Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
7f5f12eb
Commit
7f5f12eb
authored
Sep 02, 2020
by
Marin Jankovski
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'master' of dev.gitlab.org:gitlab/gitlab-ee
parents
e3a32eb5
26cd9c84
Changes
26
Hide whitespace changes
Inline
Side-by-side
Showing
26 changed files
with
111 additions
and
122 deletions
+111
-122
CHANGELOG-EE.md
CHANGELOG-EE.md
+24
-0
CHANGELOG.md
CHANGELOG.md
+87
-0
changelogs/unreleased/215879-check-validity-of-repository-mirror-urls.yml
...eased/215879-check-validity-of-repository-mirror-urls.yml
+0
-5
changelogs/unreleased/security-199-show-actual-group.yml
changelogs/unreleased/security-199-show-actual-group.yml
+0
-6
changelogs/unreleased/security-209-dblessing-prevent-stale-otp-user-id.yml
...ased/security-209-dblessing-prevent-stale-otp-user-id.yml
+0
-5
changelogs/unreleased/security-212-regenerate-2fa-app-code.yml
...elogs/unreleased/security-212-regenerate-2fa-app-code.yml
+0
-5
changelogs/unreleased/security-213-delete-other-sessions-when-activating-2fa.yml
...ecurity-213-delete-other-sessions-when-activating-2fa.yml
+0
-5
changelogs/unreleased/security-214-dblessing-revoke-session-on-pw-change.yml
...ed/security-214-dblessing-revoke-session-on-pw-change.yml
+0
-5
changelogs/unreleased/security-216-access-to-private-projects.yml
...gs/unreleased/security-216-access-to-private-projects.yml
+0
-5
changelogs/unreleased/security-217-dblessing-safe-omniauth-errors.yml
...nreleased/security-217-dblessing-safe-omniauth-errors.yml
+0
-5
changelogs/unreleased/security-218-prevent-2fa-bypass-using-api.yml
.../unreleased/security-218-prevent-2fa-bypass-using-api.yml
+0
-6
changelogs/unreleased/security-220-dblessing-revoke-remember-me-on-session-revocation.yml
...20-dblessing-revoke-remember-me-on-session-revocation.yml
+0
-5
changelogs/unreleased/security-223-webhook-dos-attack.yml
changelogs/unreleased/security-223-webhook-dos-attack.yml
+0
-5
changelogs/unreleased/security-add-presence-validation-oauth-apps.yml
...nreleased/security-add-presence-validation-oauth-apps.yml
+0
-5
changelogs/unreleased/security-api-auth-use-job-token-for-running-jobs.yml
...ased/security-api-auth-use-job-token-for-running-jobs.yml
+0
-5
changelogs/unreleased/security-deploy-token-can-read-disabled-repo.yml
...released/security-deploy-token-can-read-disabled-repo.yml
+0
-5
changelogs/unreleased/security-fix-conan-workhorse-params.yml
...gelogs/unreleased/security-fix-conan-workhorse-params.yml
+0
-5
changelogs/unreleased/security-graphql-type-check.yml
changelogs/unreleased/security-graphql-type-check.yml
+0
-5
changelogs/unreleased/security-improper-access-control-on-deploy-key.yml
...leased/security-improper-access-control-on-deploy-key.yml
+0
-5
changelogs/unreleased/security-pb-limit-profile-events.yml
changelogs/unreleased/security-pb-limit-profile-events.yml
+0
-5
changelogs/unreleased/security-prevent-aws-external-id-manipulation.yml
...eleased/security-prevent-aws-external-id-manipulation.yml
+0
-5
changelogs/unreleased/security-projectmaintainer-edit-badges.yml
...ogs/unreleased/security-projectmaintainer-edit-badges.yml
+0
-5
changelogs/unreleased/security-upgrade-jquery-3-5.yml
changelogs/unreleased/security-upgrade-jquery-3-5.yml
+0
-5
changelogs/unreleased/security-websocket-extensions-update-0-1-5.yml
...unreleased/security-websocket-extensions-update-0-1-5.yml
+0
-5
ee/changelogs/unreleased/security-219378-xss-on-vulnerability-history.yml
...released/security-219378-xss-on-vulnerability-history.yml
+0
-5
ee/changelogs/unreleased/security-conf-epic-visibility.yml
ee/changelogs/unreleased/security-conf-epic-visibility.yml
+0
-5
No files found.
CHANGELOG-EE.md
View file @
7f5f12eb
Please view this file on the master branch, on stable branches it's out of date.
## 13.3.3 (2020-09-02)
### Security (2 changes)
-
Sanitize vulnerability history comment.
-
Fix displaying epics visibility in issue sidebar.
## 13.3.2 (2020-08-28)
-
No changes.
...
...
@@ -254,6 +262,14 @@ Please view this file on the master branch, on stable branches it's out of date.
-
Replace -800 hex value, replace usages with -700. !39734
## 13.2.7 (2020-09-02)
### Security (2 changes)
-
Sanitize vulnerability history comment.
-
Fix displaying epics visibility in issue sidebar.
## 13.2.6 (2020-08-18)
-
No changes.
...
...
@@ -645,6 +661,14 @@ Please view this file on the master branch, on stable branches it's out of date.
-
Resolve duplicate use of shorcuts-tree. !36732
## 13.1.9 (2020-09-02)
### Security (2 changes)
-
Sanitize vulnerability history comment.
-
Fix displaying epics visibility in issue sidebar.
## 13.1.8 (2020-08-18)
-
No changes.
...
...
CHANGELOG.md
View file @
7f5f12eb
...
...
@@ -2,6 +2,35 @@
documentation
](
doc/development/changelog.md
)
for instructions on adding your own
entry.
## 13.3.3 (2020-09-02)
### Security (23 changes, 1 of them is from the community)
-
Check validity of project's import_url before mirroring repository.
-
Show on two-factor authentication setup page groups that are the cause of this requirement.
-
Prevent interrupted 2FA sign-in from signing-in incorrect user.
-
Create new 2FA code each time user is entering 2FA setup page.
-
Remove all sessions but current while enabling 2FA.
-
Invalidate two factor sign-in when user password changes.
-
Delete members invites created by users being deleted.
-
Prevent OmniAuth from rendering arbitrary error messages.
-
Prevent not-2fa authenticated users that are supposed to use it to consume api via session.
-
Invalidate remember me when an active session is revoked.
-
Add rate limit on webhooks testing feature.
-
Add scope presence validation to OAuth Application creation.
-
Allow only running job tokens for API authentication.
-
Prevent Deploy Tokens to read project resources when repository is disabled.
-
Change conan api to use proper workhorse validation.
-
Ensure global ID is of Snippet type in GraphQL destroy mutation.
-
Fix Improper Access Control on Deploy-Key.
-
Set maximum limit for profile events.
-
Persist EKS External ID before presenting it to the user.
-
Prevent project maintainers from editing group badges.
-
Upgrade jquery to v3.5.
-
Update websocket-extensions gem to 0.1.5. (Vitor Meireles De Sousa)
-
Update GitLab Runner Helm Chart to 0.19.3.
## 13.3.2 (2020-08-28)
### Removed (1 change)
...
...
@@ -553,6 +582,35 @@ entry.
-
Replace fa-pencil icon with GitLab SVG. !39648
## 13.2.7 (2020-09-02)
### Security (23 changes, 1 of them is from the community)
-
Check validity of project's import_url before mirroring repository.
-
Show on two-factor authentication setup page groups that are the cause of this requirement.
-
Prevent interrupted 2FA sign-in from signing-in incorrect user.
-
Create new 2FA code each time user is entering 2FA setup page.
-
Remove all sessions but current while enabling 2FA.
-
Invalidate two factor sign-in when user password changes.
-
Delete members invites created by users being deleted.
-
Prevent OmniAuth from rendering arbitrary error messages.
-
Prevent not-2fa authenticated users that are supposed to use it to consume api via session.
-
Invalidate remember me when an active session is revoked.
-
Add rate limit on webhooks testing feature.
-
Add scope presence validation to OAuth Application creation.
-
Allow only running job tokens for API authentication.
-
Prevent Deploy Tokens to read project resources when repository is disabled.
-
Change conan api to use proper workhorse validation.
-
Ensure global ID is of Snippet type in GraphQL destroy mutation.
-
Fix Improper Access Control on Deploy-Key.
-
Set maximum limit for profile events.
-
Persist EKS External ID before presenting it to the user.
-
Prevent project maintainers from editing group badges.
-
Upgrade jquery to v3.5.
-
Update websocket-extensions gem to 0.1.5. (Vitor Meireles De Sousa)
-
Update GitLab Runner Helm Chart to 0.18.3.
## 13.2.6 (2020-08-18)
-
No changes.
...
...
@@ -1621,6 +1679,35 @@ entry.
-
Remove removeIssue logic from list model. (nuwe1)
## 13.1.9 (2020-09-02)
### Security (23 changes, 1 of them is from the community)
-
Check validity of project's import_url before mirroring repository.
-
Show on two-factor authentication setup page groups that are the cause of this requirement.
-
Prevent interrupted 2FA sign-in from signing-in incorrect user.
-
Create new 2FA code each time user is entering 2FA setup page.
-
Remove all sessions but current while enabling 2FA.
-
Invalidate two factor sign-in when user password changes.
-
Delete members invites created by users being deleted.
-
Prevent OmniAuth from rendering arbitrary error messages.
-
Prevent not-2fa authenticated users that are supposed to use it to consume api via session.
-
Invalidate remember me when an active session is revoked.
-
Add rate limit on webhooks testing feature.
-
Add scope presence validation to OAuth Application creation.
-
Allow only running job tokens for API authentication.
-
Prevent Deploy Tokens to read project resources when repository is disabled.
-
Change conan api to use proper workhorse validation.
-
Ensure global ID is of Snippet type in GraphQL destroy mutation.
-
Fix Improper Access Control on Deploy-Key.
-
Set maximum limit for profile events.
-
Persist EKS External ID before presenting it to the user.
-
Prevent project maintainers from editing group badges.
-
Upgrade jquery to v3.5.
-
Update websocket-extensions gem to 0.1.5. (Vitor Meireles De Sousa)
-
Update GitLab Runner Helm Chart to 0.18.3.
## 13.1.8 (2020-08-18)
-
No changes.
...
...
changelogs/unreleased/215879-check-validity-of-repository-mirror-urls.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Check validity of project's import_url before mirroring repository
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-199-show-actual-group.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Show on two-factor authentication setup page groups that are the cause of this
requirement
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-209-dblessing-prevent-stale-otp-user-id.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Prevent interrupted 2FA sign-in from signing-in incorrect user
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-212-regenerate-2fa-app-code.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Create new 2FA code each time user is entering 2FA setup page
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-213-delete-other-sessions-when-activating-2fa.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Remove all sessions but current while enabling 2FA
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-214-dblessing-revoke-session-on-pw-change.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Invalidate two factor sign-in when user password changes
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-216-access-to-private-projects.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Delete members invites created by users being deleted
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-217-dblessing-safe-omniauth-errors.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Prevent OmniAuth from rendering arbitrary error messages
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-218-prevent-2fa-bypass-using-api.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Prevent not-2fa authenticated users that are supposed to use it to consume
api via session
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-220-dblessing-revoke-remember-me-on-session-revocation.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Invalidate remember me when an active session is revoked
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-223-webhook-dos-attack.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Add rate limit on webhooks testing feature
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-add-presence-validation-oauth-apps.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Add scope presence validation to OAuth Application creation
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-api-auth-use-job-token-for-running-jobs.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Allow only running job tokens for API authentication
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-deploy-token-can-read-disabled-repo.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Prevent Deploy Tokens to read project resources when repository is disabled
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-fix-conan-workhorse-params.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Change conan api to use proper workhorse validation
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-graphql-type-check.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Ensure global ID is of Snippet type in GraphQL destroy mutation
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-improper-access-control-on-deploy-key.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Fix Improper Access Control on Deploy-Key
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-pb-limit-profile-events.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Set maximum limit for profile events
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-prevent-aws-external-id-manipulation.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Persist EKS External ID before presenting it to the user
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-projectmaintainer-edit-badges.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Prevent project maintainers from editing group badges
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-upgrade-jquery-3-5.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Upgrade jquery to v3.5
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-websocket-extensions-update-0-1-5.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Update websocket-extensions gem to 0.1.5
merge_request
:
author
:
Vitor Meireles De Sousa
type
:
security
ee/changelogs/unreleased/security-219378-xss-on-vulnerability-history.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Sanitize vulnerability history comment
merge_request
:
author
:
type
:
security
ee/changelogs/unreleased/security-conf-epic-visibility.yml
deleted
100644 → 0
View file @
e3a32eb5
---
title
:
Fix displaying epics visibility in issue sidebar
merge_request
:
author
:
type
:
security
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment