Commits · 406fa2dfc40f5b7c54fd329f88125c37b851c631 · nexedi / gitlab-ce

27 Sep, 2021 40 commits
- Fix XSS in Jira link · 406fa2df
  Fernando authored Jul 14, 2021
```
Sanitize the return_to param to avoid XSS.
Update sprite icon markup to be up to HTML standard

Changelog: security
EE: true
```
  406fa2df
- Automatic merge of gitlab-org/gitlab master · f9792edb
  GitLab Bot authored Sep 27, 2021
  
  f9792edb
- Merge branch 'db_load_balancer_reloading_issue' into 'master' · caaa7778
  Heinrich Lee Yu authored Sep 27, 2021
```
Fix DB load balance autoloading/code-reloading

See merge request gitlab-org/gitlab!71218
```
  caaa7778
- Merge branch '334205-send-setup-for-company-to-customersdot' into 'master' · bb3fe4a1
  Alex Kalderimis authored Sep 27, 2021
```
Send setup_for_company to CustomersDot in trial form

See merge request gitlab-org/gitlab!70569
```
  bb3fe4a1
- Merge branch 'security-fix-dns-rebinding-in-gitea-importer' into 'master' · 5a934511
  GitLab Release Tools Bot authored Sep 27, 2021
```
Use validated URL when sending request to Gitea Importer

See merge request gitlab-org/security/gitlab!1758
```
  5a934511
- Merge branch 'security-490-2fa-bypass-using-git-command' into 'master' · b205b9d9
  GitLab Release Tools Bot authored Sep 27, 2021
```
Security: 2FA bypass using git command

See merge request gitlab-org/security/gitlab!1739
```
  b205b9d9
- Merge branch 'security-473-account-lockout-for-password-reset' into 'master' · 8f646b53
  GitLab Release Tools Bot authored Sep 27, 2021
```
Apply account locking to password reset page

See merge request gitlab-org/security/gitlab!1702
```
  8f646b53
- Merge branch 'security-477-enforce-configured-scopes' into 'master' · 0ecaed69
  GitLab Release Tools Bot authored Sep 27, 2021
```
Enforce configured scopes for OAuth applications

See merge request gitlab-org/security/gitlab!1708
```
  0ecaed69
- Merge branch 'security-493-project-access-tokens-can-be-used-as-back-doors' into 'master' · a272bd39
  GitLab Release Tools Bot authored Sep 27, 2021
```
Project access tokens can be used as "back doors"

See merge request gitlab-org/security/gitlab!1749
```
  a272bd39
- Merge branch 'security-fix-to-not-export-repository-size-limit' into 'master' · ecbd0fcb
  GitLab Release Tools Bot authored Sep 27, 2021
```
Do not export and import repository_size_limit

See merge request gitlab-org/security/gitlab!1753
```
  ecbd0fcb
- Merge branch 'security-password-expired-token-access' into 'master' · e635818d
  GitLab Release Tools Bot authored Sep 27, 2021
```
Users with expired password can still access API and Git with token

See merge request gitlab-org/security/gitlab!1690
```
  e635818d
- Merge branch 'security-fix-to-not-export-pipeline-triggers' into 'master' · 0469cf18
  GitLab Release Tools Bot authored Sep 27, 2021
```
Disable exporting pipeline triggers on project export

See merge request gitlab-org/security/gitlab!1752
```
  0469cf18
- Merge branch 'security-omniauth-validate-state-before-provider-errors' into 'master' · ff898cae
  GitLab Release Tools Bot authored Sep 27, 2021
```
Verify state before using errors from OAuth2 OmniAuth providers

See merge request gitlab-org/security/gitlab!1731
```
  ff898cae
- Merge branch 'security-issue_334279' into 'master' · 123726df
  GitLab Release Tools Bot authored Sep 27, 2021
```
Prevent showing not allowed subgroup epics

See merge request gitlab-org/security/gitlab!1635
```
  123726df
- Merge branch 'security-463-dl-pagination' into 'master' · 441cdc98
  GitLab Release Tools Bot authored Sep 27, 2021
```
Add pagination to Dependencies API

See merge request gitlab-org/security/gitlab!1679
```
  441cdc98
- Merge branch 'security-mr-reviewer-xss' into 'master' · 701207ef
  GitLab Release Tools Bot authored Sep 27, 2021
```
Escapes MR approval rule names correctly

See merge request gitlab-org/security/gitlab!1760
```
  701207ef
- Merge branch 'security-issue_330520' into 'master' · 5af8042d
  GitLab Release Tools Bot authored Sep 27, 2021
```
Prevent moving epic issues to different group hierarchy

See merge request gitlab-org/security/gitlab!1626
```
  5af8042d
- Merge branch... · fc753ee3
  GitLab Release Tools Bot authored Sep 27, 2021
```
Merge branch 'security-pending-invitations-of-public-groups-and-public-projects-are-visible-to-any-user' into 'master'

Require group admin access to list pending invites

See merge request gitlab-org/security/gitlab!1714
```
  fc753ee3
- Merge branch 'security-337554-fix-markdown-regex-performance' into 'master' · 3ed2de4c
  GitLab Release Tools Bot authored Sep 27, 2021
```
Fix denial-of-service attack in Markdown parser

See merge request gitlab-org/security/gitlab!1696
```
  3ed2de4c
- Merge branch 'security-474-stored-xss-in-gfm-auto-complete' into 'master' · eb9438c3
  GitLab Release Tools Bot authored Sep 27, 2021
```
Fix stored XSS in GFM auto-complete

See merge request gitlab-org/security/gitlab!1703
```
  eb9438c3
- Fix DB load balance autoloading/code-reloading · 91b7cf3e
  Jonathan Schafer authored Sep 27, 2021
```
Changelog: changed
```
  91b7cf3e
- Merge branch 'fix-jira-connect-events-controller-spec-indentation' into 'master' · 896c02a4
  Rémy Coutable authored Sep 27, 2021
```
Fix Jira connect events controller spec indentation

See merge request gitlab-org/gitlab!70940
```
  896c02a4
- Merge branch 'security-workhorse-artifacts-logs-scrubbing' into 'master' · f9557a80
  GitLab Release Tools Bot authored Sep 27, 2021
```
Scrub artifacts signed URL in SendEntry logs

See merge request gitlab-org/security/gitlab!1837
```
  f9557a80
- Merge branch 'docs-cluster-level-improve' into 'master' · c09574d0
  Nick Gaskill authored Sep 27, 2021
```
Docs: Improve cluster levels sections

See merge request gitlab-org/gitlab!71209
```
  c09574d0
- Docs: Improve cluster levels sections · c4675334
  Marcia Ramos authored Sep 27, 2021
  
  c4675334
- Merge branch 'dz-error-tracking-dsn-ui-docs' into 'master' · ac0e79ed
  Nick Gaskill authored Sep 27, 2021
```
Update error tracking docs with more UI

See merge request gitlab-org/gitlab!70803
```
  ac0e79ed
- Update error tracking docs with more UI · a90e8306
  Dmitriy Zaporozhets (DZ) authored Sep 27, 2021
  
  a90e8306
- Merge branch 'am-update-product-intelligence-danger' into 'master' · d46e8778
  Rémy Coutable authored Sep 27, 2021
```
Skip Product Intelligence review for growth experiments MRs

See merge request gitlab-org/gitlab!70907
```
  d46e8778
- Merge branch 'docs/fix-gke-iac-instructions-jcunha' into 'master' · 9ca619e5
  Marcia Ramos authored Sep 27, 2021
```
Fix GKE IAC instructions

See merge request gitlab-org/gitlab!70433
```
  9ca619e5
- Fix GKE IAC instructions · 79667ad8
  João Alexandre Cunha authored Sep 27, 2021
  
  79667ad8
- Merge branch 'ag-verifiables-update-worker' into 'master' · a7822ccd
  Gabriel Mazetto authored Sep 27, 2021
```
[Geo] Add a worker to backfill verification state

See merge request gitlab-org/gitlab!69301
```
  a7822ccd
- Merge branch 'georgekoltsov/project-migration-labels' into 'master' · 7886d7db
  Rémy Coutable authored Sep 27, 2021
```
Add Project Migration Labels

See merge request gitlab-org/gitlab!70810
```
  7886d7db
- Remove product intelligence category for growth experiment MR · aec6886a
  alinamihaila authored Sep 27, 2021
  
  aec6886a
- Skip Product Intelligence review for growth experiments MRs · 4168787c
  alinamihaila authored Sep 22, 2021
  
  4168787c
- Merge branch '341626-import-metrics-project_counter-does-not-need-to-be-public' into 'master' · e06b922e
  Rémy Coutable authored Sep 27, 2021
```
Make Import Metrics project_counter private

See merge request gitlab-org/gitlab!71114
```
  e06b922e
- Merge branch '70495-fj-use-group_tree-ancestors_linear_scopes' into 'master' · f566268a
  Bob Van Landuyt authored Sep 27, 2021
```
Use GroupTree ancestors linear scopes

See merge request gitlab-org/gitlab!70503
```
  f566268a
- Merge branch '259619-md5-hexdigest-on-checksummable' into 'master' · aa8d3dd8
  Vitali Tatarintev authored Sep 27, 2021
```
Add md5_hexdigest to compute MD5 hashes for files

See merge request gitlab-org/gitlab!71178
```
  aa8d3dd8
- Merge branch 'Clean-up-Vale-Substitution-Warnings-(administration)' into 'master' · 1c2f4bae
  Achilleas Pipinellis authored Sep 27, 2021
```
Clean up vale substitution warnings MR1

See merge request gitlab-org/gitlab!71025
```
  1c2f4bae
- Clean up vale substitution warnings MR1 · ac3172cb
  Abhijeet Chatterjee authored Sep 27, 2021
  
  ac3172cb
- Merge branch 'stop-using-view-helpers-in-cluster-presenter' into 'master' · 54cb7317
  Fabio Pitino authored Sep 27, 2021
```
Stop using view helpers in Clusters::ClusterPresenter

See merge request gitlab-org/gitlab!70867
```
  54cb7317