-
Draft: Remove `unsafe-eval` from CSP 0 of 1 checklist item completed
-
Prefixes OAuth Application Secrets with gloas 2 of 2 checklist items completed
- Merged
- 32
- 1
- Approved
updated -
Add BaseActionController to allow setting security headers 0 of 1 checklist item completed
- Merged
- 27
- Approved
updated -
Clarify public projects IP restriction in doc 1 of 1 checklist item completed
- Merged
- 6
- Approved
updated -
Clarify username changes and CODEOWNERS 0 of 1 checklist item completed
- Merged
- 3
- Approved
updated -
GraphQL: Mask CiJob.shortSha when non-authorized 1 of 1 checklist item completed
- Merged
- 19
- Approved
updated -
Notification email for newly authorized and created OAuth applications 1 of 1 checklist item completed!129928 16.5Community contribution GitLab Free GitLab Premium GitLab Ultimate RTRecControl Technical Writing UI text backend devopsgovern documentation featureaddition frontend groupauthentication and authorization [DEPRECATED] linked-issue oauth pipeline:mr-approved releasedpublished sectionsec security typefeature workflowpost-deploy-db-production
- Merged
- 86
- Approved
updated -
Mask job fields according to :read_build permission if in runner context 0 of 1 checklist item completed
- Merged
- 40
- Approved
updated -
Prefix agent tokens with `glagent-` 1 of 1 checklist item completed
- Merged
- 10
- Approved
updated -
Remove channel properties from API when channels are masked 1 of 1 checklist item completed!129497 16.4
- Merged
- 20
- Approved
updated -
Check user access when searching for packages in a namespace 1 of 1 checklist item completed!129396 16.4Category:Package Registry Deliverable Package:P1 backend bugvulnerability customer database databaseapproved devopspackage grouppackage registry npm Registry pipeline:mr-approved priority4 releasedpublished sectionci security security-fix-in-public severity4 typebug workflowpost-deploy-db-production
- Merged
- 40
- Approved
updated -
Allow access to webpack assets from web-ide 0 of 1 checklist item completed
- Merged
- 13
- Approved
updated -
- Merged
- 16
- Approved
updated -
Draft: Remove some streaming information for view 0 of 1 checklist item completed
-
Embed dedicated JWT container user info in container registry JWT 1 of 1 checklist item completed!127622 16.3
- Merged
- 21
- Approved
updated -
Warn on merge requests to project with more permissive visibility 0 of 1 checklist item completed!127407 16.3Category:Source Code Management Deliverable HackerOne SUSImpacting Technical Writing UI text WeaknessCWE-200 backend bugvulnerability devopscreate frontend groupsource code pipeline:mr-approved priority3 releasedpublished sectiondev security security-fix-in-public severity4 tw-weight3 twfinished typebug workflowpost-deploy-db-production
- Merged
- 28
- Approved
updated -
Validate URL on Vulnerabilities::Identifier model 1 of 1 checklist item completed
- Merged
- 18
- Approved
updated -
Add warning about fully protected after push 0 of 1 checklist item completed
- Merged
- 7
- Approved
updated -
Draft: Initialize ActiveRecord encryption keys 0 of 4 checklist items completed