- 18 Mar, 2022 6 commits
-
-
Matthew Badeau authored
-
Thong Kuah authored
Revert "Merge branch 'andysoiron/refactor-jira-connect-dev-info' into 'master'" See merge request gitlab-org/gitlab!83149
-
Evan Read authored
Fix docs of available deployment actions See merge request gitlab-org/gitlab!83153
-
Russell Dickenson authored
-
Evan Read authored
Change verificationToken field in example See merge request gitlab-org/gitlab!82768
-
Christopher Mutua authored
-
- 17 Mar, 2022 34 commits
-
-
Marcel Amirault authored
Updated to match latest nav See merge request gitlab-org/gitlab!83142
-
Thong Kuah authored
Add limited broadcast addr to local network block list in UrlBlocker See merge request gitlab-org/gitlab!82571
-
Luke Duncalfe authored
This reverts merge request !82201
-
Paul Slaughter authored
Revert reduce bundle size of the Content Editor See merge request gitlab-org/gitlab!83145
-
nmalcolm authored
`UrlBlocker` protects GitLab and its users from attacks such as Server Side Request Forgery and DNS Rebind attacks. Until now, setting `allow_local_network` had no effect on blocking `255.255.255.255`, whether true or false. Now, when `allow_local_network` is set to `false` `255.255.255.255` is blocked through the introduction of a check named `validate_limited_broadcast_address`. `255.255.255.255` is the "limited broadcast address", which is used to make requests to all hosts on a local physical network [1]. Properly configured routers won't route it. Historically it was used to wake up offline PCs on a LAN which, since they were asleep, didn't have IP addresses [2]. While `UrlBlocker` defaults `allow_local_network` to `true`, in practice it is almost always `false` because of a convention to use the GitLab configuration option which defaults to `false`. If a GitLab administrator still wants to reach `255.255.255.255`, it can be added explicitly in the Allow List [3]. There is no reason a GitLab user would want to reach this, but it could potentially be misused if an attacker finds a component vulnerable to DNS rebinding, for example. This commit aims to fulfil https://gitlab.com/gitlab-org/gitlab/-/issues/337796 [1]: https://datatracker.ietf.org/doc/html/rfc919#section-7 [2]: https://superuser.com/a/1006951 [3]: https://docs.gitlab.com/ee/security/webhooks.html#allowlist-for-local-requests Changelog: changed
-
Luke Duncalfe authored
Rename issuables_assigned_message method See merge request gitlab-org/gitlab!83032
-
Tiffany Rea authored
Promote stable pipeline specs to reliable bucket See merge request gitlab-org/gitlab!83036
-
Peter Hegman authored
Render user avatar link using `GlAvatar` See merge request gitlab-org/gitlab!82736
-
Olena Horal-Koretska authored
The new version is behind the feature flag `gl_avatar_for_all_user_avatars`
-
Amy Qualls authored
Update SSE docs to include instructions for removal See merge request gitlab-org/gitlab!82234
-
Eric Schurter authored
Revise this set of steps to bring it closer to GitLab tone and style.
-
Mayra Cabrera authored
Adding Secure Files upload limit See merge request gitlab-org/gitlab!82858
-
Bob Van Landuyt authored
Add script to recalculate project statistics build artifacts size See merge request gitlab-org/gitlab!81306
-
Erick Bajao authored
This adds a new service and worker that refreshes the project statistics build artifacts size and recalculates by batches.
-
Dan Davison authored
Remove requires_admin Tag From E2E Specs That Previously Used invite_members_group_modal Feature Flag See merge request gitlab-org/gitlab!82747
-
Valerie Burton authored
Remove requires_admin Tag From E2E Specs That Previously Used invite_members_group_modal Feature Flag
-
Jan Provaznik authored
Introduce trigger:forward for CI bridge jobs See merge request gitlab-org/gitlab!82676
-
Furkan Ayhan authored
By default, only YAML-defined bridge variables are passed to downstream pipelines. With the forward keyword, it is now available to pass manual pipeline variables to downstream pipelines. - forward:yaml_variables is an existing behavior, by default it's true. When true, YAML-defined bridge variables are passed to downstream pipelines. - forward:pipeline_variables is a new feature, by default it's false. When true, manual pipeline variables are passed to downstream pipelines. This is behind a feature flag ci_trigger_forward_variables.
-
Marius Bobin authored
Fix DAG order of subsequent jobs after requeue See merge request gitlab-org/gitlab!81087
-
Furkan Ayhan authored
When we requeue a job, we need to process subsequent skipped jobs, moreover, we need to do this in a specific order. Previously, we had an order by stage_idx but after introducing same-stage jobs, this disappeared. We recently fixed this problem for stage-based approach. However, the problem still exists for the same-stage pipelines. In this commit, we are ordering jobs by stage first, then their DAG relationships. These changes are behind a FF ci_fix_order_of_subsequent_jobs
-
Enrique Alcantara authored
This reverts commit 70f0c25a, reversing changes made to 9f222d4c.
-
Mayra Cabrera authored
Refactor database testing output structure See merge request gitlab-org/gitlab!82645
-
Simon Tomlinson authored
Start with version 2, as the first version was implicit and did not use a metadata file.
-
Mayra Cabrera authored
Remove no-longer-required metrics in Gitlab::Highlight See merge request gitlab-org/gitlab!82705
-
Frédéric Caplette authored
Add page params to group/project issues list refactor See merge request gitlab-org/gitlab!83008
-
Suzanne Selhorn authored
Release is now Deploy and release
-
Jan Provaznik authored
Enable related_epics_widget feature flag by default See merge request gitlab-org/gitlab!82333
-
Eugenia Grieff authored
To be enabled by default. Changelog: added EE: true
-
Peter Leitzen authored
Fix deprecation warning when rendering "xml.atom" See merge request gitlab-org/gitlab!83015
-
Peter Leitzen authored
This fixes the following deprecation warning: DEPRECATION WARNING: Rendering actions with '.' in the name is deprecated: layouts/xml.atom (called from render at /builds/gitlab-org/gitlab/app/controllers/application_controller.rb:133)
-
Frédéric Caplette authored
Merge branch '353763-make-spinners-in-app-views-admin-users-_users-html-haml-pajamas-compliant' into 'master' Make spinners in app/views/admin/users/_users.html.haml Pajamas-compliant See merge request gitlab-org/gitlab!82991
-
Peter Hegman authored
Merge branch '325376-migrate-to-shared-alert-haml-partial-in-app-views-projects-mirrors-_mirror_repos-html-haml' into 'master' Migrate alert in _mirror_repos.html to global alert See merge request gitlab-org/gitlab!83072
-
Peter Hegman authored
Merge branch '353745-make-spinners-in-app-views-admin-application_settings-_usage-html-haml-pajamas-compliant' into 'master' Make spinners in app/views/admin/application_settings/_usage.html.haml Pajamas-compliant See merge request gitlab-org/gitlab!83074
-
Justin Ho Tuan Duong authored
-