The API permits path traversal characters like '../' to be passed down
to the template finder. Detect these requests and cause them to fail
with a 500 response code.
A tablesample count executes in two phases:
* Estimate table sizes based on reltuples.
* Based on the estimate:
* If the table is considered 'small', execute an exact relation count.
* Otherwise, count on a sample of the table using TABLESAMPLE.
The size of the sample is chosen in a way that we always roughly scan
the same amount of rows (see TABLESAMPLE_ROW_TARGET).
Adds gitlab.impersonation_enabled config option defaulting to true to
keep the current default behaviour.
Only the act of impersonation is modified, impersonation token
management is not affected.
[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"
See merge request gitlab/gitlabhq!2583
If the EncryptColumns background migration runs in a sidekiq with a
stale view of the database schema, or when the purported destination
columns don't actually exist, data loss can result. Attempt to work
around these issues by reloading schema information before running
the migration, and raising errors if the model reports that any of its
source or destination columns are missing.
This suggests possibly related issues when the user types a title.
This uses GraphQL to allow the frontend to request the exact
data that is requires. We also get free caching through the Vue Apollo
plugin.
With this we can include the ability to import .graphql files in JS
and Vue files.
Also we now have the Vue test utils library to make testing
Vue components easier.
Closes#22071
We want to keep failed install pods around so that it is easier to debug
why a failure occured. With this change we also need to ensure that we
remove a previous pod with the same name before installing so that
re-install does not fail.
Another change here is that we no longer need to catch errors from
delete_pod! in CheckInstallationProgressService as we now catch the
ResourceNotFoundError in Helm::Api. The catch statement in
CheckInstallationProgressService was also probably too broad before and
should have been narrowed down simply to ResourceNotFoundError.
`Rugged::Reference.valid_name?` used in
`Gitlab::GitRefValidator.validate` fails on strings containing null
bytes because it uses `StringValueCStr()`. Per
https://silverhammermba.github.io/emberb/c/:
Ruby’s String kinda corresponds to C’s char*. The simplest macro is
StringValueCStr() which returns a null-terminated char* for a
String. The problem here is that a Ruby String might contain nulls - in
which case StringValueCStr() will raise an ArgumentError!
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54466
Nick Thomas
Fabio Busatto
Andreas Brandl
Dmitriy Zaporozhets
Thong Kuah
Kamil Trzciński
Rémy Coutable
Imre Farkas
Steve Azzopardi
Cindy Pallares
Douwe Maan
Toon Claes
Stan Hu
Filipa Lacerda
Phil Hughes
Dylan Griffith
Tiago Botelho
Douglas Barbosa Alexandre