bot authored Jan 28, 2020
```
Add constraint to dependency proxy route

See merge request gitlab-org/security/gitlab!77
```
  b3c2e64a
- Merge branch 'security-workhorse-package-bypass' into 'master' · bb3469c8
  GitLab Release Tools Bot authored Jan 28, 2020
```
Verify workhorse request for file uploads

See merge request gitlab-org/security/gitlab!83
```
  bb3469c8
- Merge branch 'security-reverse-polarity-of-branch-compare' into 'master' · 4345a414
  GitLab Release Tools Bot authored Jan 28, 2020
```
Make cross-repository comparisons happen in the source repository

Closes #29

See merge request gitlab-org/security/gitlab!84
```
  4345a414
- Merge branch 'security-update-excon-cve-2019-16779' into 'master' · 946856d5
  GitLab Release Tools Bot authored Jan 28, 2020
```
Update excon to 0.71.1 to fix CVE-2019-16779

Closes #35

See merge request gitlab-org/security/gitlab!102
```
  946856d5
- Merge branch 'security-fix-xss-on-project-templates' into 'master' · f0ba77b9
  GitLab Release Tools Bot authored Jan 28, 2020
```
Fix XSS vulnerability on custom project templates form

Closes #32

See merge request gitlab-org/security/gitlab!111
```
  f0ba77b9
- Merge branch 'docs/improve-trigger-strategy-doc' into 'master' · f2094cb0
  Marcel Amirault authored Jan 28, 2020
```
Clarify the usage of `trigger:strategy`

See merge request gitlab-org/gitlab!23583
```
  f2094cb0
- Clarify the usage of `trigger:strategy` · 5ba2788f
  Fabio Pitino authored Jan 28, 2020
  
  5ba2788f
- Merge branch 'revert-c9cf0ab0' into 'master' · 4bfd95f6
  Sean McGivern authored Jan 28, 2020
```
Revert "Merge branch 'georgekoltsov/group_seeder_rake_task' into 'master'"

See merge request gitlab-org/gitlab!23852
```
  4bfd95f6
- Merge branch 'patch-58' into 'master' · 631bf8fc
  Nick Thomas authored Jan 28, 2020
```
Add `gitlab_page_out_of_bounds` to Prometheus docs

Closes #198475

See merge request gitlab-org/gitlab!23802
```
  631bf8fc
- Merge branch 'refactor-instance-security-dashboard-permissions' into 'master' · caf06ef1
  Dmytro Zaporozhets authored Jan 28, 2020
```
Refactor instance security dashboard permissions

See merge request gitlab-org/gitlab!22740
```
  caf06ef1
- Update instance security dashboard permissions · ef8cb9e0
  Avielle Wolfe authored Jan 28, 2020
```
This commit updates the instance security dashboard controllers to get
their permission scheme from the same concern as the group and project
security dashboard controllers.
```
  ef8cb9e0
- Merge branch '38133-credential-inventory-for-group-managed-accounts-concern' into 'master' · 798ae8b6
  Jan Provaznik authored Jan 28, 2020
```
Refactoring: Move "Credential inventory" to a re-usable concern

Closes #38133

See merge request gitlab-org/gitlab!23495
```
  798ae8b6
- Merge branch '196719-rename-sast-container-to-container-scanning' into 'master' · fbb3a6ce
  Natalia Tepluhina authored Jan 28, 2020
```
Frontend: Rename Sast Container to Container Scanning

See merge request gitlab-org/gitlab!23814
```
  fbb3a6ce
- VueX: Rename Sast Container to Container Scanning · 9d9afa0b
  Lukas 'Eipi' Eipert authored Jan 28, 2020
```
We haven't been using the Sast Container term in a long time and this
renames all the occurences in the Merge Request widget VueX store
```
  9d9afa0b
- Merge branch '199034-nomethoderror-undefined-method-unsubscribe-for-nil-nilclass' into 'master' · e8c92405
  Nick Thomas authored Jan 28, 2020
```
Resolve "NoMethodError: undefined method `unsubscribe' for nil:NilClass"

Closes #199034

See merge request gitlab-org/gitlab!23747
```
  e8c92405
- Revert "Merge branch 'georgekoltsov/group_seeder_rake_task' into 'master'" · fbdd20db
  Rémy Coutable authored Jan 28, 2020
```
This reverts merge request !21657
```
  fbdd20db
- Merge branch 'update-styleguide-for-mr-definitions' into 'master' · faa22f56
  Marcia Ramos authored Jan 28, 2020
```
Clarify usage of Merge Request, merge request, and MR

See merge request gitlab-org/gitlab!23646
```
  faa22f56
- Move Credentials Inventory methods to a re-usable concern · de2bb958
  manojmj authored Jan 22, 2020
```
This change moves the methods used for Credentials Inventory
feature to a re-usable concern.
```
  de2bb958
- Merge branch 'pl-rubocop-have-gitlab-http-status-spec-controllers-2' into 'master' · 1dd566a1
  Sean McGivern authored Jan 28, 2020
```
Add http status cop in project controller specs

See merge request gitlab-org/gitlab!23801
```
  1dd566a1
- Merge branch 'docs-styleguide-anchors' into 'master' · 93244cf9
  Achilleas Pipinellis authored Jan 28, 2020
```
Docs: update docs style guide for headings and anchors

See merge request gitlab-org/gitlab!23777
```
  93244cf9
- Docs: update docs style guide for headings and anchors · f0bfe6ed
  Marcia Ramos authored Jan 28, 2020
  
  f0bfe6ed
- Merge branch 'trizzi-master-patch-30091' into 'master' · 8a6f3a28
  Achilleas Pipinellis authored Jan 28, 2020
```
Create SSOT for package manager formats

See merge request gitlab-org/gitlab!23805
```
  8a6f3a28
- Create SSOT for package manager formats · 6459939c
  Tim Rizzi authored Jan 28, 2020
  
  6459939c