Backport 10.1.2 security fixes to master (!3318) · Merge requests · GitLab.org / GitLab · GitLab

Michael Kozono requested to merge mk-backport-security-fixes-to-master into master Nov 09, 2017

What does this MR do?

Backports 10.1.2 security fixes to master.

Are there points in the code the reviewer needs to double check?

I actually cherry-picked from 10-1-stable-ee, not security-10-1-ee, which seemed to be outdated.
Should VERSION stay at 10.2.0-pre?
There are no new unreleased changelog entries from the commits I picked. I'm not sure what should be done regarding the changelogs.

Why was this MR needed?

This step of the Security Release: https://gitlab.com/gitlab-org/gitlab-ce/issues/39733

[ ] Publish latest code to GitLab.com (owner: Release Manager)

Which I took to be equivalent to this step of the sub release issues:

[ ] Cherry-pick the merges from the security branch into master and push to all remotes.

What are the relevant issue numbers?

Security Release issue - https://gitlab.com/gitlab-org/gitlab-ce/issues/39733
10.1.2 - https://gitlab.com/gitlab-org/gitlab-ce/issues/39890
10.0.6 - https://gitlab.com/gitlab-org/gitlab-ce/issues/39891
9.5.10 - https://gitlab.com/gitlab-org/gitlab-ce/issues/39892

Crosslinking my chatter in Slack about this: https://gitlab.slack.com/archives/C0XM5UU6B/p1510210765000065?thread_ts=1510201211.000151&cid=C0XM5UU6B

/cc @stanhu @godfat @felipe_artur @winh

Edited Oct 29, 2021 by 🤖 GitLab Bot 🤖