Commits · v12.3.9-ee · gitlab-cn / Gitlab

This project is mirrored from https://jihulab.com/gitlab-cn/gitlab.git. Pull mirroring updated 25 minutes ago.

Dec 09, 2019
- Update VERSION to 12.3.9-ee · f1fda893
  GitLab Release Tools Bot authored 5 years ago
  
  v12.3.9-ee
  
  f1fda893
- Update CHANGELOG.md for 12.3.9 · 4bcebc86
  GitLab Release Tools Bot authored 5 years ago
```
[ci skip]
```
  4bcebc86
- Update CHANGELOG-EE.md for 12.3.9-ee · 2d623ad8
  GitLab Release Tools Bot authored 5 years ago
```
[ci skip]
```
  2d623ad8
- Merge branch 'security-37766-transfer-group-reindex-12-3' into '12-3-stable-ee' · a4fd0116
  Alessio Caiazza authored 5 years ago
```
Trigger Elasticsearch indexing when public group moved to private

See merge request gitlab/gitlab-ee!1524
```
  a4fd0116
- Merge branch 'security-400-path-traversal-rce2-12-3' into '12-3-stable-ee' · 0dd6d364
  Alessio Caiazza authored 5 years ago
```
Update maven file_name regex for full string

See merge request gitlab/gitlab-ee!1513
```
  0dd6d364
- Update maven file_name regex for full string · 85db3f2d
  Steve Abrams authored 5 years ago
```
Do a full string check on maven file_name rather
than just a single line to prevent malicious
attacks.
```
  85db3f2d
Dec 06, 2019

Trigger Elasticsearch indexing when public group moved to private · 641735e2

Dylan Griffith authored 5 years ago

This fixes https://gitlab.com/gitlab-org/gitlab/issues/37766 which is
caused by the fact that we leave the stale permissions data in the index
after a group is moved to another group.

641735e2

Merge branch 'cherry-pick--2' into '12-3-stable-ee' · 2635ef8a

Marin Jankovski authored 5 years ago

[12.3] Merge branch 'fix_badge_feature_spec_external_request' into 'master'

See merge request gitlab-org/gitlab!21299

2635ef8a

Merge branch 'sh-bump-issauble-timeout' into 'master' · a2c3b304

Michael Kozono authored 5 years ago

Bump Markdown timeout from 3 to 6 seconds in test

Closes #35269

See merge request gitlab-org/gitlab!19408

(cherry picked from commit 51e1569b)

3a4525cf Bump Markdown timeout from 3 to 6 seconds in test

a2c3b304

Merge branch 'fix_badge_feature_spec_external_request' into 'master' · 0cc08333

Ash McKenzie authored 5 years ago

Don't make external requests

Closes #38045

See merge request gitlab-org/gitlab!21161

(cherry picked from commit f88ed9ed)

ebeab42f Don't make external requests

0cc08333

Nov 27, 2019
- Merge remote-tracking branch 'dev/12-3-stable-ee' into 12-3-stable-ee · d0f32222
  GitLab Release Tools Bot authored 5 years ago
  
  d0f32222
- Update VERSION to 12.3.8-ee · 5b6250ce
  GitLab Release Tools Bot authored 5 years ago
  
  v12.3.8-ee
  
  5b6250ce
- Update CHANGELOG.md for 12.3.8 · 91b8623a
  GitLab Release Tools Bot authored 5 years ago
```
[ci skip]
```
  91b8623a
- Update CHANGELOG-EE.md for 12.3.8-ee · 75975ee2
  GitLab Release Tools Bot authored 5 years ago
```
[ci skip]
```
  75975ee2
- Merge remote-tracking branch 'dev/12-3-stable-ee' into 12-3-stable-ee · a446a13b
  GitLab Release Tools Bot authored 5 years ago
  
  a446a13b
Nov 26, 2019
- Update VERSION to 12.3.7-ee · a58a3535
  GitLab Release Tools Bot authored 5 years ago
  
  v12.3.7-ee
  
  a58a3535
- Update CHANGELOG.md for 12.3.7 · a313bc5a
  GitLab Release Tools Bot authored 5 years ago
```
[ci skip]
```
  a313bc5a
- Update CHANGELOG-EE.md for 12.3.7-ee · 6ceb0ce1
  GitLab Release Tools Bot authored 5 years ago
```
[ci skip]
```
  6ceb0ce1
- Merge branch 'security-dos-issue-and-commit-comments-ee-12-3' into '12-3-stable-ee' · 117fd54c
  GitLab Release Tools Bot authored 5 years ago
```
Fix invalid byte sequence

See merge request gitlab/gitlab-ee!1478
```
  117fd54c
- Merge branch 'security-29660-update-dependencies-12-3-ee' into '12-3-stable-ee' · 4fc0f9e5
  GitLab Release Tools Bot authored 5 years ago
```
Update Workhorse and Gitaly to fix a security issue

See merge request gitlab/gitlab-ee!1411
```
  4fc0f9e5
- Merge branch 'security-aws-secret-key-2937-12-3' into '12-3-stable-ee' · f82503e7
  GitLab Release Tools Bot authored 5 years ago
```
Hide AWS secret on Admin Integration page

See merge request gitlab/gitlab-ee!1422
```
  f82503e7
- Merge branch 'security-2940-fix-jira-integration-endpoints-12-3' into '12-3-stable-ee' · 2d62bb72
  GitLab Release Tools Bot authored 5 years ago
```
Branches and commits are exposed to guests using APIs used by Jira

See merge request gitlab/gitlab-ee!1425
```
  2d62bb72
- Merge branch 'security-dns-rebind-ssrf-in-slack-notifications-12-3' into '12-3-stable-ee' · 2372a927
  GitLab Release Tools Bot authored 5 years ago
```
Use Gitlab::HTTP for all chat notifications

See merge request gitlab/gitlab-ee!1430
```
  2372a927
- Merge branch 'security-fix-blocked-user-pull-mirror-12-3' into '12-3-stable-ee' · 4e33d57c
  GitLab Release Tools Bot authored 5 years ago
```
Fail pull mirror when mirror user is blocked

See merge request gitlab/gitlab-ee!1435
```
  4e33d57c
- Merge branch 'security-permissions-for-vulnerable-filter-12-3' into '12-3-stable-ee' · 587d70d6
  GitLab Release Tools Bot authored 5 years ago
```
Dependency List shows dependency vulnerability status as safe to not logged in users

See merge request gitlab/gitlab-ee!1436
```
  587d70d6
- Merge branch 'security-33712-12-3' into '12-3-stable-ee' · 04c06ffa
  GitLab Release Tools Bot authored 5 years ago
```
Fix private comment Elasticsearch leak

See merge request gitlab/gitlab-ee!1445
```
  04c06ffa
- Merge branch 'security-idor-protected-environment-users-12-3' into '12-3-stable-ee' · 6611aef8
  GitLab Release Tools Bot authored 5 years ago
```
RO: Prevent IDOR when adding users to protected environments

See merge request gitlab/gitlab-ee!1453
```
  6611aef8
- Merge branch 'security-ag-cycle-analytics-guest-permissions-12-3' into '12-3-stable-ee' · 12bee61e
  GitLab Release Tools Bot authored 5 years ago
```
Prevent guests from seeing commits for cycle analytics

See merge request gitlab/gitlab-ee!1461
```
  12bee61e
- Merge branch 'security-filter-related-branches-from-activity-feed-12.3' into '12-3-stable-ee' · 6c76635b
  GitLab Release Tools Bot authored 5 years ago
```
Related Branches Visible to Guests in Issue Activity

See merge request gitlab/gitlab-ee!1464
```
  6c76635b
- Merge branch 'security-394-path-traversal-package-bug-12-3' into '12-3-stable-ee' · ad59abf3
  GitLab Release Tools Bot authored 5 years ago
```
Fix Maven file_name security issue

See merge request gitlab/gitlab-ee!1467
```
  ad59abf3
- Fix Maven file_name security issue · 75c8d131
  Steve Abrams authored 5 years ago
```
Add maven file_name regex validation
on incoming file_name param
for maven file uploads to prevent malicious
or encoded characters from passing into the
filename.
```
  75c8d131
- Merge branch 'security-2943-encrypt-plaintext-tokens-12-3-ee' into '12-3-stable-ee' · 89f9412f
  GitLab Release Tools Bot authored 5 years ago
```
GitLab stores AWS, Slack, Askimet, reCaptcha tokens in plaintext

See merge request gitlab/gitlab-ee!1469
```
  89f9412f
- Merge branch 'security-id-dont-create-todo-for-non-members-12-3' into '12-3-stable-ee' · 4ac30359
  GitLab Release Tools Bot authored 5 years ago
```
Do not create todos for approvers without access

See merge request gitlab/gitlab-ee!1481
```
  4ac30359
- Merge branch 'security-fix-xss-in-label-namespace-12-3-ee' into '12-3-stable-ee' · a246506f
  GitLab Release Tools Bot authored 5 years ago
```
Escape namespace in label references

See merge request gitlab/gitlab-ee!1484
```
  a246506f
- Merge branch 'security-28802-respect-fork-parent-visibility-12-3-ee' into '12-3-stable-ee' · ff2f7f6c
  GitLab Release Tools Bot authored 5 years ago
```
Check permissions before showing a forked project's source

See merge request gitlab/gitlab-ee!1485
```
  ff2f7f6c
- Merge branch 'security-exclude_ids_attribute_cleaning-12-3-ee' into '12-3-stable-ee' · d4cbaed3
  GitLab Release Tools Bot authored 5 years ago
```
Ensure attributes that end in `_ids` are cleaned

See merge request gitlab/gitlab-ee!1493
```
  d4cbaed3
- Spec to ensure `_ids` are cleaned by ImportExport::AttributeCleaner · 19376261
  Imre Farkas authored 5 years ago
  
  19376261
- Ensure attributes that end in `_ids` are cleaned · 6bf56ed9
  DJ Mountney authored 5 years ago
```
This prevents an issue where you can steal other projects objects by
asking for ids that don't belong to you in import.
```
  6bf56ed9
Nov 25, 2019

Check permissions before showing a forked project's source · 651ca3e7
Nick Thomas authored 5 years ago

651ca3e7

Encrypt application settings with pre and post deployments · 96535965

Arturo Herrero authored 5 years ago

We had concerns about the cached values on Redis with the previous two
releases strategy:

First release (this commit):
  - Create new encrypted fields in the database.
  - Start populating new encrypted fields, read the encrypted fields or
    fallback to the plaintext fields.
  - Backfill the data removing the plaintext fields to the encrypted
    fields.
Second release:
  - Remove the virtual attribute (created in step 2).
  - Drop plaintext columns from the database (empty columns after
    step 3).

We end up with a better strategy only using migration scripts in one
release:
  - Pre-deployment migration: Add columns required for storing encrypted
    values.
  - Pre-deployment migration: Store the encrypted values in the new
    columns.
  - Post-deployment migration: Remove the old unencrypted columns

96535965