Commits · 7555007e164f84dc8658580da61d3d82ef298e3d · nexedi / gitlab-ce

29 Jun, 2020 40 commits
- Merge branch 'security-dblessing-cookie-serializer' into 'master' · 7555007e
  GitLab Release Tools Bot authored Jun 29, 2020
```
Change from hybrid to JSON cookies serializer

Closes #171

See merge request gitlab-org/security/gitlab!641
```
  7555007e
- Change from hybrid to JSON cookies serializer · 65e6eb1b
  Drew Blessing authored Jun 29, 2020
```
JSON has been the default serializer since Rails 4.1. Hybrid
serializer was meant to allow backward compatibility when
upgrading pre-Rails 4.1. It's been some time since we upgraded
to Rails 4.1 so now we don't need the hybrid serializer anymore.
This also causes security concerns since the previous serializer
was Marshal.
```
  65e6eb1b
- Merge branch 'security-xss-error-tracking' into 'master' · 8603269d
  GitLab Release Tools Bot authored Jun 29, 2020
```
Stored XSS on the Error Tracking page

Closes #145

See merge request gitlab-org/security/gitlab!563
```
  8603269d
- Merge branch 'security-208685-fix-swagger-ui-xss' into 'master' · 23f17213
  GitLab Release Tools Bot authored Jun 29, 2020
```
Upgrade swagger-ui to solve XSS issues

Closes #170

See merge request gitlab-org/security/gitlab!577
```
  23f17213
- Merge branch 'security-dblessing-sanitize-group-names' into 'master' · bbedf26c
  GitLab Release Tools Bot authored Jun 29, 2020
```
Validate group names with Rails HTML sanitizer

Closes #149

See merge request gitlab-org/security/gitlab!572
```
  bbedf26c
- Merge branch 'security-150-xss-reference-redactor' into 'master' · 685dd0c5
  GitLab Release Tools Bot authored Jun 29, 2020
```
Fix XSS in Banzai's `#data_attributes_for`

Closes #150

See merge request gitlab-org/security/gitlab!576
```
  685dd0c5
- Merge branch 'security-update-xterm-128' into 'master' · e8b935e5
  GitLab Release Tools Bot authored Jun 29, 2020
```
Update xterm js dependency to latest stable 3.X version

Closes #128

See merge request gitlab-org/security/gitlab!501
```
  e8b935e5
- Update xterm js dependency to latest stable 3.X version · dbfdf8a6
  Jeremy Matos authored Jun 29, 2020
  
  dbfdf8a6
- Merge branch 'security-fix-time-tracking-permissions-api' into 'master' · 8ea90436
  GitLab Release Tools Bot authored Jun 29, 2020
```
Update permissions for time tracking endpoints

Closes #153

See merge request gitlab-org/security/gitlab!587
```
  8ea90436
- Merge branch 'security-kaminari-update' into 'master' · b759dd8d
  GitLab Release Tools Bot authored Jun 29, 2020
```
Update Kaminari gem

Closes #152

See merge request gitlab-org/security/gitlab!575
```
  b759dd8d
- Merge branch 'security-xss-issuables-list' into 'master' · eb4489b1
  GitLab Release Tools Bot authored Jun 29, 2020
```
Make sure user info is sanitized when rendered

Closes #151

See merge request gitlab-org/security/gitlab!579
```
  eb4489b1
- Make sure user info is sanitized when rendered · 3ad30f1f
  Scott Stern authored Jun 29, 2020
  
  3ad30f1f
- Merge branch 'security-fix_project_authorizations_for_security_dashboard' into 'master' · 6b70abb8
  GitLab Release Tools Bot authored Jun 29, 2020
```
Security fix project authorizations for security dashboard

Closes #144

See merge request gitlab-org/security/gitlab!561
```
  6b70abb8
- Security fix project authorizations for security dashboard · 59740023
  Mehmet Emin INAC authored Jun 29, 2020
  
  59740023
- Merge branch 'security-215640-pypi' into 'master' · 345ab151
  GitLab Release Tools Bot authored Jun 29, 2020
```
Fixes pypi XSS

Closes #141

See merge request gitlab-org/security/gitlab!555
```
  345ab151
- Merge branch 'jivanvl-remove-append-right-48' into 'master' · 48b6f793
  Martin Wortschack authored Jun 29, 2020
```
Remove append-right-48 utility class

See merge request gitlab-org/gitlab!35545
```
  48b6f793
- Merge branch 'mjang-doc-private-public-internal' into 'master' · 49ed7953
  Mike Jang authored Jun 29, 2020
```
Clarify use of private, public, internal groups

Closes #211811

See merge request gitlab-org/gitlab!35439
```
  49ed7953
- Clarify use of private, public, internal groups · 5d018325
  Mike Jang authored Jun 29, 2020
  
  5d018325
- Merge branch '217478-document-ldap-memberships-lock' into 'master' · f89c0326
  Mike Jang authored Jun 29, 2020
```
Improve docs related to LDAP membership lock

Closes #217478

See merge request gitlab-org/gitlab!35332
```
  f89c0326
- Merge branch 'fix-open-sse-on-subgroups' into 'master' · 31307c8b
  Igor Drozdov authored Jun 29, 2020
```
Static Site Editor can’t be opened in projects belonging to a subgroup

See merge request gitlab-org/gitlab!35378
```
  31307c8b
- Add subgroups support for Static Site Editor · b897ddcb
  Enrique Alcántara authored Jun 29, 2020
  
  b897ddcb
- Remove append-right-48 utility class · 3d0f2994
  Jose Vargas authored Jun 29, 2020
```
This removes the append-right-48
utility class, no replacements were needed
```
  3d0f2994
- Merge branch 'docs-spelling-1' into 'master' · 4aca628f
  Amy Qualls authored Jun 29, 2020
```
Fix spelling mistakes

See merge request gitlab-org/gitlab!35321
```
  4aca628f
- Merge branch 'fix-vsa-code-stage-query' into 'master' · 22b2258d
  Oswaldo Ferreira authored Jun 29, 2020
```
Fix VSA code stage query

See merge request gitlab-org/gitlab!35324
```
  22b2258d
- Merge branch '218038-update-docs' into 'master' · 7def0411
  Jose Ivan Vargas authored Jun 29, 2020
```
Update docs for group/instance-level security dash

See merge request gitlab-org/gitlab!35533
```
  7def0411
- Merge branch '221082-custom-renderer-identifiers' into 'master' · 26368f20
  Enrique Alcántara authored Jun 29, 2020
```
Resolve "Display non-markdown content in the WYSIWYG mode of the SSE::Identifiers"

Closes #221082

See merge request gitlab-org/gitlab!35077
```
  26368f20
- Initial identifier custom renderer · 4a5a221e
  Derek Knox authored Jun 29, 2020
```
Add initial custom renderer for the markdown
identifier syntax (reusable links and desc).
Minor refactor to render signatures too due
to need for node not just context.
```
  4a5a221e
- Merge branch '224630-forward-correlation-id-as-elasticsearch-opaque-id' into 'master' · 536987c5
  Oswaldo Ferreira authored Jun 29, 2020
```
Forward correlation ID to Elasticsearch as X-Opaque-Id header

See merge request gitlab-org/gitlab!35403
```
  536987c5
- Merge branch 'sh-update-git-config-for-forks' into 'master' · 66042b86
  Douglas Barbosa Alexandre authored Jun 29, 2020
```
Ensure .git/config is updated for forks

See merge request gitlab-org/gitlab!35305
```
  66042b86
- Merge branch 'patch-162' into 'master' · 47079127
  Amy Qualls authored Jun 29, 2020
```
Update Terraform docs, fix multiple typos

See merge request gitlab-org/gitlab!35399
```
  47079127
- Merge branch 'sh-disable-gitconfig-write-on-imports-and-forks' into 'master' · bc35e375
  Douglas Barbosa Alexandre authored Jun 29, 2020
```
Defer updating .git/config for imported projects

See merge request gitlab-org/gitlab!35308
```
  bc35e375
- Improve docs related to LDAP membership lock · 64c0ee66
  Pavel Shutsin authored Jun 24, 2020
  
  64c0ee66
- Merge branch '217648-add-no-graph-empty-state-for-dag' into 'master' · 982ed637
  Phil Hughes authored Jun 29, 2020
```
Resolve "Add no graph empty state for DAG"

See merge request gitlab-org/gitlab!35053
```
  982ed637
- Add empty state to DAG graph · 85ba7b45
  Frédéric Caplette authored Jun 29, 2020
```
We add a new empty state to the graph
so that we can redirect users to the
job dependencies documentation and
educate them on this architecture.
This should only appears when there
is not enough data to render the graph
and there are no errors while parsing the
data.
```
  85ba7b45
- Merge branch 'renovate/gitlab-uisvg' into 'master' · e827638f
  Enrique Alcántara authored Jun 29, 2020
```
Update GitLab UI/SVG

See merge request gitlab-org/gitlab!35457
```
  e827638f
- Merge branch 'brendan-master-patch-10913' into 'master' · cc53de3f
  Amy Qualls authored Jun 29, 2020
```
Docs: switch order to match AWS IAM setup

See merge request gitlab-org/gitlab!35250
```
  cc53de3f
- Docs: switch order to match AWS IAM setup · 69f7eaa3
  Brendan O'Leary 🐢 authored Jun 29, 2020
  
  69f7eaa3
- Merge branch 'be-explicit-about-override' into 'master' · 245c861c
  Nick Thomas authored Jun 29, 2020
```
Explicitly give `override` for `EE::Project#feature_available?`

See merge request gitlab-org/gitlab!35520
```
  245c861c
- Update docs for group/instance-level security dash · a9a8cdd7
  Alexander Turinske authored Jun 29, 2020
```
- update screen shots
```
  a9a8cdd7
- Merge branch 'john_long-docs-add-note-incoming-email' into 'master' · 7c845234
  Marcin Sedlak-Jakubowski authored Jun 29, 2020
```
Add note suggesting best practice for address used

See merge request gitlab-org/gitlab!34874
```
  7c845234