From 36e64e679dfc3e5989445f06aa238962df6ca98d Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Fri, 2 Sep 2022 21:10:02 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- .gitlab/ci/rules.gitlab-ci.yml | 3 +- ...move_partial_trigram_indexes_for_issues.rb | 25 +++ db/schema_migrations/20220901073300 | 1 + db/structure.sql | 4 - .../gitlab_rails_cheat_sheet.md | 12 -- doc/api/merge_request_approvals.md | 148 ++++++++---------- doc/development/code_review.md | 29 ++-- doc/development/service_ping/implement.md | 2 +- doc/development/service_ping/index.md | 11 +- .../settings/sign_in_restrictions.md | 20 +-- .../container_scanning/index.md | 49 +++--- .../project/issues/confidential_issues.md | 13 +- .../issues/img/confidential_issues_create.png | Bin 8185 -> 0 bytes .../img/confidential_issues_create_v15_4.png | Bin 0 -> 13023 bytes .../img/confidential_issues_system_notes.png | Bin 4214 -> 0 bytes ...confidential_issues_system_notes_v15_4.png | Bin 0 -> 4289 bytes .../Security/Container-Scanning.gitlab-ci.yml | 6 +- lib/tasks/gitlab/usage_data.rake | 5 + spec/tasks/gitlab/usage_data_rake_spec.rb | 6 + 19 files changed, 179 insertions(+), 155 deletions(-) create mode 100644 db/post_migrate/20220901073300_remove_partial_trigram_indexes_for_issues.rb create mode 100644 db/schema_migrations/20220901073300 delete mode 100644 doc/user/project/issues/img/confidential_issues_create.png create mode 100644 doc/user/project/issues/img/confidential_issues_create_v15_4.png delete mode 100644 doc/user/project/issues/img/confidential_issues_system_notes.png create mode 100644 doc/user/project/issues/img/confidential_issues_system_notes_v15_4.png diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml index 83590a2861c..b2ab53f42c1 100644 --- a/.gitlab/ci/rules.gitlab-ci.yml +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -771,7 +771,8 @@ rules: - !reference [".strict-ee-only-rules", rules] - !reference [".frontend:rules:default-frontend-jobs-as-if-foss", rules] - - !reference [".frontend:rules:jest:minimal:as-if-foss", rules] + - <<: *if-merge-request + changes: *frontend-patterns-for-as-if-foss .frontend:rules:jest: rules: diff --git a/db/post_migrate/20220901073300_remove_partial_trigram_indexes_for_issues.rb b/db/post_migrate/20220901073300_remove_partial_trigram_indexes_for_issues.rb new file mode 100644 index 00000000000..096b74bc1c6 --- /dev/null +++ b/db/post_migrate/20220901073300_remove_partial_trigram_indexes_for_issues.rb @@ -0,0 +1,25 @@ +# frozen_string_literal: true + +class RemovePartialTrigramIndexesForIssues < Gitlab::Database::Migration[2.0] + TITLE_INDEX_NAME = 'index_issues_on_title_trigram_non_latin' + DESCRIPTION_INDEX_NAME = 'index_issues_on_description_trigram_non_latin' + + disable_ddl_transaction! + + def up + remove_concurrent_index_by_name :issues, TITLE_INDEX_NAME + remove_concurrent_index_by_name :issues, DESCRIPTION_INDEX_NAME + end + + def down + add_concurrent_index :issues, :title, + name: TITLE_INDEX_NAME, + using: :gin, opclass: { description: :gin_trgm_ops }, + where: "title NOT SIMILAR TO '[\\u0000-\\u218F]*' OR description NOT SIMILAR TO '[\\u0000-\\u218F]*'" + + add_concurrent_index :issues, :description, + name: DESCRIPTION_INDEX_NAME, + using: :gin, opclass: { description: :gin_trgm_ops }, + where: "title NOT SIMILAR TO '[\\u0000-\\u218F]*' OR description NOT SIMILAR TO '[\\u0000-\\u218F]*'" + end +end diff --git a/db/schema_migrations/20220901073300 b/db/schema_migrations/20220901073300 new file mode 100644 index 00000000000..47cba2c6c05 --- /dev/null +++ b/db/schema_migrations/20220901073300 @@ -0,0 +1 @@ +92ca7bd3f150c9d447e6ab2152b7039379fece41bdef85addcf59b464dc95eb8 \ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index 322e7055758..a8ac768d587 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -28942,8 +28942,6 @@ CREATE INDEX index_issues_on_confidential ON issues USING btree (confidential); CREATE INDEX index_issues_on_description_trigram ON issues USING gin (description gin_trgm_ops); -CREATE INDEX index_issues_on_description_trigram_non_latin ON issues USING gin (description gin_trgm_ops) WHERE (((title)::text !~ similar_escape('[\u0000-\u218F]*'::text, NULL::text)) OR (description !~ similar_escape('[\u0000-\u218F]*'::text, NULL::text))); - CREATE INDEX index_issues_on_duplicated_to_id ON issues USING btree (duplicated_to_id) WHERE (duplicated_to_id IS NOT NULL); CREATE INDEX index_issues_on_id_and_weight ON issues USING btree (id, weight); @@ -28980,8 +28978,6 @@ CREATE INDEX index_issues_on_sprint_id ON issues USING btree (sprint_id); CREATE INDEX index_issues_on_title_trigram ON issues USING gin (title gin_trgm_ops); -CREATE INDEX index_issues_on_title_trigram_non_latin ON issues USING gin (title gin_trgm_ops) WHERE (((title)::text !~ similar_escape('[\u0000-\u218F]*'::text, NULL::text)) OR (description !~ similar_escape('[\u0000-\u218F]*'::text, NULL::text))); - CREATE INDEX index_issues_on_updated_at ON issues USING btree (updated_at); CREATE INDEX index_issues_on_updated_by_id ON issues USING btree (updated_by_id) WHERE (updated_by_id IS NOT NULL); diff --git a/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md b/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md index 612cdd06e99..4f602ecf6e3 100644 --- a/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md +++ b/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md @@ -785,18 +785,6 @@ subgroup.members.map(&:errors).map(&:full_messages) subgroup.members_and_requesters.map(&:errors).map(&:full_messages) ``` -## Authentication - -### Re-enable standard web sign-in form - -Re-enable the standard username and password-based sign-in form if it was disabled as a [Sign-in restriction](../../user/admin_area/settings/sign_in_restrictions.md#password-authentication-enabled). - -You can use this method when a configured external authentication provider (through SSO or an LDAP configuration) is facing an outage and direct sign-in access to GitLab is required. - -```ruby -Gitlab::CurrentSettings.update!(password_authentication_enabled_for_web: true) -``` - ## Routes ### Remove redirecting routes diff --git a/doc/api/merge_request_approvals.md b/doc/api/merge_request_approvals.md index f32a5eebaeb..55c6386dfd7 100644 --- a/doc/api/merge_request_approvals.md +++ b/doc/api/merge_request_approvals.md @@ -27,7 +27,7 @@ GET /projects/:id/approvals | Attribute | Type | Required | Description | | --------- | ------- | -------- | ------------------- | -| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) | +| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding). | ```json { @@ -54,15 +54,15 @@ POST /projects/:id/approvals **Parameters:** -| Attribute | Type | Required | Description | -| ------------------------------------------------ | ------- | -------- | --------------------------------------------------------------------------------------------------- | -| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) | -| `approvals_before_merge` | integer | no | How many approvals are required before an MR can be merged. Deprecated in 12.0 in favor of Approval Rules API. | -| `disable_overriding_approvers_per_merge_request` | boolean | no | Allow or prevent overriding approvers per MR | -| `merge_requests_author_approval` | boolean | no | Allow or prevent authors from self approving merge requests; `true` means authors can self approve | -| `merge_requests_disable_committers_approval` | boolean | no | Allow or prevent committers from self approving merge requests | -| `require_password_to_approve` | boolean | no | Require approver to enter a password to authenticate before adding the approval | -| `reset_approvals_on_push` | boolean | no | Reset approvals on a new push. | +| Attribute | Type | Required | Description | +| ------------------------------------------------ | ------- | -------- | -- | +| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding). | +| `approvals_before_merge` | integer | no | How many approvals are required before a merge request can be merged. Deprecated in GitLab 12.0 in favor of Approval Rules API. | +| `disable_overriding_approvers_per_merge_request` | boolean | no | Allow or prevent overriding approvers per merge request. | +| `merge_requests_author_approval` | boolean | no | Allow or prevent authors from self approving merge requests; `true` means authors can self approve. | +| `merge_requests_disable_committers_approval` | boolean | no | Allow or prevent committers from self approving merge requests. | +| `require_password_to_approve` | boolean | no | Require approver to enter a password to authenticate before adding the approval. | +| `reset_approvals_on_push` | boolean | no | Reset approvals on a new push. | | `selective_code_owner_removals` | boolean | no | Reset approvals from Code Owners if their files changed. Can be enabled only if `reset_approvals_on_push` is disabled. | ```json @@ -79,9 +79,7 @@ POST /projects/:id/approvals ### Get project-level rules -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/11877) in GitLab 12.3. > - Moved to GitLab Premium in 13.9. -> - `protected_branches` property was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/460) in GitLab 12.7. > - Pagination support [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/31011) in GitLab 15.3 [with a flag](../administration/feature_flags.md) named `approval_rules_pagination`. Enabled by default. > - `applies_to_all_protected_branches` property was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/335316) in GitLab 15.3. @@ -97,7 +95,7 @@ Use the `page` and `per_page` [pagination](index.md#offset-based-pagination) par | Attribute | Type | Required | Description | |----------------------|---------|----------|-----------------------------------------------------------| -| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) | +| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding). | ```json [ @@ -198,8 +196,8 @@ GET /projects/:id/approval_rules/:approval_rule_id | Attribute | Type | Required | Description | |----------------------|---------|----------|-----------------------------------------------------------| -| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) | -| `approval_rule_id` | integer | yes | The ID of a approval rule | +| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding). | +| `approval_rule_id` | integer | yes | The ID of a approval rule. | ```json { @@ -285,7 +283,6 @@ GET /projects/:id/approval_rules/:approval_rule_id ### Create project-level rule -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/11877) in GitLab 12.3. > - Moved to GitLab Premium in 13.9. > - [Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/357300) the Vulnerability-Check feature in GitLab 15.0. > - `applies_to_all_protected_branches` property was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/335316) in GitLab 15.3. @@ -298,17 +295,17 @@ POST /projects/:id/approval_rules **Parameters:** -| Attribute | Type | Required | Description | -|-------------------------------------|-------------------|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) | -| `name` | string | yes | The name of the approval rule | -| `report_type` | string | no | The report type required when the rule type is `report_approver`. The supported report types are: `license_scanning` and `code_coverage`. | -| `approvals_required` | integer | yes | The number of required approvals for this rule | -| `rule_type` | string | no | The type of rule. `any_approver` is a pre-configured default rule with `approvals_required` at `0`. Other rules are `regular`. | -| `user_ids` | Array | no | The ids of users as approvers | -| `group_ids` | Array | no | The ids of groups as approvers | -| `protected_branch_ids` | Array | no | The IDs of protected branches to scope the rule by. To identify the ID, [use the API](protected_branches.md#list-protected-branches). | +| Attribute | Type | Required | Description | +|-------------------------------------|-------------------|----------|------------ | +| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding). | +| `approvals_required` | integer | yes | The number of required approvals for this rule. | +| `name` | string | yes | The name of the approval rule. | | `applies_to_all_protected_branches` | boolean | no | Whether the rule is applied to all protected branches. If set to `true`, the value of `protected_branch_ids` is ignored. Default is `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/335316) in GitLab 15.3. | +| `group_ids` | Array | no | The IDs of groups as approvers. | +| `protected_branch_ids` | Array | no | The IDs of protected branches to scope the rule by. To identify the ID, [use the API](protected_branches.md#list-protected-branches). | +| `report_type` | string | no | The report type required when the rule type is `report_approver`. The supported report types are `license_scanning` and `code_coverage`. | +| `rule_type` | string | no | The type of rule. `any_approver` is a pre-configured default rule with `approvals_required` at `0`. Other rules are `regular`. | +| `user_ids` | Array | no | The IDs of users as approvers. | ```json { @@ -411,7 +408,6 @@ curl --request POST --header "PRIVATE-TOKEN: " \ ### Update project-level rule -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/11877) in GitLab 12.3. > - Moved to GitLab Premium in 13.9. > - [Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/357300) the Vulnerability-Check feature in GitLab 15.0. > - `applies_to_all_protected_branches` property was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/335316) in GitLab 15.3. @@ -426,16 +422,16 @@ PUT /projects/:id/approval_rules/:approval_rule_id **Parameters:** -| Attribute | Type | Required | Description | -|-------------------------------------|-------------------|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) | -| `approval_rule_id` | integer | yes | The ID of a approval rule | -| `name` | string | yes | The name of the approval rule | -| `approvals_required` | integer | yes | The number of required approvals for this rule | -| `user_ids` | Array | no | The ids of users as approvers | -| `group_ids` | Array | no | The ids of groups as approvers | -| `protected_branch_ids` | Array | no | The IDs of protected branches to scope the rule by. To identify the ID, [use the API](protected_branches.md#list-protected-branches). | +| Attribute | Type | Required | Description | +|-------------------------------------|-------------------|----------|-------------| +| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding). | +| `approvals_required` | integer | yes | The number of required approvals for this rule. | +| `approval_rule_id` | integer | yes | The ID of a approval rule. | +| `name` | string | yes | The name of the approval rule. | | `applies_to_all_protected_branches` | boolean | no | Whether the rule is applied to all protected branches. If set to `true`, the value of `protected_branch_ids` is ignored. Default is `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/335316) in GitLab 15.3. | +| `group_ids` | Array | no | The IDs of groups as approvers. | +| `protected_branch_ids` | Array | no | The IDs of protected branches to scope the rule by. To identify the ID, [use the API](protected_branches.md#list-protected-branches). | +| `user_ids` | Array | no | The IDs of users as approvers. | ```json { @@ -521,8 +517,7 @@ PUT /projects/:id/approval_rules/:approval_rule_id ### Delete project-level rule -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/11877) in GitLab 12.3. -> - Moved to GitLab Premium in 13.9. +> Moved to GitLab Premium in 13.9. You can delete project approval rules using the following endpoint: @@ -534,8 +529,8 @@ DELETE /projects/:id/approval_rules/:approval_rule_id | Attribute | Type | Required | Description | |--------------------|-------------------|----------|------------------------------------------------------------------------------| -| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) | -| `approval_rule_id` | integer | yes | The ID of a approval rule | +| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding). | +| `approval_rule_id` | integer | yes | The ID of a approval rule. | ## Merge request-level MR approvals @@ -556,8 +551,8 @@ GET /projects/:id/merge_requests/:merge_request_iid/approvals | Attribute | Type | Required | Description | |---------------------|-------------------|----------|------------------------------------------------------------------------------| -| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) | -| `merge_request_iid` | integer | yes | The IID of MR | +| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding). | +| `merge_request_iid` | integer | yes | The IID of the merge request. | ```json { @@ -600,11 +595,11 @@ POST /projects/:id/merge_requests/:merge_request_iid/approvals **Parameters:** -| Attribute | Type | Required | Description | -|----------------------|-------------------|----------|------------------------------------------------------------------------------------------------| -| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) | -| `merge_request_iid` | integer | yes | The IID of MR | -| `approvals_required` | integer | yes | Approvals required before MR can be merged. Deprecated in 12.0 in favor of Approval Rules API. | +| Attribute | Type | Required | Description | +|----------------------|-------------------|----------|-------------| +| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding). | +| `approvals_required` | integer | yes | Approvals required before MR can be merged. Deprecated in GitLab 12.0 in favor of Approval Rules API. | +| `merge_request_iid` | integer | yes | The IID of the merge request. | ```json { @@ -625,8 +620,7 @@ POST /projects/:id/merge_requests/:merge_request_iid/approvals ### Get the approval state of merge requests -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/13712) in GitLab 12.3. -> - Moved to GitLab Premium in 13.9. +> Moved to GitLab Premium in 13.9. You can request information about a merge request's approval state by using the following endpoint: @@ -644,8 +638,8 @@ This includes additional information about the users who have already approved | Attribute | Type | Required | Description | |---------------------|-------------------|----------|------------------------------------------------------------------------------| -| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) | -| `merge_request_iid` | integer | yes | The IID of MR | +| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding). | +| `merge_request_iid` | integer | yes | The IID of the merge request. | ```json { @@ -698,7 +692,6 @@ This includes additional information about the users who have already approved ### Get merge request level rules -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/13712) in GitLab 12.3. > - Moved to GitLab Premium in 13.9. > - Pagination support [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/31011) in GitLab 15.3 [with a flag](../administration/feature_flags.md) named `approval_rules_pagination`. Enabled by default. @@ -714,8 +707,8 @@ Use the `page` and `per_page` [pagination](index.md#offset-based-pagination) par | Attribute | Type | Required | Description | |---------------------|---------|----------|---------------------| -| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) | -| `merge_request_iid` | integer | yes | The IID of MR | +| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding). | +| `merge_request_iid` | integer | yes | The IID of the merge request. | ```json [ @@ -792,8 +785,8 @@ GET /projects/:id/merge_requests/:merge_request_iid/approval_rules/:approval_rul | Attribute | Type | Required | Description | |---------------------|---------|----------|------------------------------------------------------------------------------| | `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding). | -| `merge_request_iid` | integer | yes | The IID of a merge request. | | `approval_rule_id` | integer | yes | The ID of an approval rule. | +| `merge_request_iid` | integer | yes | The IID of a merge request. | ```json { @@ -855,8 +848,7 @@ GET /projects/:id/merge_requests/:merge_request_iid/approval_rules/:approval_rul ### Create merge request level rule -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/11877) in GitLab 12.3. -> - Moved to GitLab Premium in 13.9. +> Moved to GitLab Premium in 13.9. You can create merge request approval rules using the following endpoint: @@ -869,12 +861,12 @@ POST /projects/:id/merge_requests/:merge_request_iid/approval_rules | Attribute | Type | Required | Description | |----------------------------|---------|----------|------------------------------------------------| | `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) | -| `merge_request_iid` | integer | yes | The IID of MR | -| `name` | string | yes | The name of the approval rule | -| `approvals_required` | integer | yes | The number of required approvals for this rule | -| `approval_project_rule_id` | integer | no | The ID of a project-level approval rule | -| `user_ids` | Array | no | The ids of users as approvers | -| `group_ids` | Array | no | The ids of groups as approvers | +| `approvals_required` | integer | yes | The number of required approvals for this rule. | +| `merge_request_iid` | integer | yes | The IID of the merge request. | +| `name` | string | yes | The name of the approval rule. | +| `approval_project_rule_id` | integer | no | The ID of a project-level approval rule. | +| `group_ids` | Array | no | The IDs of groups as approvers. | +| `user_ids` | Array | no | The IDs of users as approvers. | **Important:** When `approval_project_rule_id` is set, the `name`, `users` and `groups` of project-level rule are copied. The `approvals_required` specified @@ -940,8 +932,7 @@ is used. ### Update merge request level rule -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/11877) in GitLab 12.3. -> - Moved to GitLab Premium in 13.9. +> Moved to GitLab Premium in 13.9. You can update merge request approval rules using the following endpoint: @@ -959,12 +950,12 @@ These are system generated rules. | Attribute | Type | Required | Description | |----------------------|---------|----------|------------------------------------------------| | `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding). | -| `merge_request_iid` | integer | yes | The IID of a merge request. | -| `approval_rule_id` | integer | yes | The ID of an approval rule. | -| `name` | string | yes | The name of the approval rule. | | `approvals_required` | integer | yes | The number of required approvals for this rule. | -| `user_ids` | Array | no | The IDs of users as approvers. | +| `approval_rule_id` | integer | yes | The ID of an approval rule. | +| `merge_request_iid` | integer | yes | The IID of a merge request. | +| `name` | string | yes | The name of the approval rule. | | `group_ids` | Array | no | The IDs of groups as approvers. | +| `user_ids` | Array | no | The IDs of users as approvers. | ```json { @@ -1026,8 +1017,7 @@ These are system generated rules. ### Delete merge request level rule -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/11877) in GitLab 12.3. -> - Moved to GitLab Premium in 13.9. +> Moved to GitLab Premium in 13.9. You can delete merge request approval rules using the following endpoint: @@ -1042,9 +1032,9 @@ These are system generated rules. | Attribute | Type | Required | Description | |---------------------|---------|----------|---------------------------| -| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) | -| `merge_request_iid` | integer | yes | The IID of the merge request | -| `approval_rule_id` | integer | yes | The ID of an approval rule | +| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding). | +| `approval_rule_id` | integer | yes | The ID of an approval rule. | +| `merge_request_iid` | integer | yes | The IID of the merge request. | ## Approve merge request @@ -1061,10 +1051,10 @@ POST /projects/:id/merge_requests/:merge_request_iid/approve | Attribute | Type | Required | Description | |---------------------|---------|----------|-------------------------| -| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) | -| `merge_request_iid` | integer | yes | The IID of the merge request | -| `sha` | string | no | The `HEAD` of the merge request | +| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding). | | `approval_password` | string | no | Current user's password. Required if [**Require user password to approve**](../user/project/merge_requests/approvals/settings.md#require-user-password-to-approve) is enabled in the project settings. | +| `merge_request_iid` | integer | yes | The IID of the merge request. | +| `sha` | string | no | The `HEAD` of the merge request. | The `sha` parameter works in the same way as when [accepting a merge request](merge_requests.md#merge-a-merge-request): if it is passed, then it must @@ -1124,5 +1114,5 @@ POST /projects/:id/merge_requests/:merge_request_iid/unapprove | Attribute | Type | Required | Description | |---------------------|---------|----------|---------------------| -| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) | -| `merge_request_iid` | integer | yes | The IID of a merge request | +| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding). | +| `merge_request_iid` | integer | yes | The IID of a merge request. | diff --git a/doc/development/code_review.md b/doc/development/code_review.md index a70ec44fd38..35897012b60 100644 --- a/doc/development/code_review.md +++ b/doc/development/code_review.md @@ -504,24 +504,25 @@ Before taking the decision to merge: before merging. A comment must be posted if the MR is merged with any failed job. - If the MR contains both Quality and non-Quality-related changes, the MR should be merged by the relevant maintainer for user-facing changes (backend, frontend, or database) after the Quality related changes are approved by a Software Engineer in Test. -If a merge request is fundamentally ready, but needs only trivial fixes (such as -typos), consider demonstrating a [bias for action](https://about.gitlab.com/handbook/values/#bias-for-action) -by making those changes directly without going back to the author. You can do this by -using the [suggest changes](../user/project/merge_requests/reviews/suggestions.md) feature to apply -your own suggestions to the merge request. Note that: +At least one maintainer must approve an MR before it can be merged. MR authors and +people who add commits to an MR are not authorized to approve the merge request, +so they must seek a maintainer who has not contributed to the MR to approve the MR before it can be merged. -- If the changes are not straightforward, please prefer allowing the author to make the change. -- **Before applying suggestions**, edit the merge request to make sure - [squash and merge](../user/project/merge_requests/squash_and_merge.md#squash-and-merge) - is enabled, otherwise, the pipeline's Danger job fails. - - If a merge request does not have squash and merge enabled, and it - has more than one commit, then see the note below about rewriting - commit history. - -Authors are not authorized to merge their own merge requests and need to seek another maintainer to merge. This policy is in place to satisfy the CHG-04 control of the GitLab [Change Management Controls](https://about.gitlab.com/handbook/engineering/security/security-assurance/security-compliance/guidance/change-management.html). +To implement this policy in `gitlab-org/gitlab`, we have enabled the following +settings to ensure MRs get an approval from a top-level CODEOWNERS maintainer: + +- [Prevent approval by author](../user/project/merge_requests/approvals/settings.md#prevent-approval-by-author). +- [Prevent approvals by users who add commits](../user/project/merge_requests/approvals/settings.md#prevent-approvals-by-users-who-add-commits). +- [Prevent editing approval rules in merge requests](../user/project/merge_requests/approvals/settings.md#prevent-editing-approval-rules-in-merge-requests). +- [Remove all approvals when commits are added to the source branch](../user/project/merge_requests/approvals/settings.md#remove-all-approvals-when-commits-are-added-to-the-source-branch) + + There are scenarios such as rebasing locally or applying suggestions that are considered + the same as adding a commit and could reset existing approvals. Approvals are not removed + when rebasing from the UI or with the [`/rebase` quick action](../user/project/quick_actions.md). + When ready to merge: WARNING: diff --git a/doc/development/service_ping/implement.md b/doc/development/service_ping/implement.md index 561595d2048..8c04992fd67 100644 --- a/doc/development/service_ping/implement.md +++ b/doc/development/service_ping/implement.md @@ -620,7 +620,7 @@ alt_usage_data(999) ### Add counters to build new metrics When adding the results of two counters, use the `add` Service Data method that -handles fallback values and exceptions. It also generates a valid [SQL export](index.md#export-service-ping-sql-queries-and-definitions). +handles fallback values and exceptions. It also generates a valid [SQL export](index.md#export-service-ping-data). Example: diff --git a/doc/development/service_ping/index.md b/doc/development/service_ping/index.md index 4481fe33bda..251021cd8f0 100644 --- a/doc/development/service_ping/index.md +++ b/doc/development/service_ping/index.md @@ -374,9 +374,9 @@ Possible values are "Amazon Aurora PostgreSQL", "PostgreSQL on Amazon RDS", "Clo In GitLab 13.5, `pg_system_id` was added to send the [PostgreSQL system identifier](https://www.2ndquadrant.com/en/blog/support-for-postgresqls-system-identifier-in-barman/). -## Export Service Ping SQL queries and definitions +## Export Service Ping data -Two Rake tasks exist to export Service Ping definitions. +Rake tasks exist to export Service Ping data in different formats. - The Rake tasks export the raw SQL queries for `count`, `distinct_count`, `sum`. - The Rake tasks export the Redis counter class or the line of the Redis block for `redis_usage_data`. @@ -385,12 +385,15 @@ Two Rake tasks exist to export Service Ping definitions. In the home directory of your local GitLab installation run the following Rake tasks for the YAML and JSON versions respectively: ```shell -# for YAML export +# for YAML export of SQL queries bin/rake gitlab:usage_data:dump_sql_in_yaml -# for JSON export +# for JSON export of SQL queries bin/rake gitlab:usage_data:dump_sql_in_json +# for JSON export of Non SQL data +bin/rake gitlab:usage_data:dump_non_sql_in_json + # You may pipe the output into a file bin/rake gitlab:usage_data:dump_sql_in_yaml > ~/Desktop/usage-metrics-2020-09-02.yaml ``` diff --git a/doc/user/admin_area/settings/sign_in_restrictions.md b/doc/user/admin_area/settings/sign_in_restrictions.md index 7316b1bdbb8..e3fa8ba6df5 100644 --- a/doc/user/admin_area/settings/sign_in_restrictions.md +++ b/doc/user/admin_area/settings/sign_in_restrictions.md @@ -26,7 +26,7 @@ You can restrict the password authentication for web interface and Git over HTTP - **Git over HTTP(S)**: When this feature is disabled, a [Personal Access Token](../../profile/personal_access_tokens.md) or LDAP password must be used to authenticate. -In the event of an external authentication provider outage, use the [GitLab Rails console](../../../administration/operations/rails_console.md) to [re-enable the standard web sign-in form](../../../administration/troubleshooting/gitlab_rails_cheat_sheet.md#re-enable-standard-web-sign-in-form). This configuration can also be changed over the [Application settings REST API](../../../api/settings.md#change-application-settings) while authenticating with an administrator account's personal access token. +In the event of an external authentication provider outage, use the [GitLab Rails console](../../../administration/operations/rails_console.md) to [re-enable the standard web sign-in form](#re-enable-standard-web-sign-in-form-in-rails-console). This configuration can also be changed over the [Application settings REST API](../../../api/settings.md#change-application-settings) while authenticating with an administrator account's personal access token. ## Admin Mode @@ -128,14 +128,14 @@ To access this text box: Your users see the **Custom sign-in text** when they navigate to the sign-in screen for your GitLab instance. - +Re-enable the standard username and password-based sign-in form if it was disabled as a [Sign-in restriction](#password-authentication-enabled). + +You can use this method through the [rails console](../../../administration/operations/rails_console.md#starting-a-rails-console-session) when a configured external authentication provider (through SSO or an LDAP configuration) is facing an outage and direct sign-in access to GitLab is required. + +```ruby +Gitlab::CurrentSettings.update!(password_authentication_enabled_for_web: true) +``` diff --git a/doc/user/application_security/container_scanning/index.md b/doc/user/application_security/container_scanning/index.md index 059253cc929..7963f0ce03e 100644 --- a/doc/user/application_security/container_scanning/index.md +++ b/doc/user/application_security/container_scanning/index.md @@ -14,6 +14,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w > - Integration with Grype as an alternative scanner [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/326279) in GitLab 14.0. > - [Changed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86092) the major analyzer version from `4` to `5` in GitLab 15.0. > - [Moved](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86783) from GitLab Ultimate to GitLab Free in 15.0. +> - Container Scanning variables that reference Docker [renamed](https://gitlab.com/gitlab-org/gitlab/-/issues/357264) in GitLab 15.4. Your application's Docker image may itself be based on Docker images that contain known vulnerabilities. By including an extra Container Scanning job in your pipeline that scans for those @@ -83,7 +84,7 @@ To enable container scanning in your pipeline, you need the following: - [Build and push](../../packages/container_registry/index.md#build-and-push-by-using-gitlab-cicd) the Docker image to your project's container registry. - If you're using a third-party container registry, you might need to provide authentication - credentials through the `DOCKER_USER` and `DOCKER_PASSWORD` [configuration variables](#available-cicd-variables). + credentials through the `CS_REGISTRY_USER` and `CS_REGISTRY_PASSWORD` [configuration variables](#available-cicd-variables). For more details on how to use these variables, see [authenticate to a remote registry](#authenticate-to-a-remote-registry). ## Configuration @@ -157,13 +158,13 @@ include: container_scanning: variables: - DOCKER_IMAGE: example.com/user/image:tag + CS_IMAGE: example.com/user/image:tag ``` ##### Authenticate to a remote registry -Scanning an image in a private registry requires authentication. Provide the username in the `DOCKER_USER` -variable, and the password in the `DOCKER_PASSWORD` configuration variable. +Scanning an image in a private registry requires authentication. Provide the username in the `CS_REGISTRY_USER` +variable, and the password in the `CS_REGISTRY_PASSWORD` configuration variable. For example, to scan an image from AWS Elastic Container Registry: @@ -178,9 +179,9 @@ container_scanning: include: - template: Security/Container-Scanning.gitlab-ci.yml - DOCKER_IMAGE: .dkr.ecr..amazonaws.com/: - DOCKER_USER: AWS - DOCKER_PASSWORD: "$AWS_ECR_PASSWORD" + CS_IMAGE: .dkr.ecr..amazonaws.com/: + CS_REGISTRY_USER: AWS + CS_REGISTRY_PASSWORD: "$AWS_ECR_PASSWORD" ``` Authenticating to a remote registry is not supported when [FIPS mode](../../../development/fips_compliance.md#enable-fips-mode) is enabled. @@ -251,7 +252,7 @@ including a large number of false positives. | `CI_APPLICATION_REPOSITORY` | `$CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG` | Docker repository URL for the image to be scanned. | All | | `CI_APPLICATION_TAG` | `$CI_COMMIT_SHA` | Docker repository tag for the image to be scanned. | All | | `CS_ANALYZER_IMAGE` | `registry.gitlab.com/security-products/container-scanning:5` | Docker image of the analyzer. | All | -| `CS_DEFAULT_BRANCH_IMAGE` | `""` | The name of the `DOCKER_IMAGE` on the default branch. See [Setting the default branch image](#setting-the-default-branch-image) for more details. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/338877) in GitLab 14.5. | All | +| `CS_DEFAULT_BRANCH_IMAGE` | `""` | The name of the `CS_IMAGE` on the default branch. See [Setting the default branch image](#setting-the-default-branch-image) for more details. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/338877) in GitLab 14.5. | All | | `CS_DISABLE_DEPENDENCY_LIST` | `"false"` | Disable Dependency Scanning for packages installed in the scanned image. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/345434) in GitLab 14.6. | All | | `CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN` | `"true"` | Disable scanning for language-specific packages installed in the scanned image. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/345434) in GitLab 14.6. | All | | `CS_DOCKER_INSECURE` | `"false"` | Allow access to secure Docker registries using HTTPS without validating the certificates. | All | @@ -259,10 +260,14 @@ including a large number of false positives. | `CS_IGNORE_UNFIXED` | `"false"` | Ignore vulnerabilities that are not fixed. | All | | `CS_REGISTRY_INSECURE` | `"false"` | Allow access to insecure registries (HTTP only). Should only be set to `true` when testing the image locally. Works with all scanners, but the registry must listen on port `80/tcp` for Trivy to work. | All | | `CS_SEVERITY_THRESHOLD` | `UNKNOWN` | Severity level threshold. The scanner outputs vulnerabilities with severity level higher than or equal to this threshold. Supported levels are Unknown, Low, Medium, High, and Critical. | Trivy | -| `DOCKER_IMAGE` | `$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG` | The Docker image to be scanned. If set, this variable overrides the `$CI_APPLICATION_REPOSITORY` and `$CI_APPLICATION_TAG` variables. | All | -| `DOCKER_PASSWORD` | `$CI_REGISTRY_PASSWORD` | Password for accessing a Docker registry requiring authentication. The default is only set if `$DOCKER_IMAGE` resides at [`$CI_REGISTRY`](../../../ci/variables/predefined_variables.md). Not supported when [FIPS mode](../../../development/fips_compliance.md#enable-fips-mode) is enabled. | All | -| `DOCKER_USER` | `$CI_REGISTRY_USER` | Username for accessing a Docker registry requiring authentication. The default is only set if `$DOCKER_IMAGE` resides at [`$CI_REGISTRY`](../../../ci/variables/predefined_variables.md). Not supported when [FIPS mode](../../../development/fips_compliance.md#enable-fips-mode) is enabled. | All | -| `DOCKERFILE_PATH` | `Dockerfile` | The path to the `Dockerfile` to use for generating remediations. By default, the scanner looks for a file named `Dockerfile` in the root directory of the project. You should configure this variable only if your `Dockerfile` is in a non-standard location, such as a subdirectory. See [Solutions for vulnerabilities](#solutions-for-vulnerabilities-auto-remediation) for more details. | All | +| `DOCKER_IMAGE` | `$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG` | **Deprecated** will be removed in GitLab 16.0. Replaced by `CS_IMAGE`. The Docker image to be scanned. If set, this variable overrides the `$CI_APPLICATION_REPOSITORY` and `$CI_APPLICATION_TAG` variables. | All | +| `DOCKER_PASSWORD` | `$CI_REGISTRY_PASSWORD` | **Deprecated** will be removed in GitLab 16.0. Replaced by `CS_REGISTRY_PASSWORD`. Password for accessing a Docker registry requiring authentication. The default is only set if `$DOCKER_IMAGE` resides at [`$CI_REGISTRY`](../../../ci/variables/predefined_variables.md). Not supported when [FIPS mode](../../../development/fips_compliance.md#enable-fips-mode) is enabled. | All | +| `DOCKER_USER` | `$CI_REGISTRY_USER` | **Deprecated** will be removed in GitLab 16.0. Replaced by `CS_REGISTRY_USER`. Username for accessing a Docker registry requiring authentication. The default is only set if `$DOCKER_IMAGE` resides at [`$CI_REGISTRY`](../../../ci/variables/predefined_variables.md). Not supported when [FIPS mode](../../../development/fips_compliance.md#enable-fips-mode) is enabled. | All | +| `DOCKERFILE_PATH` | `Dockerfile` | **Deprecated** will be removed in GitLab 16.0. Replaced by `CS_DOCKERFILE_PATH`. The path to the `Dockerfile` to use for generating remediations. By default, the scanner looks for a file named `Dockerfile` in the root directory of the project. You should configure this variable only if your `Dockerfile` is in a non-standard location, such as a subdirectory. See [Solutions for vulnerabilities](#solutions-for-vulnerabilities-auto-remediation) for more details. | All | +| `CS_IMAGE` | `$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG` | The Docker image to be scanned. If set, this variable overrides the `$CI_APPLICATION_REPOSITORY` and `$CI_APPLICATION_TAG` variables. | All | +| `CS_REGISTRY_PASSWORD` | `$CI_REGISTRY_PASSWORD` | Password for accessing a Docker registry requiring authentication. The default is only set if `$CS_IMAGE` resides at [`$CI_REGISTRY`](../../../ci/variables/predefined_variables.md). Not supported when [FIPS mode](../../../development/fips_compliance.md#enable-fips-mode) is enabled. | All | +| `CS_REGISTRY_USER` | `$CI_REGISTRY_USER` | Username for accessing a Docker registry requiring authentication. The default is only set if `$CS_IMAGE` resides at [`$CI_REGISTRY`](../../../ci/variables/predefined_variables.md). Not supported when [FIPS mode](../../../development/fips_compliance.md#enable-fips-mode) is enabled. | All | +| `CS_DOCKERFILE_PATH` | `Dockerfile` | The path to the `Dockerfile` to use for generating remediations. By default, the scanner looks for a file named `Dockerfile` in the root directory of the project. You should configure this variable only if your `Dockerfile` is in a non-standard location, such as a subdirectory. See [Solutions for vulnerabilities](#solutions-for-vulnerabilities-auto-remediation) for more details. | All | | `SECURE_LOG_LEVEL` | `info` | Set the minimum logging level. Messages of this logging level or higher are output. From highest to lowest severity, the logging levels are: `fatal`, `error`, `warn`, `info`, `debug`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10880) in GitLab 13.1. | All | ### Supported distributions @@ -309,7 +314,7 @@ Starting with GitLab 14.10, `-fips` is automatically added to `CS_ANALYZER_IMAGE enabled in the GitLab instance. Container scanning of images in authenticated registries is not supported when [FIPS mode](../../../development/fips_compliance.md#enable-fips-mode) -is enabled. When `CI_GITLAB_FIPS_MODE` is `"true"`, and `DOCKER_USER` or `DOCKER_PASSWORD` is set, +is enabled. When `CI_GITLAB_FIPS_MODE` is `"true"`, and `CS_REGISTRY_USER` or `CS_REGISTRY_PASSWORD` is set, the analyzer exits with an error and does not perform the scan. ### Enable Container Scanning through an automatic merge request @@ -426,14 +431,14 @@ container_scanning: variables: CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA before_script: - - export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$CI_COMMIT_BRANCH:$CI_COMMIT_SHA" + - export CS_IMAGE="$CI_REGISTRY_IMAGE/$CI_COMMIT_BRANCH:$CI_COMMIT_SHA" - | if [ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]; then - export DOCKER_IMAGE="$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA" + export CS_IMAGE="$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA" fi ``` -`CS_DEFAULT_BRANCH_IMAGE` should remain the same for a given `DOCKER_IMAGE`. If it changes, then a +`CS_DEFAULT_BRANCH_IMAGE` should remain the same for a given `CS_IMAGE`. If it changes, then a duplicate set of vulnerabilities are created, which must be manually dismissed. When using [Auto DevOps](../../../topics/autodevops/index.md), `CS_DEFAULT_BRANCH_IMAGE` is @@ -500,7 +505,7 @@ This example excludes from `gl-container-scanning-report.json`: - `generalallowlist` block allows you to specify CVE IDs globally. All vulnerabilities with matching CVE IDs are excluded from the scan report. -- `images` block allows you to specify CVE IDs for each container image independently. All vulnerabilities from the given image with matching CVE IDs are excluded from the scan report. The image name is retrieved from one of the environment variables used to specify the Docker image to be scanned, such as `$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG` or `DOCKER_IMAGE`. The image provided in this block **must** match this value and **must not** include the tag value. For example, if you specify the image to be scanned using `DOCKER_IMAGE=alpine:3.7`, then you would use `alpine` in the `images` block, but you cannot use `alpine:3.7`. +- `images` block allows you to specify CVE IDs for each container image independently. All vulnerabilities from the given image with matching CVE IDs are excluded from the scan report. The image name is retrieved from one of the environment variables used to specify the Docker image to be scanned, such as `$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG` or `CS_IMAGE`. The image provided in this block **must** match this value and **must not** include the tag value. For example, if you specify the image to be scanned using `CS_IMAGE=alpine:3.7`, then you would use `alpine` in the `images` block, but you cannot use `alpine:3.7`. You can specify container image in multiple ways: @@ -650,7 +655,7 @@ To scan an image in an external private registry, you must configure access cred container scanning analyzer can authenticate itself before attempting to access the image to scan. If you use the GitLab [Container Registry](../../packages/container_registry/index.md), -the `DOCKER_USER` and `DOCKER_PASSWORD` [configuration variables](#available-cicd-variables) +the `CS_REGISTRY_USER` and `CS_REGISTRY_PASSWORD` [configuration variables](#available-cicd-variables) are set automatically and you can skip this configuration. This example shows the configuration needed to scan images in a private [Google Container Registry](https://cloud.google.com/container-registry/): @@ -661,9 +666,9 @@ include: container_scanning: variables: - DOCKER_USER: _json_key - DOCKER_PASSWORD: "$GCP_CREDENTIALS" - DOCKER_IMAGE: "gcr.io/path-to-you-registry/image:tag" + CS_REGISTRY_USER: _json_key + CS_REGISTRY_PASSWORD: "$GCP_CREDENTIALS" + CS_IMAGE: "gcr.io/path-to-you-registry/image:tag" ``` Before you commit this configuration, [add a CI/CD variable](../../../ci/variables/index.md#add-a-cicd-variable-to-a-project) @@ -772,7 +777,7 @@ Some vulnerabilities can be fixed by applying the solution that GitLab automatically generates. To enable remediation support, the scanning tool _must_ have access to the `Dockerfile` specified by -the [`DOCKERFILE_PATH`](#available-cicd-variables) CI/CD variable. To ensure that the scanning tool +the [`CS_DOCKERFILE_PATH`](#available-cicd-variables) CI/CD variable. To ensure that the scanning tool has access to this file, it's necessary to set [`GIT_STRATEGY: fetch`](../../../ci/runners/configure_runners.md#git-strategy) in your `.gitlab-ci.yml` file by following the instructions described in this document's diff --git a/doc/user/project/issues/confidential_issues.md b/doc/user/project/issues/confidential_issues.md index 402ce4bebec..5a1e66c8f7d 100644 --- a/doc/user/project/issues/confidential_issues.md +++ b/doc/user/project/issues/confidential_issues.md @@ -22,7 +22,7 @@ confidential checkbox and hit **Save changes**. When you create a confidential issue in a project, the project becomes listed in the **Contributed projects** section in your [profile](../../profile/index.md). **Contributed projects** does not show information about the confidential issue; it only shows the project name. -![Creating a new confidential issue](img/confidential_issues_create.png) +![Creating a new confidential issue](img/confidential_issues_create_v15_4.png) ## Modify issue confidentiality @@ -39,9 +39,12 @@ The second way is to locate the **Confidentiality** section in the sidebar and s | ![Turn off confidentiality](img/turn_off_confidentiality_v15_1.png) | ![Turn on confidentiality](img/turn_on_confidentiality_v15_1.png) | Every change from regular to confidential and vice versa, is indicated by a -system note in the issue's comments. +system note in the issue's comments: -![Confidential issues system notes](img/confidential_issues_system_notes.png) +![Confidential issues system notes](img/confidential_issues_system_notes_v15_4.png) + +- **{eye-slash}** The issue is made confidential. +- **{eye}** The issue is made public. When an issue is made confidential, only users with at least the Reporter role for the project have access to the issue. @@ -51,7 +54,7 @@ the issue even if they were actively participating before the change. ## Confidential issue indicators There are a few things that visually separate a confidential issue from a -regular one. In the issues index page view, you can see the eye-slash (**{eye-slash}**) icon +regular one. In the issues index page view, you can see the confidential (**{eye-slash}**) icon next to the issues that are marked as confidential: ![Confidential issues index page](img/confidential_issues_index_page.png) @@ -61,7 +64,7 @@ you cannot see confidential issues at all. --- -Likewise, while inside the issue, you can see the eye-slash icon right next to +Likewise, while inside the issue, you can see the confidential (**{eye-slash}**) icon right next to the issue number. There is also an indicator in the comment area that the issue you are commenting on is confidential. diff --git a/doc/user/project/issues/img/confidential_issues_create.png b/doc/user/project/issues/img/confidential_issues_create.png deleted file mode 100644 index 0a141eb39f87700481f0c9ed33cf28552e8b2deb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8185 zcmdUTbyQSsyFLsELk}rP4z1LX0usZ}AuSz4w}43J3`3`spf8<@bV;X*Gzby{NOwy2 z;r0E_x6WDXoVCvH&)@UU-ur%@{p{<$p6iaaqcqhOiSQrcV_;wqDJ#ioV_;wbF)%PK zfLQmI<@Ug=`v*%+HC_3;ySvrZRSypjc6RpT<6}WV!Ox#RFDxuvTwHj2dk+r}UteEy zadGkT^4{Lw`uqF4xVQub1(lVRH8(e-(dfy^$%KT2)6-KZ6q=ctnVOn9Iy&0d*O!!( z^whgjC1!7YeEjh6Fg+tfS68>VxL8$HRZ>!tpPzqjZqDA`-q+XH)YNomXXhT({{Fta zynIAN#P;^Ko15Fl#)g4`fu*HoS65eEUESH`wT6a9Zf@?ockiO2qGDrX6_u34#l?|G zq*~bLrKP2ikdVr%DijK}yu7@!vLfkUBO6@T)6>(?&@ebS`0?Y%wjXO#s|P<8_uAXr z4ddH-dwaLGwvy_`-@J)+e*YyuKR>%|CZl(YvDzP!HqHoX~DG3t}wmzS4U+&!nQZ$M2=?UB># znfDz80!`(A@xZ`f&{md{(e;_xnKRUQq(%MpFv7!@&W#F6orc8gC63peMt=U%#OlbW z=0ABXD8#>cwm*=fLrYL*5LYYJuB%}Y(A_9{C;rd~D)-+;Ev)(mING;icPMbF1uBcR zXXIl6p8+2SgTD97$v9cMP2jyrNflWjW0b( za1UJ6D^u)E8Y0eL=EpaV7mc?eIU=*bD2+ke3beCGrX%+E9v0ce;sl_DhIumsA2E1V zP52cb>Pb8KsK;EM^90B*0O)6GEQRs{bhyfD>H_748If&8s*i<(z<~ z-~sjoZ-gT~r=iWcmlv%f4Y`rYB>IuiMVl>2gVq~u5vyisftCKymZP5OZB@qFh*Vz* z2symhvG)>QpHfI*E$;Z}*hta>IPIlMpvM}%Y1!H&2Q)5DBSk^ptI=cfY+6gRyfhcH)OQrHy`6yWCj(TJ$Qi*_ zJq>DPlWmw?8({-6-D z!GqNFhgIe?KF?vV*pA>0&jbS;d@(7C!_~0Z9A-&66FFpnj;BFDHbb0n>9E8hQ8!0d z+nC1{h@1F#IQO*Bz>16oLhD{|iIDH75n#R$L%b8B^@MAzkv{U8-QHs-ONCjCb=`nQ z99*(B{&8ix{*-`*rkNnu)nJFK1OV#QVh|q6tKGr zsbK8v$p2|gqJIa`jGf))shd zec4LReQ*tyTO}gveqCiI|3}F15%-wJ5A3*;uH7Iq^jA41^h*aI%>Ft4wlL;%FKG&o zs|1qVr9jLAZv??U7vKhscl(J0B|0BznRP>E?{HyOJ%>(cE!~4>)p_s7|9XBHRB4XgMKfz2zg^J==eYZUr2!WRcEt{dnbh@;&t>14 zLE)9evj$qMjy&kdgx#&=gy)BJL^J2$TOoQsD9%fu`ldg z1RMT-27AKhg06ox)j&@B=&Lxu0^A6DCTfKWc|4L*E}`B}~&kSR6N4J6Re!w8!a z!1QQx2C_L6aCduSQeX6qDm$tJ*S*07k1*)CPA0)SJ`F)wX7pIDRx6&(4GtPhrR%;r z0dxVa^n2Irs1mpQrDLDijjQv+cRF)ef2{~Fg-w$en}_sUEtnj{fo}&+WHqzb&zbAf zh{5ka02mVv#ip}^ooXcz3u&A?a7RnI2Qc z=EK~GKHUU3r4VmlY=f9uf3Ix!2=WY5U#y$sfP32gy7NBx6ZMzg18HC;qkOMG<8OR( zd}!C;(iJIx1G3dfNrIZmL1wTexlx(V`M;XjE#Z6g$U%A9UoT+fp8-{Te1LE5UWiIx zlfmYt7lXGjzCZwX37Zs*bX{##3=NYAy|O8_mTlvVBh?%H?s)&XxfX)lB*fej^?u9n=O)`OQsT^V^GNPv|?88I$ z=dPCz-U)4<@iqUhf6$rd(v>3BUXZc(((csuwsUvvxPeTi&adbRgC$jkw(r1*7kQ$E z0xston2q~1_CU;6?21MPrYXO<@K{grcEsZs_e0&rfRTBnC>OFlXey+{i8J4(dut`7*0bm(4Fv)VIbhqO9LcKal;+aL^A4fj)4mXb4V)uMLMX)Dn!bWHDXm?i-duIGqpo)bmnb1VM3wgTMXoz z^%lh`zIk;Nu7E*_sS{$NMFvBV2O9Vj~TM~Z=gc!*n%N8yP)VF{;m za~T2TFUzsg#Y^bIhPB;(k>mS9h5zjR~3%Af6!0ON;**Dq4+$`Zsu34#e zeLcO+{g~k5n*5BKOyL4j=~k!x+L6!AH+&PX1nX$ajk##+VoiM zB~>S)nC@XMgRDjDQyr+g9#u9j?+v{at>1e9@k}h)OO3z}B%w+P@{pZ6=%nw%V9t%(1jTpz0KpX0jakGp zR7s!}hGh#n4N=@cBSFa@mtR;Af2{ zq`%Gn(jA!PSMs_Mm*VdXnAi^#>W>@!hq6SAGK%uaEdg5Bh@8|y9iUu{(f_kpsR5*a zIy2Q@_gz|T7bxZT^PTtm8Z%JpZ|y=cn#wbxGCv-pNX@8WgkP;6 zJtceM?6i*k?I%+#W(F|%gW&Y--Ok=ZC%{8Gpz6h0K=p3Za@Kld+7;?qET(ZHH-Mbe z0DG;yYo&~|8{1W;8mN{7Cr!V@O>R&iB=3Dd^KKiS-mV0fho?&~%yTPIA@C@;0o|2A z!fs~BfVBC)HVC&Mr4GMe6WqpRh|R9~&$QZzTx3d&A9MKQ0bvQ%#p02WNGcpH4|N5X zSL0;a$$_A3=UL_RX5Seo#;5=!?forZ*K~>!z=^2WCF*_ooxHovKC_9kYGf$B35Lo-V{Gl_|Hvf@D0`9M zNUytMQypDePc0&`OCkx3UFsf8Z}iC&<>`~=gIW5QA%JdN%g5u(1m6r>XBudAt)3cI zWX-&+nNjn)nM?^`c6h1VC7mF5&VM?Fu3EwcMz78`QMFNZUVeVjt7c@twODEYBE=6% z@$qG-Jg^-272T2+8FwZ&O(8&&2y};Y#CiXgG}mXAt3A{DVf1w#L6;A+Pbu&cF2T$k zdIQRBA_zF?fo=B-!fbpnk5>S+Q~CApoHJSdv*%oiOhmp^dUTYQUhF7hlu9VK6t-f| zQ-L+}rA|=5d(47(`o0L22*;93Ga|@e9(TfQIZE$nQxAr%uzDR55Kr-9_s>pF>wp$a zV+}IBBGY6Yj3XNwVkxw#F*JQ{srbt{ z0j`32?h-Teg&W(?|c*-JSXan z{~WU*A7J9MGPVlzjnLC4{DKK7ZEU?V)hFy)eb1v3f6QyW7qBsvlxJ3hEsHazVexe3 zwc#@fQh^=Wgb{}QW2F4(AZ}2XJu5h=^2w82p66sMVf2wDV59S&4XoJ+d4{B zPV)p>z=ty)&Py|KXTIctsR5l;zs_FXkOX!ma3Z5{gKbcao|QCT1s;UrFZlD-ae zz_|A*NiAV{zcHf+mprgZT_@9R?jK}f1{3)f$&RzEfPb`#P6aA%^o7LF4Df zNF=3^P$6)0H!i?-%+l3H+N4rJYYS7Wq=|?MT*=kL!k9Ss2SHu~Liy4A_&c>=FL;t`^mm8ba?P~Oe3tQPHFhW7bqcQ!^&xwJrIpsxt zii}Ig`w)glki0yF;S|`a%fVzZCY8mzRlalmZ5IpgUwzXkYq{Kec(+{vMP@x zW;ZkEEf(p#ElChX^3QBOTDSrB_d6y)_w`@?HGlFswgRenEgeQjc;vMA0chlC{#)Gt zQyIb{=zAcg1wm5a56-LSQ$MxaC0K^YC51dsbnLvM8%vonaE<7C;=R<`{a9`^Hpbf_?=#;@)tY3z!jBOXu8hcEHixTNOL!L26}ORZPr(vAO%d5;7pm=(Nn0M( z^JWj4g`PPK>XFo3QzLh)LkwV_U$oMq68GEsW>Pye+`lZQu@*^*%p`<~?p2>xu`S_&(Z$+&el)0qPeWp+ zIN&L>Z8Q`1Gn#OCGA~masNj1a?TgkO+1}{4-HQkE+ft~Yiir&c>%fT!I7c_gdF(+C zS=Vxadw!-O!D2GkP4mJt>8jrk(N5oAWfU|phJtohJc0H7082cJ(z`;cuC0jISx^31 zq1@{BC6ECH=ctgaG^GNm0_CXzZe7;0i45Qcq9U5Ep}_sdY`|ZTQBWUiN3n#cLmn7o zACf_v1cE$4VSoToV8^tp60D=-?^_HohFv@Oy;{gt&MrKlJ}~gaq%Jn7We5P_*tMQ>s;~0)CDa7+-{kFpbpK!D}Z9#v&AC)gnnwNT~1b zVg$Rh7LnzFkSBeTQA4w>>p_D%4h~inKx_a4$^`nKFSjJD;SY6UVl0pp+Cy|Mc5ew4 z97ZfqfE3)SnujMiok8ut;aM9j_?_Br*gRO=3@dJY+NcB@Z#ek)DN{kl$QlE_&*zCZ z%b!=tTv%V8238+POa18or04(h!-V6hrm8W#1NeZGWJ%)E{?#L1)VIgUc4ep>bZ0!C zMcp>r6$ucNC&N)9#Jkg&h%Gj2qI!Lg64PSkj`ZPfFQ6($>)^Z~*7)4ienCPuET>8j zws7tbQ$i&Ln*upzHhyR%V$htM-wK{Q{vorruzgbvBJP{du~CPh&&03fdSc;+ncQ0C z$|=8MsN%_T41${V>DS39rehRnNmGx0t^{m}s`JdV%sBdKRB%OxKl?aKnprGz@Kwx& znY+>%l1oz?`^sMZi=coL4pz~YT-!4t9Y#-+8_*H;Ap5ssFYZBHRcUPZdEun)aP(==Q53`9Xai|bdVrll*omJjWTxvs z=DzLXZ&K6*KJs#A^Pemvr#4Zv1@d`2lA$wNl`>@9-jHB23e*d?t z@^!jgUiB^<0uw|T4K*dG=C1-A59BL9aTT>O`k$>%o!!L#l<_qL%I2vaQDyAD2#=)c zM0)R*9U(SyNbt`M*NH|QSc(k44W$jz>}N>xucvR+Bkez*JcYBMmL;@q#6bY=O3)_| z1qydH9YjrICIX*V{oxgmwJAB8`QCgWIdXo~CNr+k3;v;u?OnOct0{#4=oM;XI+D|& z?aoaQ{#%jL%2fW@M`AChXA_rrg|C{#bck50epoWbrTNRS-;Q!#NclnQXUcioLZj3? z2T)!HY_pz~24um;_NM$Nc2}XJ{c6ppD?7KhPJ7MSq*>_|BF9~-yUW}7u@^{ho?V}; zbt)+4osi0-eF^P@@LoLdY@_nccluE`SzyWs{f~RgP+(;T3_|)2@h=yo;Cxwh#dtd2 znS}3)s}%FOMABvuh4rx|%?huk+>YiGF3)Sfsj+skn1we_nI5Zl-{woj#pvDlDw$N| zT`GLN)?o`x!cny0_1jAlUe3OlDI^4M_3K zM?6UWJ~pagZdUlN`kX1m>V+zoswRFffU?8az?h8};GI|xsX``f12}l9e0Nxg+T%+w2m4*G2m z8a^2PnYm5Jp_`Rr2?T<<^m=&SaW?8k zzQ#i}wP~6#`!D4<3b=K8C7_M90UmoXL9G6l(@rAqx|w#L6YKX3if4ZMGEn9nK16pKV-axEs@dZ(q{w=R&nGRKQo&|)USGp%=GTr! zI413^Ht7u<`y-p2SR;s@`jJoq$QDWYx=pAja^{)*R;`I9b**5~FTM|301~|gcpyOG z9FH;2(^uP4_cZsQtL|yOPk^ZnHm_Bkq8u8~FI4QG&|4eL?WKrNaY&Lu2IQOg)1|Tp zZ5ho>Po!*{YNn6kC}CGG17wkdlwDt}i=^o4jI(Wb^_=ScWoV;~`4o{vR9&W&10>r>NKY`$RX;m@mXqZ(w6$i{H?lP_W`$VW zJyIbd@k96?o7Too`VmCp$hM5DW&hf;m`i9ZZ32yu7@?ckDoRc9us9 z7DuR!lRkvS#*zB(LjEa7)Y#F`!Q9Tt+}4KTk6e8NTW2Q$Dylyd{rB~EJ)O)={xy@0 z<3G%LG!Xb_1jxqv4)|AW#t`%WgYD1A-`W0V*Wah(|09e~+1Sz6%K490YBuIhg6#Z% zo8y1O|5B3wk1Re#bBM9kXHj!&V;jduRzYrFHh$n=j{GI3=D#>Ocpj(x7w5l?{DYGp z_{UrS=Doj%=5Od@Yy>g+f&U$6K}^1dIfBQ~KeLn6bVNeJ!vFI_MoLV6{kT*X6=hY$ z9v&V%JUno9ieH#FfB*jd?Ci|M#AJ4M_T9U8%F4pzc(>y6A=-)xw#1l2sk}G zy|}n&YHGT>yW88_%gxOlA0L05K_q$goTA=WMm{JCdS6b&dkiHsi_qe747Wo`1|{xpPw%;FZcKNA0Hq4`T0df zMeXnJfBEvIudh!+LSk)gZEI`G+1a_Lr>DKWeQs{f!NDOUB*fO%w!FOD-rjz7bu~CR zxMSf=HEFq|q$E5%yrrcjK0e;s+Pb&5HzFc}(5^KzGgDJjbAEpQ?CN%Sc-Yt1S65fp z&CSi!)YQerB|SYI3Wbi2j>2HDoSdARnwpM|4o^?d$3Kygkx@)c42eto;rY$r;9zHG zXMTRZfq?;yN7vNURNlbO&!0cr7mkXHi*N7lJt`N4LI*Ey?$!~PSy@@$-rkMVhrfRP zDjC@;D=Xvl?;Bjbn4X^AIJ&GD-Gjkbzf~`#c5Iqv&m3Rgey>|u*t>8pouA%5Z)|L2 z{MOSjb&%A4aDV?Wv3d4u7EwKZz~v-#@$FI==Gp@iEMr=7aTXrA>^i zoh}_*#DE8moeUf4Um zR)`;!jUAz-rR`rixx2pyWlUb*-Y2zh^ei1qL=AIub3@A(POol58`mszXX@(eow8dG_!iBaAR9LA@;XPgMyXrfH!h_1;l__DsST(-lyvl z)L6Z+Y@Z=yc>;b5JxP4dcVSfiKS&zQbkhu6KD@|Gzcy>hG&j-obR%PUYP>BbFf19_ zsI;BukOS%~h*{MmRUlUZ_xXLBcFE}7-cCZvP7stesdt0_{27&d!s~bqR!xiTCkPCc zpw4Pt@j;QpdrJ`Q4{(Zr#=EO4R8gGmtAk&PDiqOL2ADun>P&s;%tACygw35D!{$hG zE~D##y5rb`-K4finyBl`sO?!}0H`x$qW>Y<88=CrM_h=lW?pA~RT<$<3!yng70Ny5 z7{pcMAU~*t*Y@YNaMDa*H<15qoC_=TWQ||FHUR}Dwow@_ zbB^B~idp*d@6J{8HopMo$2U`It*E@@`skE$6RxI63o=VCUgB5C)pGu{sG$_;m4utP zoLU3Q%}-nF27~xFvZ{`R1q)L(9%;!yU2IsJgq#>y{O*$q_DKZ4|33G`1rF zB^Izhku1P~Zwo>0>4fEFY0S_jDC!ud^0c^vuIcun-#HV(Cp-8xeVH}T<_kaWZC47`2 zpEB!yw|&dSGSzT-pO#{eA5w|Bgvx^i@`YwL9gw+6U`{yOaop7d?yOp|>?q)hI3yda zn^dBkrgIwpffh+K;sTs1%PV zKk|0BCvU-8YJ&;eJRhF>?3;V;@N-?vyCkn2D4AnCdGLQsvI_{HuTyl$8yB7yj=DVf>&Mb${=F#_s8vqs? z7hnJ&LU3bZK@MnUkmjX;1^o4(gxbFdZy?W~hNptvtXr;P+?626IEjEikwh|j`U5i@ z?@T7#fTFY7Wq~3Z8yN0oW+imEgXO{nbPJ=hy1_S z)qnO~kZ*<5zdlslHWBh1BJ;#Y^LL`kW1-+M(*%)ks-d8R+vq)U1d^R!lIY;HU?DA` zA|ak2L6DK)NJtna%WtII}a9 z$E~~&B-tkqi%#v|VMQNIa;bCag()^1?z0=P_!*YiczrDY6eFmYd$|#G0~U+}EEnnO zyBW#6Evn6uo4%y^#a!1r!kd>@&*D&RTlR@N#eA4)u*e@~Esu%`Qj-M8NQS;V*H=#J zb>%k&WLxMY;4NS>W!I)YZ>BDowV+HJFUd(+H;#kznBP+Mu6B4C*BO{y#dvWnTy~Lc z*{gftCnA2BAxd2yPN4ex;lWK-UWh0Gee!5E>B~47(oZy0m*+#D9Tw4I@Dko8NFlo685Ryq1A0^phaJrG>adSJO|v`B3+EU!PdQCqVq+Q}|X1qfu1+wi{qFzg6+#ck{&wEl=mWTBSr^3>Xg z#BI31^vTXMpI2Q|0TEGjAu@JzQbkj;?~B?(6tIFXITNWij#RugnFCY}o6mSxDly536987{J8f$*mZD65JVp?=&TI2 zH|@4t3=VrOE@3nOy5fw=$?$uAWk(Czpq}CHhywPU&qImE2W+2uV765p-!=k2TZf#- zdk$4XcP5{>t+dnPYyh~dOBfZVuNXY08NEZ5L2q?X9}ijH(b@Oz7hh=@B_vinL53|2@xmpEEsR#Meg%#@HOI~zh}v4)mqUu6ZpWKbqm zos7E@&phX&X#Kb<3}}%dzX=CYPAyE$w@}`Qgfr4skil zA928+9z^AE$d3t53*7B{YypV9r8m*wK?q<1DHUs{dhwbj*#nr%IP<`8oeO`x{ZIzB z5wL!%NdlBX4}0xWPs&Y;8 zDMVCV#4J@jNWBNWD=xl-4VbVAoe3+=sh@YLv9^-X>FB=o!mZtA1#83%mh7rl(GX)j z8DF7zi%vMngu^KJo?=hzmm;02+d|4l7w z`klF%+19k8*Z5KEpxeOCkGoi zWFJHDJ{673gz`?ig_X>}m~qi{U}^A$fZwnOMD!>4$^9Hn^p%-LKeT3DEa^i}QumDr zcI^d^BRf3akRgU6Z!a=O%S;o2d*y?t@x2C5~i3!j+McqWAV+LWwIeeTs zYIKG+)*wGS%%-a+b){1x58Ua_4DOVS>W|_~-L)s;6tJXK&KzHh)q)hyz+&|pn;oL> zfA0#|LD*K#?hm&^N*aZ{E;u(eo!ux0=7d=1wg-;X`{o6#T$dkK7u{FuN#06YL^&!1 z?H*;!LSB5B)vB zRr{_-Lhkv!&M-`Odzx~PHMLiQj5{QqdhcLWv$J{rpjjw7&i-WaSldrbxHXy*N(I@>Nv7 z^IOR<;Fee}lxywC*P;)o1Kb^7$#3H3VSaF;^%pwxkdeM>`c|}?Mxd2esCCyt+U0dy zrGnj*&9(~B#B)>n1(=Rqep zFSK2edmPB`Pb(%}#RlB6KM0Hsx}E4{!=r`u}UM z{?9GE2?D%#*B@G5>OEP(1)!1QETO`Yn$dwxPnKX$Pi&A%$x#1l)BiU?OQ>G~h$mms z5E)`uMcT!cI#LxgRu54ARHA;TSLkVZfZwKA9lHy~9*6op5KUZ9>0F_#dp;R)*OUlA za<^^O=mshgS+!ME}% zjGTIo4zU~iZO;x%xZ(k`mBe$5>P1CD&w-u*&|cV^G(G{&``H~Zn%{c+MC6I??gtc_ z%_Al#urPz=!vy`1N@;<|Jnv^3X?W?@sdlq<9jDy_9@`Q)OHO7N71*b4wZGKy1SOed}UPB*!vw1ZQ6O}P{oPDAjQ;+w)5YWlMhKJ?5rCK<;A~;Oc z`D9p-94dkKTZF&og>hv2#T?|<&FcBEz8X!C^rHgSOnk!^$3qn4L3{H2 zB+2Shs~I(7BXC*ufTwRd{UEKxCA>QwD{LcaQAok23?KK?@a~#F|ZsO+`R2a=$&i24zwOH!jW6v^Icqd zE{?htoy={X29EsBAi8a3$E1sZK_z-V$-~LSZFl^mUj za1M_H3^L87D(>W0@FW7lSH;q|1T465+ZocHg^Wt;FIc;_d>SS5upG>s30Wehmgl2l z*lsVKDy7r(qb6zD4~5I8y0@NY3g3604x%ciYhC70&H_B}l@JSOx|Rw1jK%H9bqDO^?zO`cwx>Mh zAqsIHf*xvK;xgItTw;o$@U<^?ooZEmC)oY2eQKbMg9Pqvl-wsqL2^4v-lQ1QfXgoj zNb;WCzpcVNYCUbW5{sf`ddX36K77!QJ&!*e4CmUkF~9zDK}EfDVlZt*$8?!U)fw9U zBte%2A*NQ*RWkxB>Unh3B#iiU4;pE3!k&?;elDV7`ZkCqMH7pQG}hJL->2mB7zaV7 zB`t&=Vx~yRZ~u)|8|L!x+yp?6Tf_+jjBq_{_t) z;`w!hKUEGEYDF}>iUA{jBrD!P_~xZOm(%$gx7a823Ci!dieCn*A*gH`M~_=~k`gjQ z+J*;?m2gF>A{ql6jrgO$R!kYuM(l|)w3F-os@ldJuBUf3`x09E-&BJmZC54S$i{z~ zga&t8ruHN>N~%-)%EI zBmHwNZhnrL=@F*}Y4N<;x-(Avw`Fi1%6*eBH8op)Q7iHb{b zhR4SCtisjvS8TB?og5u}MX`g^+7p-Sig`<7%K;F(Ju5LPv8?V_ofhrKjv1!*f-T1= zJt<04WoVsI*0lX`A#iR7R#%fXrJttj>BFb3`HAiTTVSAmoqWMTP&P&cnRWh>->{wG z=WaLsvwk_g?|_g)F8P*ODf*_v#k1=4)t7fMP3%t6EzS?Tam4aC?#B^r zvfDTco|#eeV3Of6cfXfcnD5WLT;u3J?00Bh#|_?ysKSJX)EbFfOb^-#>@2+A+526( z6O%jL@VwB8#>YYe5{y5h|3A9FXT|?tmi#}t|00=2c%2X2)8#XTtakGEPFvBYW3-9dNrJ`Dh^h1P zrs>fl&WusiLoUmStB7(|X$dJOf4!yE?boX2Fy`o$NBh3t_L8y04`-R?We&ybr$^ir z0h0MP!Mbvp&3j&@gS;mzeP3C#=d(zg(#SVb-3Alf4s-@LQ#W}z82{Q8f8W*rr`G?S z^8W|?*Oh_)AbYGM{6zubugD(D4WLK-e-s-254yj>e{IA+;`wq6ruQT~{7VxOlKrdy zqmTjN)SR~0D>pG+&i(~6E)iS5&iXu|ArdTlM74g{DJN9g>vpk%g?CLRzW?6oJ@Zkp zd3WMZ&V&8r;AjC-4%?Ai^a#=tR9Hj^a{LQW;e)ued0Dd(F1c0chmT{$HS!sk)z0E$ z10D{*GMJ2VRAp8NsS~GiaYj;!IWPMR+3fB3S~TfR8koB{p1O^$Vm_IB6=41EcUUu4!223&$ntml$@I@xJulh zC~?zj9F&&uS82p(6cNaoItbS4{IDG1NE{)AC|UUc0@vCp>u92N_M&-3_TuQ;>yCeu zv?SwGeM(&wIg`f8>esmxE0>Hz&tg_VmQS6c>>s(+?1E{#{<_IcZF~*J8~*%pE}bC* zy$6;vM)d^6-6=fj4BO$Gdq&KYRzqxzVKEJ&Ei`h=Q`QwR*~y>RiWL^xdcf~_Nf$bk zZ3NehPBWhSeig%<8QLJVP7{HM9?M&ct&IUTRvf$P)kLt}w=;Kfv^Vn+SY2vq4%YUF z>{pn(%MJ^`)u5LIV3Q7L#MS*If+~F_cl3DBFGrRQ)HN7Jo3hCkPRTOeO=lb^S#Gr$ zr9&&U(PDn38!FYQgDSFQmt zIpki^b&8w>&Hq_&_1Z*tbg0^*l za;^9kObB{jvAWZ%j2PQY!78bhH#XOO8|{vt4(szj)^;bKKY#7y)2OJh&o=^7<8Wn1 zMBK0nCHX0qq!=1(E!T{;4)+<>s0+;7ib9p{-#99^fs4@WGhG`AcEu2te226&n&C&) zY@v}_)G>HKvfbW<<)NORMz<3$$Z)DQHuF~+r|2Bn)dp|lzw|v;e=?W}8TQ#g$#57Q$xy+ zTnac7H?;;w1AN{)Ybd;6TmWNrQnSu&l9DaYn!VaM1+)z6vuZwLS&)j_^s7`= zRUNYmNC0BqpWqfs(8K~b9bz!E`)I6?;}%9iRwgQa?e1%&gmjA?Y$}YnK?LJed+o?% z?;57*Q)1B?A+pwE1#mMB+)bCn5D2A>!_Z2)@Phd&-iP(g)A}U;$~X{qDFraNK?#)A z4#iun!s+Pnd!4R$$|)rbyx(6jy^E^;NFc{^7YcNiNlPSf-xI4<=HE2>qyX&r(NujN z0HC%wIww*SgC3>Ntfe(6wh|ZAeGE`@e~vDX*aU&u=w@KnhdGbc{_m8RCl^$mR^68Q zU2$HoI@kOX=N$IMpgZ3c)bDH&j97jV-b5ts$UQA(oRkQijCw{M~ zLdVA4*_P@@gic4WJYV4+U+!fM-1EhN!J}j2>YY<4Ep@=KZou5}Pr&v@xd;#1M*Z$5(CM&~SHbVa%!y1_b4j3e$PnCitOexD#M|JxJle0FThZVHA$sOE zEa!9K;fXW6aL4mLDmE>5d03D3Eb2F-&~&&(8DW4jG_TU6fu;l2oC>?Xr#i;_HOSk{ z)8u`kT|wk1W@0W_052twHt$v2t;|~=IaVl^=CzKkZpI)>rW(R6H)W@8Ls?AYwzX&Zfb7L&nPOb)S9?sVJXwrDF@z#cbGs+rdZFoEI zJYzGxMNZsTs)=~VBuTTFz~JYY{?D^6LIw>)Qx{K*pWN`SQk+*6T?b5o4Go|25TyC$ zy1uVc#vf_Z%Ag7-jblwoMSW{Fr1BG+W*~@7w`POj?kOBbdM4@_vj)HDku8UOa6_abG?&g}8HkEFc#WGxxW2MjALv{_OYl)jV`~kfw zg^h=eq%xZL_n?>X&*vm?lFjyYpIU~0I|Y`yH+F%18c<>xEJ2OlsR@CzkIj-dx7l(D z@oc}!lUdlg8#l2Z?^6u=DI{;zR#m*9*f82)SEP_HUw>e?elcMO$-*5BFdR2Sy657klXL75HFc!fra}GlXgED7+CupSiMl!W_Q#M%m{yav1miC zJmu*|p0~pKQ^$Q6qH=z4pXL=N)Ts6NS(WLZZvjZkm&1e(o0;5JO*+~E!2n}pZCldH zj|T90Mkf3m<$FwIp`gx;Fg>>pa)$M>k_ zoPhi)u(XEJpC4A9J)5l#R(dI(s>!XA^3bp6sBZG``{3F)?gl#p1Ge?B-OroLGDkcHEufyuhJLpNP87=^Ds9fSH44+;Z zj=0K@7j%zX2#0=Cq)sbfQdVMDieTD*mhNE7iq{u{`Qc}J6%{BoHp8-R=AIrD?f-=x z>^pmI!lz|nU8OnY{;fbxZ4zCahX8#y@+=4ti_S=*&hxOPk=AdXF8QW9P!e6L4ea06 zSjPwh=yr47yEe8S<=)CY*fiDl1kZAaOZ|Exr+Xg%I%>j({;f)Q!OYHj zW+86=F8InJ=XJrLuCRhwB=PdrZKi6(UM1vsD%Zu?^hJ#G@V!WkF-!Z>;j7ohAFKwT zIeHGZ#=qvsr^TgWsySy_W_Pl)4vfR7H`U+X$Asb?emheq=YV$8u8Xb$XnT*&29qi?PardRw< zKl(Y+gm_h;%$OHTzM+-G+ok{<4gIEf!UFNXeNZng*g)8Rel@K5YarDd|NL>;v%bkP znWmGrKrWGEOMexWSy&olfNxtz@}n1xpfR`zGxliZ;3>iizu3h8NXnleXeU~_LnGojRhMd%riF*qz#2h78hJ&KXRzLL-^M#CV+?i7-7BzL4c7jUsFBTqckU! zy#dVHUmR_?U>afZIPo`zRZ7alX#CaM6VAVXZ&j?%1!ZL+$p$3z(Sxk;S*HA<$OVTSOk)8Isa6WK9e2o(Y)HiW$R-PF1?^15 z;jk&vv+s0dH_wEt&G4td_-ji->i+c2*1zx%&tN(V`HfDaPL$;#Rmdy?=N>t z-zi(`F+IdOkyCGWmgtH&kPVyA-WA+^8Y<~``Mt}eTOrQN#mEXQzc7APT!#LIu>7ak zL0(m8VnIFoGdTkzZhwmszm`KC2?n42WuikGGj+}CqRhubkXi4>+@ds^_lrqnM=w$0 zq_KTRPk&=gZYG3>ala->u+f0=+oW)V@jwprHrT$`oyxF*0x0V!lK|4_@>`5kLCIP^ z-hJxy4e?5+pmCt_*9qn6!&g9N;n0xhx3y$NgGh2oGSBw*M|seRuo3|rUrh|eA3Yjr z$1TbUY&-f@?-=4W)pnR$a`J4V?QBpB9!}O}XYhVy>5^w@$&a1+yg&Aj7xR}Gm|D!` z5G!b&p~8%4xROPk`R3S}9<32|%3}RruoKN6C}c2=SmI%mXFi zmCF$%T|!_f#F!q*r=?PVNWi(nv=Z4PHoMII-Vbs1mJnKr;DNvD-=7b#ilGZ!IB6Z%l zh(eJru-y&JYbZqwCIGenJ=16ays_KB0-ZC03SWoQcgX6X#qUB4v(VX-Z9JtXf_=(T06p*YoMrIVDQXCCFl~8&WQfeKz4JU*nQ0W&=(rSI zL8#_~@k^-BzqX^rL=RdFW%Wp|i5dGt(lg@9>?PQFSPi!Widx1oNHx|11^+n7VB|Eo z=Q^INK{8A(9xr6iqkDr^=0{y4cc^IPk@w|WfK^B@o+>FAAwnDs%sM*E?kNue1fFcR z@ON4b9O0v8en#)RD~tSs+oG>&OlzBRoR{1yS-)X7&F}H$2G;zZ<$M8rf}%QrHHVUd z(OS5I3PYuRZq{PG?nm=(H-SwQJ9O#wEFQ*FkvHvFGy(4bzW1~6+G~pHB!CRR()JJa z$|L}B$9y#{G4T3Fm7#SgM2Q(fd8!wEW7CWBCiHc@`9P$66qRv&UKz1iGCV+J`>K>b zEHOR#V6WY%lG)4_sbi_v!oRY@VL->d}qGWo)?|w5(t6; zn#Sn+TjB z5%dZuy=-c8gQ3%w0&xEcDU-y?qRZZB$J{PKV1Vdxjd%oog3j5Z>2umQTG*Lm{bK{7 z06bD3RgW{~6)Y1o1$ksdBOf+ifNUS+MX5MwA>VuwxEuOp7}Gk?Vb%7Y*a$0mJv$% zoGT)bc1l%KT{#&58eOg7H62rVK}lM=glfBr@y8+klWl1u1#e;;-*hYSshuoM410at zRGRfa?}mw+2`s!yP&sKYjo3^3R`2?`k8{&r1^(27+MlxZ7FGPy2HU~Yb$9(|L0(>d z)Ae$rDqFZBzo+4FPT28o@_8U1dQjY(YFSHF@;Rc5C~QA63} zlE@c!pwT(`YknBX>9-vLy@OaspC;+-Ah1#InHDJ&|#f0OEL5BPTr322WMXjvr zjH1OElhXayBAx4va1LXtV{a2HVGcg^x(Mf=j6$T01ZUpXbAvE}6acdX%K_d#*Rk*? z6jy-crk@4h`yAtD9csS$Q7D@&&h0<|(M>vBu@RcFuPFo+MX{8>b_$t0*ZEO78BVab zPk$p;=q)~xQA2EdyfRN6+at4diaF?X*!|5qq|coh5%1D!Y8sidC?`;U9KhWQ;)$B> zC|}4}^UeBxtJQt+a?|HCuo@Z!f!d31REuke1CoT3Xn{Cq$LCZp3RtJn*IAmCYk@KO zyXT?Xf!nNu-KnvW0FRrw-zwMU^?QfE#DnR}Q{@J*W(Sp}d0o}Qne4N)*J(qqaPOEv z26oyEb|O>0gxxQ>)0A(!4VE0svR0D=&MhruT#Rj&$t0=nGKU**OteMSZo_k#yT{WH ztgM6`-z{-R$~5t+y_PeRG`_0Q^N%4-me7cN|1J#fB-`FOw$^C3C&0O{UvjqPz1=n* zI@fmtxe=|;&43H$XNbnPNCv+yJ|hPxV8btvzA~vW!0FJxzD9sJ|MNS*e?z{~dm#@- V47PfqMgRT-ONq&g7K?oG{x8{09+Ch6 literal 0 HcmV?d00001 diff --git a/doc/user/project/issues/img/confidential_issues_system_notes.png b/doc/user/project/issues/img/confidential_issues_system_notes.png deleted file mode 100644 index 355be80ecb64b0205d5ae0e417c8b1d5fe2c9c35..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4214 zcmaJ@c{CIb*B(-qlCor{kdZXj>}Kq;jx1#Y|t(AiblgZrJ*nq)cD^1BnCKHy_ymB02NDv6bBsUX_VMrLPnS9J5 zCO54hhnTQpB6H{%OHPKtn9P;tBv@Bh7vh-A97N!m*yG_9EQQGg`C|R5DU@oz!3+=+ zf80NIzhqdl9|(l?Jtk8?8H0Wxzuw;7{r&x|t*wQHh1J#7;o;$dfr07i>9Mh~@$qqF z(+aT|nG8eH>2xxa*j(IPM_w(<`9RE1B{n6)l9CbClofLG%0Ea-H6l5w`Ey@obJEK} zCWXi(B8P~`Vj^~B5ZTm>twtb^7fyov`TF_!f|8qv$;HGrQn3&Kz@uqyY~T+UX7>1#{Gj<5m;zv1c0{a9&B^sw{ZvO--zqG5@x z96#6pl?HDSy;YC{J=r%Y5L?oI+24t0>o>;MCr4dgO@=J%H*7O~LRyPSw}&s7on4Q` z!#tK=L}moaMO8JLsaAqK**Zm4owO;;z}IOlIpI`^B#JJDQQgfs1Z}3_L4+vZ0|R z9R4{dcD12}CT(qndpzWQ3p4Oy6ju}D>DTR_vy?ps=~(VQ4N3OOm*SCF{dEm}mg#{F zc5_Huc%nRR1ztw4nb4ZttXw+Dz9k~{vfXsUpDcFDyUYfy1tPX_`2`0F9)qp46AvX02&o%=FZo;V@dR{hV;# zb#&Bc{Uw+F$0FRaXep5N^!bjE)pYg7&JcUX58<^R<8u(t;+JIl+#%K)BOlJIlV8$* zp}z08@3Mu@Mf~3)SHqCAC%#y=@A-dEm2?MdZZ9dW{GZQ`|iFwEKon!NNUEbA5#}qah4uF_a1d( z77@wTAy9uto@OaGA}+3FB}(;SkjA&(mK1jg=%(fW{+yr6>ojf=g3W|>bYV&zzlB;P zhdzyw6Y1@67NxNLD*Wg&U=j*ePS8=!T5;n(a3sS?)(lQpXPYxlAsS;{7|SQ0g3w`6 z&HPQAN9OO$tnO8erRnlzT6}-JrNyX`B3J<)x!h5sE3gLyRu1Cx${G}n=fa*cs1+8) z_ETsokTB90V}1q0bvg5dnrJ8mGkF9nRuPT%#6`(~oS`wL&yo%J}91xx+mSsTHV zXYWyhmBAC|-o(DogqHT;E`q$P?gyW!`k|mjo=C0bK&iCY#IHj>j;`HMye-zbPY^65 zlviR3KI)cYQPaOzZq8=#Yogd<2AetW_`Ngpm)(fh$ufZ1Z)TfVzTWZ=zysIFo0j0n z!BuzPh^#`*y}|KMm7}vB2ZK*O#*kpo!c$sgP+1KzeG;SjUJ8H_mEX=LMNk6h`)(ONnXG&ud@`d}le91Xv%oeYIE;B2L$$3sUppHLeO`rG<|o|&e_T|Q8n z^Al39t}o&*JcwlF^JL7X`^a#oo1eQ5M9b(D;)YX}okJX2D*Go6MCeZp9{ zoevMTec`#4tS9(z>2IHxy!DDh1IkCcNJ1>wU+@L(ne$9_u7vnJ%hETYEJ@^N#VPPC zyhDF7oXLh-K~%Lat*?1gD>>#%KVK7_GSfUgXCMmSVN}_aQOH>|+(T)QZjYP!rcd%< z{e3&+G@1Irt}A3?+fhg2b}G|S^?9Q)|JFZOIY+Gzl}c@9?m*I^2<*M{e?@OzYu8T0 z^!3)gRhoKj=I`FIGj*LrD=f-DDRt1`;A>sr3$gYc28Zrp9YgjlF0MGi2k}yRKXL-a zP6}K|(7y0G1mcYBxa|}JD5izG?Y^6WbOQs4spSK^`&FHz`U8q?MbPOAoRxmfQ!vBG zD2t_&AJuHWc5A5#ui8L&K#A%wO>YSD*d(coXx&I6xZW`=(7wGeWH`TnSfaU6@v{fK z;S&Pp4t%gI`Z5nrS{2sUjb6KOsB!!X`3z^KZntiIQ zUyWhUOwxtWQ?6J4U>8QSb1mAYLzv&#h>}g!Q?9h#>apMH7Pg)J^$6b6-zX}=Ti<`l zrSIbvCtSHR(U-vvk)e~1duNGQ-Cdg08cCDQ%YHMSbJ3x;pw^obVTqIdyY;<(Na)yaP=q3-ldE+i_LC zj0IACU>=lOn*zml6M(^hU0yh~cmVj>AUt#vxR%ZUyHYLsrNt5{%+TmO7^SIC0whsS53bv$qUhCmy?CjH$f5QL?2 zH)yzhqH>_;O1yzu+4l6U zs%bdcy{MId_7YaBtt-x!1X|1{ryksaBwfS&)AlH}p!{5ZcGF;d@3nFSOKW~R+7zoI z%z*^q_u{;k?v#s5Lr|I_o98Y*!_4wVel;286XT)63p|EqQiL25!?|v= z{CcY5Y~8Y>6(_*JBn~2=BhYORJe@OThG6wRtpdAL{xJN^!(5~*&R7@?20KeJmP5Rl zILxPKhJ_n8IjVbd30`96o=eL^z3k&trQ8hTRso{&fePS5LRPO*{15jF7Tvu0{%$Hw zR>IMLdVo|O?HO;tO>cmyQV-ZfeW4=fH|r-yB)FYGj0>>ZsglkQM{)2zT`Y)T&3j1sdt3*4{VgIsPIA)#&oNGa{ z%`yf5$$N;!vC#5020>1ny)M-!yt>%f{;7m9b8h|=ZoPP`yn%U73H+qIFw2(MA18wP z=8@-&gf5ii&OdSC)H`b3bvVq-$tLl4+wmYfy!ue;Lt_u{X+T5fONwB z9-!U<{8ZgJZXsnC?zv_AniwGz^_+k~U4bad^GD*(2oS2)^ITsKbh z>@lNXsb-_aUuTdn-*;Wo^H(P;{7y*z9S+Q7&CXp)9Q-sd%-B7j5IfE#2WiI209Luc zv2O#r(Ae$;EDLG@bwo3-#*Hp1@ncX08Q4vqAeofbTi}4lcR&#~5&h`yTzJRHb`>#I zhlJoBVxaU~ZC;No*l&9JkNk@NoPG6AZ~90HAW@e#zM7>NlX#j^90T9WTzOiRx0W(4#dB*3q_J*t>!wDml)u z9A-KlQ9kS5Z&GAYE8GdBEre=pR$`RLujB+qhn)Vff}5ExBirqER$eefH`J1L-}dBO z&UnEkUY3C`Tg}l@xnd9(|#L&n|PsFBq7rvT~lY6d`6R1;7lyn%y!&@FTNKZpj5y)AdHGm>XK z^0;4Sb@=jzq}@jTxa>6r$Di@*R@sDBhk(jR+1r&4^0^jecK=C-_3X)P|JBLRc=7-0 aBtVn371yX{8ss_nFJf+DV~jPtANN0UlYxZ* diff --git a/doc/user/project/issues/img/confidential_issues_system_notes_v15_4.png b/doc/user/project/issues/img/confidential_issues_system_notes_v15_4.png new file mode 100644 index 0000000000000000000000000000000000000000..e448f609112f699d7621b75ace687d302d693f2d GIT binary patch literal 4289 zcmaJ_cRXBcw;q|pL>q)?5r$|XjFu=tl!y{Nh#I|z8Ag{#7~SY4h#EbkMu`@k=%R(u zdmZKI-A8in_nmw1xp)75``xQOYpv&9>#rT8sw_)PKuZ7s0Ep$~o~i=?H$YeN%LmqMS zaPu&U6F?vkQAaZi5%s6f{(@g=VoX*}PH+(@)Ya9M+m)Xi=4c7!6&4nT^6)|V__(ej zxDf94PR4Fr_K17Gll)hnr{)M#M{Br~HOwAzo!8g|=IkWK#B^Qg-_P$povbbXQ^_9j z7p*IT&}$ErmzxLrPcU;g>;D6G?fDJ+#p`!D(d%R)>gEX8Yv=2(H0`aO#Q8*j)%c(0 z|1>Fjol8X3+Rgm6_ET#+b9=-URQw^YuqgB&J^zT*`5W@T0srRs3n&V`zO27p-tWo$ zvR;iwoIn)%?=g!L%;3JhUL1V5oDKp2ASAzjaR7-))K^FMdr%*@)_ zS_A?SA0Mxxq7oSy850vzTwL7N*0#F3ibNvY+uJ86Cre67LPJ9@~E3cN(%gbwH zVAFaZEbjX zSV~IjA(->(< zWs(?aHHsoN*}Gdb&b7`KmM)furKdTYXmLk5BlELv%Xewh%hJ^Ynv?GPYkFJkfCEY$ zJZU0cA)c0*22vzYnh5;Al!bTlDVPLkmt);vk|p(gaj;qMGHGs9DlCpDn(i5Imtio5 zr!$>An*SXY=vX=0I9@uAy1lAZj+}^yh!kv~8gWQ@Pk@fzVYAtLkf$#_k7DO=7BZbn z3+}4&uC1qDz8SDTBN3U-5Nhfx&4N*5+^jmElhTL_c_8g!#-r%OZqud+mNKA}skYY( zR;Q72*@$1(s1x)WsZ+sG*Q!XRy1#Wao;o-@h?tQTPw93R6p2{3cg2qP=!mG+!`C&D zC+64%?5p|w`Kq##)~-tqX*%Wy+FWtzr2VR9@}}D|MiKOUg7x&8&?@Hb?jGtplc&>h zJ>B2d^_#THHg=s~jZPC4&H+`5?$o!#IxF!BTlM1_B4HKT57Js)ZWWBdj19tggYg7; zBC6AE?ZDQ2BO~8r5~$5Sg!PoQn4dZpZ*!V%y+s*}kF#j& z)zy-_{=x9TaMGP4=@>1{PI@>8u(7DeBzDo^=p|b}0aFljoElSs!i#G-{4*{Yz&rf4 zlHM=FNOmeEs8M>0`uI)tqXacEbCCKiOBI#{JG)qb{-ll8Gbg^oTgS43cd{Wn3)1HZ z-N4y`hVbvnMzBJL97%G$;fXb1DwJ+`Y7F9niFxm+i|xxY8=gdDo$PINxpLyfHIbWb z!-Ew13;gNPcWnv{OAsTs_K#w}3Kxjs_yJcHor4ZoFO#Ujk&7D_YqaJh*)?gX&G@+# z_IKJ~Ludw@v}>h{vFCwAT8=b<;Ucg3p4es6jnIa1xK2p{kUD}_^-NT>b9c}z0K6wGQcC}**hg$d7C}r-$ zUiVME(^1=%Uw!GxXRrhUef#o8zFC5vE@{M*@7efdKB^#I031gjG8QuUd}VODcy2(zxPa*q=6P*R;sv-RnA@hddpb%2DcuKOF%&}J@?m>mmO zPX*+2Tdm)4zl}@8-AKa_Y}J7b4B32{A?RsDIAYw3uTJ$6)oyz>a`kIX3tDjcLPeGEX`{*4)F5=MN`-otJIX@7%%iL zu_{A8rMgy z-o&sMFUcH=$I#e$1^9L&B1{03XKfBQ^5o#oE1<8nYQE90;nP2qw zyz$%G+1RF>i(QMik7>7-=_0yp%@k#1X45c@Xo6Uz&={?o&#)d5<1m*+*YF(Vc<5Gd zBQFK6WCM-3SNEQz8ZELu?cy$~o%5h?=hUMe7AlURhM=N$m@yj{Ka0-6qZmcEU>H?BB^5g)N9dZflt#aT z9e0OHVOxk_%t9n6{weHd1Er``{maW+6-dG|w1a~nh;>0m^RWZZhxQDOl+VEeAbsF( z=HK^`AnrqQNfM`;H_fZU4D+0};bGpkdMDociW#X>@R#OnsM}{5w^L^B$**OfrKR3! zC=*6(@3!dPMyh^g*&ycYBfrl$qp9%3lw2WYw1Zy!f&?LWw7T`kGh>q@AvmzU-nCTF zg4%dQZ6DL`^*ge&t76?&+QjP*lWU~`XCr(nePV^mt`E zqI)fXq->2blPY^jl#^LGzsI;fiifRb0RPR&v`gVuxivd#sx0XFsFYy5a#mq<6Uvsq zf(cpB9<0r3_gx}+9PWvk(B5mQHeUv~1VsvlxWbG}t zb`Nm}(C)Cr{G58EPJ(IlG)_IcbZc>d@pgAPEN;>3t1<;i%ZqkDzq^JEXTAYPMjM>& zF&$1p%-}|kMJ*PRskviUO~HN5dCF{De%-+BG@N^c$!@q|cJ}z_A?;QHl4p%TQ#?XT zosLPYSibmO`WA4NtjWwxEn8b{#YWH?v9whme3fP!@)JHo`qm8zJv5-^ClcsD%B1(K zTWsE&2yhE{Jt_1cM5N&!2lZ89EuHY(n zES?`Im0|Eme9zA`Gc>(n4<=<862(Aq=&8Y(Hm8k+B}`Wwn=&Co&iK5-#xOZk)+>@| zQu0XMoKV80_KDW_&qRLP@Bvn|9GOGlHs zFNA%Zx`eXQv%`W1U>j9p<1~A4M=$Km*S-@r=Qh#!PzH9tT^Pz;te#&thRFl-nCp~k zA5{MQvh)J-PG6k8o@kDd7mn0~wy)(K_uVg@^vn+0ms=(vd35+p{Prc+aLY-HINo|J zzTp7;@