- 18 Mar, 2022 26 commits
-
-
charlie ablett authored
Merge branch '354803-follow-up-from-add-clusters-actions-menu-to-group-and-admin-views' into 'master' Clusters helper method refactoring See merge request gitlab-org/gitlab!82637
-
Thong Kuah authored
Do not disable GITLAB_USE_MODEL_LOAD_BALANCING in db:migrate:reset See merge request gitlab-org/gitlab!83163
-
Kati Paizee authored
Fix log name to debug GitLab-Jenkins integration See merge request gitlab-org/gitlab!83147
-
anna_vovchenko authored
-
anna_vovchenko authored
-
anna_vovchenko authored
-
anna_vovchenko authored
As we now use the same Vue app for the cluster page on all levels, we can clean up the clusters helper and cluster index template. It also fixes the duplicate connect cluster button. Changelog: fixed
-
Andrejs Cunskis authored
Do not run smoke and reliable e2e specs twice in review pipeline See merge request gitlab-org/gitlab!83043
-
Simon Knox authored
Merge branch '323653-frontend-scope-a-board-to-an-iteration-cadence-and-filter-add-list-accordingly' into 'master' Add iteration selector to board scope See merge request gitlab-org/gitlab!69052
-
Florie Guibert authored
Changelog: changed EE: true
-
Russell Dickenson authored
Add IaC example See merge request gitlab-org/gitlab!83076
-
Russell Dickenson authored
Complete environments `GET` API docs See merge request gitlab-org/gitlab!82980
-
Russell Dickenson authored
Add 598.1 documentation for browser based DAST See merge request gitlab-org/gitlab!83063
-
Dylan Griffith authored
This just re-implements what we had in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/82872 which seems to have been reverted in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/82090 due to merge conflict.
-
Russell Dickenson authored
Update to include Project Access Token as option. See merge request gitlab-org/gitlab!83069
-
Matthew Badeau authored
-
Sincheol (David) Kim authored
Merge branch '354600-migrate-to-shared-alert-haml-partial-in-ee-app-views-shared-billings-_eoa_bronze_plan_banner' into 'master' Migrate alert in _eoa_bronze_plan_banner to shared global alert See merge request gitlab-org/gitlab!82867
-
Vamsi Vempati authored
-
Sincheol (David) Kim authored
Create feature flag for incremental repository backups See merge request gitlab-org/gitlab!79589
-
Thong Kuah authored
ci: Default to run tests with multiple databases See merge request gitlab-org/gitlab!82090
-
Chloe Liu authored
Remove default file pattern value See merge request gitlab-org/gitlab!83025
-
Thong Kuah authored
Revert "Merge branch 'andysoiron/refactor-jira-connect-dev-info' into 'master'" See merge request gitlab-org/gitlab!83149
-
Evan Read authored
Fix docs of available deployment actions See merge request gitlab-org/gitlab!83153
-
Russell Dickenson authored
-
Evan Read authored
Change verificationToken field in example See merge request gitlab-org/gitlab!82768
-
Christopher Mutua authored
-
- 17 Mar, 2022 14 commits
-
-
Marcel Amirault authored
Updated to match latest nav See merge request gitlab-org/gitlab!83142
-
Thong Kuah authored
Add limited broadcast addr to local network block list in UrlBlocker See merge request gitlab-org/gitlab!82571
-
Luke Duncalfe authored
This reverts merge request !82201
-
Paul Slaughter authored
Revert reduce bundle size of the Content Editor See merge request gitlab-org/gitlab!83145
-
nmalcolm authored
`UrlBlocker` protects GitLab and its users from attacks such as Server Side Request Forgery and DNS Rebind attacks. Until now, setting `allow_local_network` had no effect on blocking `255.255.255.255`, whether true or false. Now, when `allow_local_network` is set to `false` `255.255.255.255` is blocked through the introduction of a check named `validate_limited_broadcast_address`. `255.255.255.255` is the "limited broadcast address", which is used to make requests to all hosts on a local physical network [1]. Properly configured routers won't route it. Historically it was used to wake up offline PCs on a LAN which, since they were asleep, didn't have IP addresses [2]. While `UrlBlocker` defaults `allow_local_network` to `true`, in practice it is almost always `false` because of a convention to use the GitLab configuration option which defaults to `false`. If a GitLab administrator still wants to reach `255.255.255.255`, it can be added explicitly in the Allow List [3]. There is no reason a GitLab user would want to reach this, but it could potentially be misused if an attacker finds a component vulnerable to DNS rebinding, for example. This commit aims to fulfil https://gitlab.com/gitlab-org/gitlab/-/issues/337796 [1]: https://datatracker.ietf.org/doc/html/rfc919#section-7 [2]: https://superuser.com/a/1006951 [3]: https://docs.gitlab.com/ee/security/webhooks.html#allowlist-for-local-requests Changelog: changed
-
Luke Duncalfe authored
Rename issuables_assigned_message method See merge request gitlab-org/gitlab!83032
-
Tiffany Rea authored
Promote stable pipeline specs to reliable bucket See merge request gitlab-org/gitlab!83036
-
Peter Hegman authored
Render user avatar link using `GlAvatar` See merge request gitlab-org/gitlab!82736
-
Olena Horal-Koretska authored
The new version is behind the feature flag `gl_avatar_for_all_user_avatars`
-
Amy Qualls authored
Update SSE docs to include instructions for removal See merge request gitlab-org/gitlab!82234
-
Eric Schurter authored
Revise this set of steps to bring it closer to GitLab tone and style.
-
Mayra Cabrera authored
Adding Secure Files upload limit See merge request gitlab-org/gitlab!82858
-
Bob Van Landuyt authored
Add script to recalculate project statistics build artifacts size See merge request gitlab-org/gitlab!81306
-
Erick Bajao authored
This adds a new service and worker that refreshes the project statistics build artifacts size and recalculates by batches.
-