- 18 Mar, 2022 19 commits
-
-
Kati Paizee authored
Fix log name to debug GitLab-Jenkins integration See merge request gitlab-org/gitlab!83147
-
Andrejs Cunskis authored
Do not run smoke and reliable e2e specs twice in review pipeline See merge request gitlab-org/gitlab!83043
-
Simon Knox authored
Merge branch '323653-frontend-scope-a-board-to-an-iteration-cadence-and-filter-add-list-accordingly' into 'master' Add iteration selector to board scope See merge request gitlab-org/gitlab!69052
-
Florie Guibert authored
Changelog: changed EE: true
-
Russell Dickenson authored
Add IaC example See merge request gitlab-org/gitlab!83076
-
Russell Dickenson authored
Complete environments `GET` API docs See merge request gitlab-org/gitlab!82980
-
Russell Dickenson authored
Add 598.1 documentation for browser based DAST See merge request gitlab-org/gitlab!83063
-
Russell Dickenson authored
Update to include Project Access Token as option. See merge request gitlab-org/gitlab!83069
-
Matthew Badeau authored
-
Sincheol (David) Kim authored
Merge branch '354600-migrate-to-shared-alert-haml-partial-in-ee-app-views-shared-billings-_eoa_bronze_plan_banner' into 'master' Migrate alert in _eoa_bronze_plan_banner to shared global alert See merge request gitlab-org/gitlab!82867
-
Vamsi Vempati authored
-
Sincheol (David) Kim authored
Create feature flag for incremental repository backups See merge request gitlab-org/gitlab!79589
-
Thong Kuah authored
ci: Default to run tests with multiple databases See merge request gitlab-org/gitlab!82090
-
Chloe Liu authored
Remove default file pattern value See merge request gitlab-org/gitlab!83025
-
Thong Kuah authored
Revert "Merge branch 'andysoiron/refactor-jira-connect-dev-info' into 'master'" See merge request gitlab-org/gitlab!83149
-
Evan Read authored
Fix docs of available deployment actions See merge request gitlab-org/gitlab!83153
-
Russell Dickenson authored
-
Evan Read authored
Change verificationToken field in example See merge request gitlab-org/gitlab!82768
-
Christopher Mutua authored
-
- 17 Mar, 2022 21 commits
-
-
Marcel Amirault authored
Updated to match latest nav See merge request gitlab-org/gitlab!83142
-
Thong Kuah authored
Add limited broadcast addr to local network block list in UrlBlocker See merge request gitlab-org/gitlab!82571
-
Luke Duncalfe authored
This reverts merge request !82201
-
Paul Slaughter authored
Revert reduce bundle size of the Content Editor See merge request gitlab-org/gitlab!83145
-
nmalcolm authored
`UrlBlocker` protects GitLab and its users from attacks such as Server Side Request Forgery and DNS Rebind attacks. Until now, setting `allow_local_network` had no effect on blocking `255.255.255.255`, whether true or false. Now, when `allow_local_network` is set to `false` `255.255.255.255` is blocked through the introduction of a check named `validate_limited_broadcast_address`. `255.255.255.255` is the "limited broadcast address", which is used to make requests to all hosts on a local physical network [1]. Properly configured routers won't route it. Historically it was used to wake up offline PCs on a LAN which, since they were asleep, didn't have IP addresses [2]. While `UrlBlocker` defaults `allow_local_network` to `true`, in practice it is almost always `false` because of a convention to use the GitLab configuration option which defaults to `false`. If a GitLab administrator still wants to reach `255.255.255.255`, it can be added explicitly in the Allow List [3]. There is no reason a GitLab user would want to reach this, but it could potentially be misused if an attacker finds a component vulnerable to DNS rebinding, for example. This commit aims to fulfil https://gitlab.com/gitlab-org/gitlab/-/issues/337796 [1]: https://datatracker.ietf.org/doc/html/rfc919#section-7 [2]: https://superuser.com/a/1006951 [3]: https://docs.gitlab.com/ee/security/webhooks.html#allowlist-for-local-requests Changelog: changed
-
Luke Duncalfe authored
Rename issuables_assigned_message method See merge request gitlab-org/gitlab!83032
-
Tiffany Rea authored
Promote stable pipeline specs to reliable bucket See merge request gitlab-org/gitlab!83036
-
Peter Hegman authored
Render user avatar link using `GlAvatar` See merge request gitlab-org/gitlab!82736
-
Olena Horal-Koretska authored
The new version is behind the feature flag `gl_avatar_for_all_user_avatars`
-
Amy Qualls authored
Update SSE docs to include instructions for removal See merge request gitlab-org/gitlab!82234
-
Eric Schurter authored
Revise this set of steps to bring it closer to GitLab tone and style.
-
Mayra Cabrera authored
Adding Secure Files upload limit See merge request gitlab-org/gitlab!82858
-
Bob Van Landuyt authored
Add script to recalculate project statistics build artifacts size See merge request gitlab-org/gitlab!81306
-
Erick Bajao authored
This adds a new service and worker that refreshes the project statistics build artifacts size and recalculates by batches.
-
Alejandro Guerrero authored
-
Dan Davison authored
Remove requires_admin Tag From E2E Specs That Previously Used invite_members_group_modal Feature Flag See merge request gitlab-org/gitlab!82747
-
Valerie Burton authored
Remove requires_admin Tag From E2E Specs That Previously Used invite_members_group_modal Feature Flag
-
Jan Provaznik authored
Introduce trigger:forward for CI bridge jobs See merge request gitlab-org/gitlab!82676
-
Furkan Ayhan authored
By default, only YAML-defined bridge variables are passed to downstream pipelines. With the forward keyword, it is now available to pass manual pipeline variables to downstream pipelines. - forward:yaml_variables is an existing behavior, by default it's true. When true, YAML-defined bridge variables are passed to downstream pipelines. - forward:pipeline_variables is a new feature, by default it's false. When true, manual pipeline variables are passed to downstream pipelines. This is behind a feature flag ci_trigger_forward_variables.
-
Marius Bobin authored
Fix DAG order of subsequent jobs after requeue See merge request gitlab-org/gitlab!81087
-
Furkan Ayhan authored
When we requeue a job, we need to process subsequent skipped jobs, moreover, we need to do this in a specific order. Previously, we had an order by stage_idx but after introducing same-stage jobs, this disappeared. We recently fixed this problem for stage-based approach. However, the problem still exists for the same-stage pipelines. In this commit, we are ordering jobs by stage first, then their DAG relationships. These changes are behind a FF ci_fix_order_of_subsequent_jobs
-