- 18 Mar, 2022 1 commit
-
-
Christopher Mutua authored
-
- 17 Mar, 2022 39 commits
-
-
Marcel Amirault authored
Updated to match latest nav See merge request gitlab-org/gitlab!83142
-
Thong Kuah authored
Add limited broadcast addr to local network block list in UrlBlocker See merge request gitlab-org/gitlab!82571
-
Paul Slaughter authored
Revert reduce bundle size of the Content Editor See merge request gitlab-org/gitlab!83145
-
nmalcolm authored
`UrlBlocker` protects GitLab and its users from attacks such as Server Side Request Forgery and DNS Rebind attacks. Until now, setting `allow_local_network` had no effect on blocking `255.255.255.255`, whether true or false. Now, when `allow_local_network` is set to `false` `255.255.255.255` is blocked through the introduction of a check named `validate_limited_broadcast_address`. `255.255.255.255` is the "limited broadcast address", which is used to make requests to all hosts on a local physical network [1]. Properly configured routers won't route it. Historically it was used to wake up offline PCs on a LAN which, since they were asleep, didn't have IP addresses [2]. While `UrlBlocker` defaults `allow_local_network` to `true`, in practice it is almost always `false` because of a convention to use the GitLab configuration option which defaults to `false`. If a GitLab administrator still wants to reach `255.255.255.255`, it can be added explicitly in the Allow List [3]. There is no reason a GitLab user would want to reach this, but it could potentially be misused if an attacker finds a component vulnerable to DNS rebinding, for example. This commit aims to fulfil https://gitlab.com/gitlab-org/gitlab/-/issues/337796 [1]: https://datatracker.ietf.org/doc/html/rfc919#section-7 [2]: https://superuser.com/a/1006951 [3]: https://docs.gitlab.com/ee/security/webhooks.html#allowlist-for-local-requests Changelog: changed
-
Luke Duncalfe authored
Rename issuables_assigned_message method See merge request gitlab-org/gitlab!83032
-
Tiffany Rea authored
Promote stable pipeline specs to reliable bucket See merge request gitlab-org/gitlab!83036
-
Peter Hegman authored
Render user avatar link using `GlAvatar` See merge request gitlab-org/gitlab!82736
-
Olena Horal-Koretska authored
The new version is behind the feature flag `gl_avatar_for_all_user_avatars`
-
Amy Qualls authored
Update SSE docs to include instructions for removal See merge request gitlab-org/gitlab!82234
-
Eric Schurter authored
Revise this set of steps to bring it closer to GitLab tone and style.
-
Mayra Cabrera authored
Adding Secure Files upload limit See merge request gitlab-org/gitlab!82858
-
Bob Van Landuyt authored
Add script to recalculate project statistics build artifacts size See merge request gitlab-org/gitlab!81306
-
Erick Bajao authored
This adds a new service and worker that refreshes the project statistics build artifacts size and recalculates by batches.
-
Dan Davison authored
Remove requires_admin Tag From E2E Specs That Previously Used invite_members_group_modal Feature Flag See merge request gitlab-org/gitlab!82747
-
Valerie Burton authored
Remove requires_admin Tag From E2E Specs That Previously Used invite_members_group_modal Feature Flag
-
Jan Provaznik authored
Introduce trigger:forward for CI bridge jobs See merge request gitlab-org/gitlab!82676
-
Furkan Ayhan authored
By default, only YAML-defined bridge variables are passed to downstream pipelines. With the forward keyword, it is now available to pass manual pipeline variables to downstream pipelines. - forward:yaml_variables is an existing behavior, by default it's true. When true, YAML-defined bridge variables are passed to downstream pipelines. - forward:pipeline_variables is a new feature, by default it's false. When true, manual pipeline variables are passed to downstream pipelines. This is behind a feature flag ci_trigger_forward_variables.
-
Marius Bobin authored
Fix DAG order of subsequent jobs after requeue See merge request gitlab-org/gitlab!81087
-
Furkan Ayhan authored
When we requeue a job, we need to process subsequent skipped jobs, moreover, we need to do this in a specific order. Previously, we had an order by stage_idx but after introducing same-stage jobs, this disappeared. We recently fixed this problem for stage-based approach. However, the problem still exists for the same-stage pipelines. In this commit, we are ordering jobs by stage first, then their DAG relationships. These changes are behind a FF ci_fix_order_of_subsequent_jobs
-
Enrique Alcantara authored
This reverts commit 70f0c25a, reversing changes made to 9f222d4c.
-
Mayra Cabrera authored
Refactor database testing output structure See merge request gitlab-org/gitlab!82645
-
Simon Tomlinson authored
Start with version 2, as the first version was implicit and did not use a metadata file.
-
Mayra Cabrera authored
Remove no-longer-required metrics in Gitlab::Highlight See merge request gitlab-org/gitlab!82705
-
Frédéric Caplette authored
Add page params to group/project issues list refactor See merge request gitlab-org/gitlab!83008
-
Suzanne Selhorn authored
Release is now Deploy and release
-
Jan Provaznik authored
Enable related_epics_widget feature flag by default See merge request gitlab-org/gitlab!82333
-
Eugenia Grieff authored
To be enabled by default. Changelog: added EE: true
-
Peter Leitzen authored
Fix deprecation warning when rendering "xml.atom" See merge request gitlab-org/gitlab!83015
-
Peter Leitzen authored
This fixes the following deprecation warning: DEPRECATION WARNING: Rendering actions with '.' in the name is deprecated: layouts/xml.atom (called from render at /builds/gitlab-org/gitlab/app/controllers/application_controller.rb:133)
-
Frédéric Caplette authored
Merge branch '353763-make-spinners-in-app-views-admin-users-_users-html-haml-pajamas-compliant' into 'master' Make spinners in app/views/admin/users/_users.html.haml Pajamas-compliant See merge request gitlab-org/gitlab!82991
-
Peter Hegman authored
Merge branch '325376-migrate-to-shared-alert-haml-partial-in-app-views-projects-mirrors-_mirror_repos-html-haml' into 'master' Migrate alert in _mirror_repos.html to global alert See merge request gitlab-org/gitlab!83072
-
Peter Hegman authored
Merge branch '353745-make-spinners-in-app-views-admin-application_settings-_usage-html-haml-pajamas-compliant' into 'master' Make spinners in app/views/admin/application_settings/_usage.html.haml Pajamas-compliant See merge request gitlab-org/gitlab!83074
-
Justin Ho Tuan Duong authored
-
Dmitry Gruzd authored
Add Time to Restore Service DORA metric See merge request gitlab-org/gitlab!82510
-
Kerri Miller authored
Merge branch '354590-migrate-to-shared-alert-haml-partial-in-app-views-shared-errors-_gitaly_unavailable-html-haml' into 'master' Migrate to shared alert HAML partial in _gitaly_unavailable.html.haml See merge request gitlab-org/gitlab!82955
-
Vamsi Vempati authored
-
Alex Kalderimis authored
Encapsulate checking for GraphQL error (part 3) See merge request gitlab-org/gitlab!82564
-
Brett Walker authored
Helps migrate to the new GraphQL interpreter, https://gitlab.com/gitlab-org/gitlab/-/issues/210556
-
Jose Ivan Vargas authored
Merge branch '356089-learn-more-link-for-security-training-providers-point-to-the-wrong-location' into 'master' Fix learn-more links for sec providers See merge request gitlab-org/gitlab!83081
-