27bc72ecda
Add latest changes from gitlab-org/gitlab@43-43-stable-ee
2019-12-11 22:39:07 +00:00
cccf789b88
Merge remote-tracking branch 'dev/43-43-stable' into 43-43-stable
2019-12-11 22:35:24 +00:00
b1d44a3e24
Update VERSION to 43.43.1
2019-12-11 22:24:35 +00:00
889d719e6f
"Security" commit
...
This represents the merge of a security fix and will only exist on
Security and Build. It will get merged into Canonical during a `publish`
task.
2019-12-11 13:07:08 -06:00
7329271868
Empty commit
...
This commit will exist on all three remotes and serves as the basis of a
stable branch (i.e., one that receives regular patch releases).
2019-12-11 13:06:28 -06:00
453396ed5b
Add latest changes from gitlab-org/gitlab@12-5-stable-ee
2019-12-10 18:24:34 +00:00
50f4484eb9
Merge remote-tracking branch 'dev/12-5-stable' into 12-5-stable
2019-12-10 18:21:43 +00:00
63af04cacf
Update VERSION to 12.5.4
2019-12-09 12:57:29 +00:00
dcd41063d3
Update CHANGELOG.md for 12.5.4
...
[ci skip]
2019-12-09 12:56:01 +00:00
3fe0553ecc
Merge branch 'security-37766-transfer-group-reindex-ce-12-5' into '12-5-stable'
...
Trigger Elasticsearch indexing when public group moved to private
See merge request gitlab/gitlabhq!3577
2019-12-09 09:19:58 +00:00
1a7c008f8d
Trigger Elasticsearch indexing when public group moved to private
...
This fixes https://gitlab.com/gitlab-org/gitlab/issues/37766 which is
caused by the fact that we leave the stale permissions data in the index
after a group is moved to another group.
2019-12-06 12:34:03 +11:00
0330bd0a0a
Add latest changes from gitlab-org/gitlab@12-5-stable-ee
2019-12-05 18:12:40 +00:00
952e48941d
Add latest changes from gitlab-org/gitlab@12-5-stable-ee
2019-12-03 11:24:07 +00:00
225d2e5bb8
Update VERSION to 12.5.3
2019-12-03 11:22:02 +00:00
f033ece0f5
Update CHANGELOG.md for 12.5.3
...
[ci skip]
2019-12-03 11:20:21 +00:00
662bb2b6f1
Add latest changes from gitlab-org/gitlab@12-5-stable-ee
2019-12-03 10:28:37 +00:00
ed8af41027
Add latest changes from gitlab-org/gitlab@12-5-stable-ee
2019-11-27 20:44:50 +00:00
5413c6cd49
Merge remote-tracking branch 'dev/12-5-stable' into 12-5-stable
2019-11-27 20:43:03 +00:00
49482945d2
Update VERSION to 12.5.2
2019-11-27 17:10:41 +00:00
c5a922b1de
Update CHANGELOG.md for 12.5.2
...
[ci skip]
2019-11-27 17:09:14 +00:00
ec764103ee
Add latest changes from gitlab-org/gitlab@12-5-stable-ee
2019-11-27 11:38:22 +00:00
52b9f101a3
Merge remote-tracking branch 'dev/12-5-stable' into 12-5-stable
2019-11-27 11:31:00 +00:00
ef6512ad8f
Merge branch 'security-dos-issue-and-commit-comments-12-5' into '12-5-stable'
...
Fix invalid byte sequence
See merge request gitlab/gitlabhq!3547
2019-11-26 17:03:39 +00:00
79a183ea8d
Update VERSION to 12.5.1
2019-11-26 16:13:30 +00:00
0994af9283
Update CHANGELOG.md for 12.5.1
...
[ci skip]
2019-11-26 16:12:06 +00:00
1bc5f5c4a3
Merge branch 'security-29660-update-dependencies-12-5' into '12-5-stable'
...
Update Workhorse and Gitaly to fix a security issue
See merge request gitlab/gitlabhq!3531
2019-11-26 12:02:13 +00:00
6584ed51fd
Merge branch 'security-aws-secret-key-2937-ce-12-5' into '12-5-stable'
...
Hide AWS secret on Admin Integration page
See merge request gitlab/gitlabhq!3532
2019-11-26 12:02:11 +00:00
2649b16026
Hide AWS secret on Admin Integration page
2019-11-26 12:02:11 +00:00
ccb32647be
Merge branch 'security-ag-cycle-analytics-guest-permissions-12-5' into '12-5-stable'
...
Prevent guests from seeing commits for cycle analytics
See merge request gitlab/gitlabhq!3534
2019-11-26 12:02:08 +00:00
83e8f432e0
Merge branch 'security-filter-related-branches-from-activity-feed-12.5' into '12-5-stable'
...
Related Branches Visible to Guests in Issue Activity
See merge request gitlab/gitlabhq!3538
2019-11-26 12:02:05 +00:00
7d028ae6a9
Merge branch 'security-2943-encrypt-plaintext-tokens-12-5' into '12-5-stable'
...
GitLab stores AWS, Slack, Askimet, reCaptcha tokens in plaintext
See merge request gitlab/gitlabhq!3543
2019-11-26 12:02:03 +00:00
96d91c7885
Merge branch 'security-dns-rebind-ssrf-in-slack-notifications-12-5-ce' into '12-5-stable'
...
Use Gitlab::HTTP for all chat notifications
See merge request gitlab/gitlabhq!3544
2019-11-26 12:02:01 +00:00
26540c9180
Merge branch 'security-33712-ce-12-5' into '12-5-stable'
...
Fix private comment Elasticsearch leak
See merge request gitlab/gitlabhq!3546
2019-11-26 12:01:59 +00:00
5f9de1e041
Merge branch 'security-fix-xss-in-label-namespace-12-5' into '12-5-stable'
...
Escape namespace in label references
See merge request gitlab/gitlabhq!3550
2019-11-26 12:01:56 +00:00
70911c7c43
Merge branch 'security-28802-respect-fork-parent-visibility-12-5' into '12-5-stable'
...
Check permissions before showing a forked project's source
See merge request gitlab/gitlabhq!3555
2019-11-26 12:01:54 +00:00
1c029e6356
Merge branch 'security-exclude_ids_attribute_cleaning-12-5-ce' into '12-5-stable'
...
Ensure attributes that end in `_ids` are cleaned
See merge request gitlab/gitlabhq!3558
2019-11-26 12:01:52 +00:00
518835f782
Spec to ensure `_ids` are cleaned by ImportExport::AttributeCleaner
2019-11-26 10:18:56 +01:00
70f684b584
Ensure attributes that end in `_ids` are cleaned
...
This prevents an issue where you can steal other projects objects by
asking for ids that don't belong to you in import.
2019-11-26 10:18:56 +01:00
644d125b9a
Check permissions before showing a forked project's source
2019-11-25 11:48:47 +00:00
cc9a30c758
Encrypt application settings with pre and post deployments
...
We had concerns about the cached values on Redis with the previous two
releases strategy:
First release (this commit):
- Create new encrypted fields in the database.
- Start populating new encrypted fields, read the encrypted fields or
fallback to the plaintext fields.
- Backfill the data removing the plaintext fields to the encrypted
fields.
Second release:
- Remove the virtual attribute (created in step 2).
- Drop plaintext columns from the database (empty columns after
step 3).
We end up with a better strategy only using migration scripts in one
release:
- Pre-deployment migration: Add columns required for storing encrypted
values.
- Pre-deployment migration: Store the encrypted values in the new
columns.
- Post-deployment migration: Remove the old unencrypted columns
2019-11-25 11:22:29 +00:00
ad48a55cc2
Escape namespace in label references
...
When referencing cross-namespace labels, we append the namespace name
to the rendered label.
This MR escapes the name to prevent XSS attacks.
2019-11-25 13:34:41 +08:00
4c442bdda2
Add latest changes from gitlab-org/gitlab@12-5-stable-ee
2019-11-22 13:52:46 +00:00
5bdc90c279
Fix invalid byte sequence
2019-11-22 14:39:54 +01:00
2533dea98f
Add search_helpers changes from security-33712
2019-11-22 18:14:15 +08:00
b6ea76a00d
Fix group created from other test from polluting
2019-11-22 18:14:11 +08:00
60942bef14
Test admin for search accessibility
...
Disabled features are ignored as they are grey areas
2019-11-22 18:14:07 +08:00
443db2868d
Internalize private project minimum access level
...
Some feature allows GUEST to access only if project is not private.
This method returns access level when targeting private projects.
2019-11-22 18:14:04 +08:00
0de1bfeac3
Fix scope to handle private guest permission
...
Guest are blocked to certain feature when project is private,
therefore the scope would filter additionally with REPORTER level.
2019-11-22 18:14:01 +08:00
d5bfeee5f9
ES: update permission spec table
...
Remove impossible cases due to private project's features can only be
private or disabled.
Fix spec due to sidekiq indexing not triggered.
Update guest use cases: some features has additional constraint that
"Guest users are able to perform action on public/internal projects,
but not private ones."
2019-11-22 18:13:57 +08:00
1f0ab8978e
Update VERSION to 12.5.0
2019-11-22 03:17:46 +00:00
GitLab Bot
GitLab Release Tools Bot
Robert Speicher
Alessio Caiazza
Dylan Griffith
GitLab Release Tools Bot
Justin Ho Tuan Duong
Imre Farkas
DJ Mountney
Nick Thomas
Arturo Herrero
Heinrich Lee Yu
Patrick Derichs
Mark Chao