This project is mirrored from https://jihulab.com/gitlab-cn/gitlab.git.
Pull mirroring updated .
- Feb 20, 2024
-
-
GitLab Release Tools Bot authored
[merge-train skip]
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
Add a limit to CodeOwners reference extractor regex See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3861 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Joe Woodward <jwoodward@gitlab.com> Co-authored-by:
Robert May <rmay@gitlab.com>
-
Robert May authored
Merge branch 'security-435036-16-7' into '16-7-stable-ee' See merge request gitlab-org/security/gitlab!3861 Changelog: security
-
GitLab Release Tools Bot authored
Ensure LDAP user cannot sign in with password See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3893 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Smriti Garg <sgarg@gitlab.com> Co-authored-by:
Drew Blessing <drew@gitlab.com>
-
Drew Blessing authored
Merge branch 'security-security_prevent_ldap_user_password_sign_in-16-7' into '16-7-stable-ee' See merge request gitlab-org/security/gitlab!3893 Changelog: security
-
GitLab Release Tools Bot authored
Ensure LDAP users cannot reset local password to bypass LDAP See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3881 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Doug Stull <dstull@gitlab.com> Co-authored-by:
Drew Blessing <drew@gitlab.com>
-
Drew Blessing authored
Merge branch 'security-security_dblessing_ldap_password_reset_fix-16-7' into '16-7-stable-ee' See merge request gitlab-org/security/gitlab!3881 Changelog: security
-
GitLab Release Tools Bot authored
Disallow assigning higher role than current user See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3852 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Aboobacker MK <akarakath@gitlab.com> Co-authored-by:
Jarka Košanová <jarka@gitlab.com>
-
Jarka Košanová authored
Merge branch 'security-admin-member-perm-16-7' into '16-7-stable-ee' See merge request gitlab-org/security/gitlab!3852 Changelog: security
-
GitLab Release Tools Bot authored
Check project read access in Environments and Operations dashboard See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3871 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Ameya Darshan <adarshan@gitlab.com> Approved-by:
Dylan Griffith <dyl.griffith@gmail.com> Co-authored-by:
Pam Artiaga <partiaga@gitlab.com>
-
Pam Artiaga authored
Merge branch 'security-424766-fix-environments-projects-dashboard-16-7' into '16-7-stable-ee' See merge request gitlab-org/security/gitlab!3871 Changelog: security
-
GitLab Release Tools Bot authored
Invalidate markdown cache to clear up stored XSS See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3886 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Roy Zwambag <rzwambag@gitlab.com> Co-authored-by:
bmarjanovic <bmarjanovic@gitlab.com>
-
Bojan Marjanovic authored
Merge branch 'security-441094-confidential-issue-16-7' into '16-7-stable-ee' See merge request gitlab-org/security/gitlab!3886 Changelog: security
-
GitLab Release Tools Bot authored
Disallow users to modify deploy key title See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3865 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Hunter Stewart <hustewart@gitlab.com> Co-authored-by:
Anna Vovchenko <avovchenko@gitlab.com>
-
Anna Vovchenko authored
Merge branch 'security-disallow-users-to-modify-deploy-key-title-16-7' into '16-7-stable-ee' See merge request gitlab-org/security/gitlab!3865 Changelog: security
-
GitLab Release Tools Bot authored
Adds authorization for analytics settings See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3857 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Tetiana Chupryna <tchupryna@gitlab.com> Co-authored-by:
Surabhi Suman <ssuman@gitlab.com>
-
Surabhi Suman authored
Merge branch 'security-authorize-analytics-settings-16-7' into '16-7-stable-ee' See merge request gitlab-org/security/gitlab!3857 Changelog: security
-
GitLab Release Tools Bot authored
Use merge_head_diff for codeowners when merge request is mergeable See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3869 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Piotr Skorupa <pskorupa@gitlab.com> Co-authored-by:
j.seto <jseto@gitlab.com>
-
Jerry Seto authored
Merge branch 'security-437988-codeowner-approval-16-7' into '16-7-stable-ee' See merge request gitlab-org/security/gitlab!3869 Changelog: security
-
- Feb 12, 2024
-
-
Mayra Cabrera authored
Fix X.509 commit signing for OpenSSL 3 See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/144357 Merged-by:
Mayra Cabrera <mcabrera@gitlab.com> Approved-by:
Mayra Cabrera <mcabrera@gitlab.com> Co-authored-by:
Stan Hu <stanhu@gmail.com>
-
- Feb 09, 2024
-
-
Stan Hu authored
OpenSSL v3+ reports `PKCS12_parse: parse error` while OpenSSL v1.1 reports `PKCS12_parse: mac verify failure`. Unfortunately, we can't tell what underlying library is used, so just look for an error.
-
Stan Hu authored
OpenSSL v3 no longer allows mutating `OpenSSL::PKey::EC` types: https://github.com/ruby/openssl/commit/6848d2d969 Changelog: fixed
-
Stan Hu authored
The change in OpenSSL 3 along with https://github.com/ruby/ruby/commit/cff5bd63065da3ca53e877b086c2671884ae16dd caused the formatting of `OpenSSL::X509::Extension#value` to change from this in OpenSSL 1.1: ``` keyid:<some fingerprint>\n ``` To this in OpenSSL 3 with no trailing newline: ``` <some fingerprint> ``` Since `Gitlab::X509::Signature#issuer_subject_key_identifier` was using `delete!`, the missing newline caused this method to return `nil`, which effectively prevented any signature from working. To cut down on string allocations and avoid this bug, return the `key_identifier` after `String#gsub!` and `String#chomp!` are run. Changelog: fixed
-
- Feb 07, 2024
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[merge-train skip]
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
[ci skip]
-
- Feb 06, 2024
-
-
GitLab Release Tools Bot authored
Fix CI component input Regexp See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3855 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Avielle Wolfe <awolfe@gitlab.com> Co-authored-by:
Furkan Ayhan <furkanayhn@gmail.com>
-
Furkan Ayhan authored
Merge branch 'security-1039-433147-inputs-regexp-dos-16-7' into '16-7-stable-ee' See merge request gitlab-org/security/gitlab!3855 Changelog: security
-
GitLab Release Tools Bot authored
Merge branch 'security-435500-project-maintainers-can-bypass-block-branch-modification-policies-16-7' into '16-7-stable-ee' Make scan result policies block renaming branches See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3838 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Sashi Kumar Kumaresan <skumar@gitlab.com> Co-authored-by:
Dominic Bauer <dbauer@gitlab.com>
-
Dominic Bauer authored
Merge branch 'security-435500-project-maintainers-can-bypass-block-branch-modification-policies-16-7' into '16-7-stable-ee' See merge request gitlab-org/security/gitlab!3838 Changelog: security
-
GitLab Release Tools Bot authored
Merge branch 'security-fix-resource-exhaustion-in-vulnerability-count-by-day-16-7' into '16-7-stable-ee' Limit vulnerabilitiesCountByDay date range to 1 year See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3827 Merged-by:
GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Approved-by:
Tetiana Chupryna <tchupryna@gitlab.com> Co-authored-by:
Brian Williams <bwilliams@gitlab.com>
-
Brian Williams authored
Merge branch 'security-fix-resource-exhaustion-in-vulnerability-count-by-day-16-7' into '16-7-stable-ee' See merge request gitlab-org/security/gitlab!3827 Changelog: security
-
Mayra Cabrera authored
Backport UUID migration finalization to 16.7 See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/143500 Merged-by:
Mayra Cabrera <mcabrera@gitlab.com> Approved-by:
Mayra Cabrera <mcabrera@gitlab.com> Approved-by:
Gregory Havenga <11164960-ghavenga@users.noreply.gitlab.com> Co-authored-by:
Simon Tomlinson <stomlinson@gitlab.com>
-
- Feb 01, 2024
-
-
Simon Tomlinson authored
Finalize UUID backfilling before column type migration cleanup occurs See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/142537 Merged-by:
Simon Tomlinson <stomlinson@gitlab.com> Approved-by:
Simon Tomlinson <stomlinson@gitlab.com> Reviewed-by:
Simon Tomlinson <stomlinson@gitlab.com> Co-authored-by:
Michał Zając <mzajac@gitlab.com> (cherry picked from commit fad8d4ed) e4a4b4b8 Finalize UUID backfilling before column type migration cleanup occurs
-
- Jan 30, 2024
-
-
Mayra Cabrera authored
Update dependency prometheus-client-mmap to '~> 1.1', '>= 1.1.1' See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/143174 Merged-by:
Mayra Cabrera <mcabrera@gitlab.com> Approved-by:
Mayra Cabrera <mcabrera@gitlab.com> Co-authored-by:
Rémy Coutable <remy@rymai.me> Co-authored-by:
Stan Hu <stanhu@gmail.com>
-
Rémy Coutable authored
-
Stan Hu authored
This backports https://gitlab.com/gitlab-org/gitlab/-/merge_requests/143159 to solve high committed RAM usage identified in https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8373. This reverts https://gitlab.com/gitlab-org/ruby/gems/prometheus-client-mmap/-/merge_requests/137. Changelog: fixed
-