Commits on Source (33)
-
Merge branch 'security-method_call_regex-17-1' into '17-1-stable-ee' See merge request gitlab-org/security/gitlab!4174 Changelog: security
-
GitLab Release Tools Bot authored
Mitigate ReDoS attacks via `method_call_regex` See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4174 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Terri Chu <tchu@gitlab.com> Co-authored-by:
Joe Woodward <j@joewoodward.me>
-
Merge branch 'security-464017-confidential-issue-17-1' into '17-1-stable-ee' See merge request gitlab-org/security/gitlab!4172 Changelog: security
-
GitLab Release Tools Bot authored
Reject deletion of security policy project approval rules See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4172 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Marc Saleiko <msaleiko@gitlab.com> Approved-by:
Jerry Seto <jseto@gitlab.com> Reviewed-by:
Marc Saleiko <msaleiko@gitlab.com> Co-authored-by:
Dominic Bauer <dbauer@gitlab.com>
-
Merge branch 'jj-457235-promote-quick-action-prevent-non-member-17-1' into '17-1-stable-ee' See merge request gitlab-org/security/gitlab!4190 Changelog: security
-
GitLab Release Tools Bot authored
Prevent non-members from using promote_to quick action for quick actions See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4190 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Javiera Tapia <jtapia@gitlab.com> Co-authored-by:
Joseph Wambua <jjoshua@gitlab.com>
-
Merge branch 'security-452548-sso-2-17-1' into '17-1-stable-ee' See merge request gitlab-org/security/gitlab!4197 Changelog: security
-
GitLab Release Tools Bot authored
Pass SSO session data to Sidekiq See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4197 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Gosia Ksionek <mksionek@gitlab.com> Co-authored-by:
Mark Chao <mchao@gitlab.com>
-
Merge branch 'security-ph/1121/removeCollapseLongCommitListFromDeprecatedNotes-17-1' into '17-1-stable-ee' See merge request gitlab-org/security/gitlab!4203 Changelog: security
-
GitLab Release Tools Bot authored
Merge branch 'security-ph/1121/removeCollapseLongCommitListFromDeprecatedNotes-17-1' into '17-1-stable-ee' Remove collapseLongCommitList method See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4203 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Kushal Pandya <kushal@gitlab.com> Co-authored-by:
Phil Hughes <me@iamphill.com>
-
Merge branch 'security-ph/1122/hideBranchMergeRequest-17-1' into '17-1-stable-ee' See merge request gitlab-org/security/gitlab!4200 Changelog: security
-
GitLab Release Tools Bot authored
Hide branch merge request if merge requests are private See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4200 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Kushal Pandya <kushal@gitlab.com> Co-authored-by:
Phil Hughes <me@iamphill.com>
-
Merge branch 'security-security_clickjacking_authorize-17-1' into '17-1-stable-ee' See merge request gitlab-org/security/gitlab!4186 Changelog: security
-
GitLab Release Tools Bot authored
Fix clickjacking on OAuth application page See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4186 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Imre Farkas <ifarkas@gitlab.com> Co-authored-by:
Aboobacker MK <akarakath@gitlab.com>
-
Merge branch 'security-redos-autolink-filter-17-1' into '17-1-stable-ee' See merge request gitlab-org/security/gitlab!4126 Changelog: security
-
GitLab Release Tools Bot authored
Add limits on autolinker regex See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4126 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Greg Alfaro <galfaro@gitlab.com> Approved-by:
Jessie Young <jessieyoung@gitlab.com> Co-authored-by:
Brett Walker <bwalker@gitlab.com>
-
Merge branch 'security-retarget-no-pipeline-squash-17-1' into '17-1-stable-ee' See merge request gitlab-org/security/gitlab!4187 Changelog: security
-
GitLab Release Tools Bot authored
Do not run a new pipeline on re-target See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4187 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Sashi Kumar Kumaresan <skumar@gitlab.com> Approved-by:
Dylan Griffith <dyl.griffith@gmail.com> Approved-by:
Payton Burdette <pburdette@gitlab.com> Co-authored-by:
Patrick Bajao <ebajao@gitlab.com>
-
Merge branch 'security-zoekt-omit-private-repos-from-public-projects-17-1' into '17-1-stable-ee' See merge request gitlab-org/security/gitlab!4210 Changelog: security
-
GitLab Release Tools Bot authored
Remove search results from public projects with unauthorized repos See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4210 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Dmitry Gruzd <dgruzd@gitlab.com> Co-authored-by:
John Mason <jmason@gitlab.com>
-
Merge branch 'security-security_deny_access_to_private_artifacts-17-1' into '17-1-stable-ee' See merge request gitlab-org/security/gitlab!4194 Changelog: security
-
GitLab Release Tools Bot authored
Fix for Private job artifacts can be accessed by any user See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4194 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Max Orefice <morefice@gitlab.com> Co-authored-by:
Shabini Rajadas <srajadas@gitlab.com>
-
Merge branch 'security-introspection-query-multiplex-fix-17-1' into '17-1-stable-ee' See merge request gitlab-org/security/gitlab!4173 Changelog: security
-
GitLab Release Tools Bot authored
Use permitted_params for standalone and multiplex queries See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4173 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Heinrich Lee Yu <heinrich@gitlab.com> Co-authored-by:
Roy Zwambag <rzwambag@gitlab.com>
-
Merge branch 'security-1112-redos-openapi' into '17-1-stable-ee' See merge request gitlab-org/security/gitlab!4135 Changelog: security
-
Jenny Kim authored
Fix the catastrophic backtracking in openapi regex See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4135 Merged-by:
Jenny Kim <yjeankim@gitlab.com> Approved-by:
Dmitry Gruzd <dgruzd@gitlab.com> Co-authored-by:
rkumar555 <rkumar@gitlab.com>
-
Merge branch 'security-banzai-pipeline-17-1' into '17-1-stable-ee' See merge request gitlab-org/security/gitlab!4184 Changelog: security
-
Jenny Kim authored
Security fixes for banzai pipeline See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4184 Merged-by:
Jenny Kim <yjeankim@gitlab.com> Approved-by:
Jerry Seto <jseto@gitlab.com> Co-authored-by:
Brett Walker <bwalker@gitlab.com>
-
Stan Hu authored
Fix MailRoom not loading in Omnibus See merge request !157347 Merged-by:
Stan Hu <stanhu@gmail.com> Approved-by:
Mario Celi <mcelicalderon@gitlab.com>
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
[merge-train skip]
-
GitLab Release Tools Bot authored
Showing
- CHANGELOG.md 23 additions, 0 deletionsCHANGELOG.md
- GITALY_SERVER_VERSION 1 addition, 1 deletionGITALY_SERVER_VERSION
- GITLAB_KAS_VERSION 1 addition, 1 deletionGITLAB_KAS_VERSION
- GITLAB_PAGES_VERSION 1 addition, 1 deletionGITLAB_PAGES_VERSION
- VERSION 1 addition, 1 deletionVERSION
- app/assets/javascripts/deprecated_notes.js 0 additions, 31 deletionsapp/assets/javascripts/deprecated_notes.js
- app/assets/javascripts/vue_merge_request_widget/components/mr_widget_pipeline.vue 40 additions, 0 deletions...ue_merge_request_widget/components/mr_widget_pipeline.vue
- app/assets/javascripts/vue_merge_request_widget/components/mr_widget_pipeline_container.vue 4 additions, 0 deletions...equest_widget/components/mr_widget_pipeline_container.vue
- app/assets/javascripts/vue_merge_request_widget/components/states/merge_failed_pipeline_confirmation_dialog.vue 17 additions, 2 deletions...ents/states/merge_failed_pipeline_confirmation_dialog.vue
- app/assets/javascripts/vue_merge_request_widget/components/states/ready_to_merge.vue 8 additions, 2 deletions...merge_request_widget/components/states/ready_to_merge.vue
- app/assets/javascripts/vue_merge_request_widget/mixins/run_pipeline.js 59 additions, 0 deletions...vascripts/vue_merge_request_widget/mixins/run_pipeline.js
- app/assets/javascripts/vue_merge_request_widget/queries/get_state.query.graphql 6 additions, 0 deletions.../vue_merge_request_widget/queries/get_state.query.graphql
- app/assets/javascripts/vue_merge_request_widget/stores/mr_widget_store.js 3 additions, 0 deletions...cripts/vue_merge_request_widget/stores/mr_widget_store.js
- app/controllers/graphql_controller.rb 22 additions, 12 deletionsapp/controllers/graphql_controller.rb
- app/graphql/mutations/branch_rules/delete.rb 2 additions, 0 deletionsapp/graphql/mutations/branch_rules/delete.rb
- app/graphql/types/merge_request_type.rb 3 additions, 0 deletionsapp/graphql/types/merge_request_type.rb
- app/models/ci/processable.rb 12 additions, 1 deletionapp/models/ci/processable.rb
- app/models/merge_request.rb 7 additions, 1 deletionapp/models/merge_request.rb
- app/models/project.rb 19 additions, 2 deletionsapp/models/project.rb
- app/serializers/merge_request_poll_widget_entity.rb 2 additions, 0 deletionsapp/serializers/merge_request_poll_widget_entity.rb