Add latest changes from gitlab-org/gitlab@14-7-stable-ee

8 files changed, 59 insertions, 6 deletions

diff --git a/Gemfile.lock b/Gemfile.lock
index 797a72ce943..4fd0bf053c4 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1121,7 +1121,7 @@ GEM
       rubocop-ast (>= 0.7.1)
     ruby-fogbugz (0.2.1)
       crack (~> 0.4)
-    ruby-magic (0.5.3)
+    ruby-magic (0.5.4)
       mini_portile2 (~> 2.6)
     ruby-prof (1.3.1)
     ruby-progressbar (1.11.0)
diff --git a/app/assets/javascripts/pages/admin/index.js b/app/assets/javascripts/pages/admin/index.js
index 8d5dfd689e8..f0f85b82e2b 100644
--- a/app/assets/javascripts/pages/admin/index.js
+++ b/app/assets/javascripts/pages/admin/index.js
@@ -1,8 +1,10 @@
+import initGitlabVersionCheck from '~/gitlab_version_check';
 import initAdminStatisticsPanel from '../../admin/statistics_panel/index';
 import initVueAlerts from '../../vue_alerts';
 import initAdmin from './admin';
 
 initVueAlerts();
+initGitlabVersionCheck();
 
 const statisticsPanelContainer = document.getElementById('js-admin-statistics-container');
 initAdmin();
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index d3ecbdcc1f6..8e758c669db 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -273,7 +273,7 @@ class ApplicationController < ActionController::Base
   end
 
   def default_headers
-    headers['X-Frame-Options'] = 'DENY'
+    headers['X-Frame-Options'] = 'SAMEORIGIN'
     headers['X-XSS-Protection'] = '1; mode=block'
     headers['X-UA-Compatible'] = 'IE=edge'
     headers['X-Content-Type-Options'] = 'nosniff'
diff --git a/app/models/clusters/concerns/elasticsearch_client.rb b/app/models/clusters/concerns/elasticsearch_client.rb
index 7b0b6bdae02..e9aab7897a8 100644
--- a/app/models/clusters/concerns/elasticsearch_client.rb
+++ b/app/models/clusters/concerns/elasticsearch_client.rb
@@ -15,7 +15,7 @@ module Clusters
 
           proxy_url = kube_client.proxy_url('service', service_name, ELASTICSEARCH_PORT, ELASTICSEARCH_NAMESPACE)
 
-          Elasticsearch::Client.new(url: proxy_url) do |faraday|
+          Elasticsearch::Client.new(url: proxy_url, adapter: :net_http) do |faraday|
             # ensures headers containing auth data are appended to original client options
             faraday.headers.merge!(kube_client.headers)
             # ensure TLS certs are properly verified
diff --git a/data/whats_new/202201200001_14_07.yml b/data/whats_new/202201200001_14_07.yml
new file mode 100644
index 00000000000..4f260ee8a8c
--- /dev/null
+++ b/data/whats_new/202201200001_14_07.yml
@@ -0,0 +1,42 @@
+- title: GitLab Runner compliant with FIPS 140-2
+  body: |
+    For some GitLab customers, U.S. government regulatory requirements require the use of FIPS (Federal Information Processing Standards) compliant software. The FIPS 140-2 and FIPS 140-3 publications define the security requirements for cryptographic modules used in computer and telecommunication systems, and within cyber systems that protect sensitive information. GitLab Runner is now FIPS 140-2 compliant for AMD64 compute architectures and Red Hat Enterprise Linux (RHEL) distributions. Refer to [this epic](https://gitlab.com/groups/gitlab-org/-/epics/5104) to follow the discussions about making GitLab FIPS compliant.
+  stage: Verify
+  self-managed: true
+  gitlab-com: false
+  packages: [Free, Premium, Ultimate]
+  url: 'https://docs.gitlab.com/runner/install/index.html#fips-compliant-gitlab-runner'
+  image_url: https://about.gitlab.com/images/growth/verify.png
+  published_at: 2022-01-22
+  release: 14.7
+- title: Streaming audit events
+  body: |
+    You can now stream audit events to a destination of your choosing! This is a great way to correlate GitLab audit events with other data streams you have, maintain a backup of audit events, or build out your own automation to take action when a specific audit event happens.
+
+    You can specify an HTTPS endpoint with our new GraphQL API and events are sent to it as webhooks. These messages contain the same information as the Audit Events UI about what type of change happened, when it happened, who was involved, as well as some additional metadata.
+
+    After you receive those messages, you can filter based on person, type, or inject that data into another third-party tool. This is a great way to trigger any custom automation you have built if, for example, a new user is created or a key setting is changed. We're excited to see what you use streaming audit events for and would love to hear from you about it! Let us know by commenting on the [epic](https://gitlab.com/groups/gitlab-org/-/epics/5925).
+  stage: Manage
+  self-managed: true
+  gitlab-com: true
+  packages: [Ultimate]
+  url: 'https://docs.gitlab.com/ee/administration/audit_event_streaming.html'
+  image_url: https://about.gitlab.com/images/growth/manage.jpg
+  published_at: 2022-01-22
+  release: 14.7
+- title: Group access tokens
+  body: |
+     With group access tokens, you can use a single token to perform actions for groups, manage the projects within the group, and, in GitLab 14.2 and later, authenticate with Git over HTTPS.
+
+     Previously, group access tokens were limited to self-managed instances only, and could only be generated using the Rails console. Now, you can create group access tokens using the UI and API. You can define token name, expiration date, and scope. You can also revoke an existing group access token.
+
+     Thank you [Fabio Huser](https://gitlab.com/fh1ch) for your contribution!
+  stage: Manage
+  self-managed: true
+  gitlab-com: true
+  packages: [Free, Premium, Ultimate]
+  url: 'https://docs.gitlab.com/ee/user/group/settings/group_access_tokens.html'
+  image_url: https://about.gitlab.com/images/14_7/group_access_token.png
+  published_at: 2022-01-22
+  release: 14.7
+
diff --git a/lib/gitlab/gitaly_client.rb b/lib/gitlab/gitaly_client.rb
index cc3f20ab774..a824f97e197 100644
--- a/lib/gitlab/gitaly_client.rb
+++ b/lib/gitlab/gitaly_client.rb
@@ -56,8 +56,7 @@ module Gitlab
       # https://gitlab.com/gitlab-org/gitaly/-/blob/bf9f52bc/client/dial.go#L78
       {
         'grpc.keepalive_time_ms': 20000,
-        'grpc.keepalive_permit_without_calls': 1,
-        'grpc.http2.max_pings_without_data': 0
+        'grpc.keepalive_permit_without_calls': 1
       }
     end
     private_class_method :channel_args
diff --git a/spec/features/admin/dashboard_spec.rb b/spec/features/admin/dashboard_spec.rb
index 112dc9e01d8..e7ff8c23a8c 100644
--- a/spec/features/admin/dashboard_spec.rb
+++ b/spec/features/admin/dashboard_spec.rb
@@ -53,4 +53,14 @@ RSpec.describe 'admin visits dashboard' do
       expect(page).to have_content('Active users 71')
     end
   end
+
+  describe 'Version check', :js do
+    it 'shows badge on CE' do
+      visit admin_root_path
+
+      page.within('.admin-dashboard') do
+        expect(find('.badge')).to have_content('Up to date')
+      end
+    end
+  end
 end
diff --git a/spec/support/shared_examples/models/clusters/elastic_stack_client_shared.rb b/spec/support/shared_examples/models/clusters/elastic_stack_client_shared.rb
index d3ce916cd64..744262d79ea 100644
--- a/spec/support/shared_examples/models/clusters/elastic_stack_client_shared.rb
+++ b/spec/support/shared_examples/models/clusters/elastic_stack_client_shared.rb
@@ -47,7 +47,7 @@ RSpec.shared_examples 'cluster-based #elasticsearch_client' do |factory|
       it 'copies proxy_url, options and headers from kube client to elasticsearch_client' do
         expect(Elasticsearch::Client)
           .to(receive(:new))
-          .with(url: a_valid_url)
+          .with(url: a_valid_url, adapter: :net_http)
           .and_call_original
 
         client = subject.elasticsearch_client