Merge dev.gitlab.org master into GitLab.com master

10 files changed, 42 insertions, 36 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4985c607d57..e220d61b316 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,20 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 11.7.5 (2019-02-06)
+
+### Fixed (8 changes)
+
+- Fix import handling errors in Bitbucket Server importer. !24499
+- Adjusts suggestions unable to be applied. !24603
+- Fix 500 errors with legacy appearance logos. !24615
+- Fix form functionality for edit tag page. !24645
+- Update Workhorse to v8.0.2. !24870
+- Downcase aliased OAuth2 callback providers. !24877
+- Fix Detect Host Keys not working. !24884
+- Changed external wiki query method to prevent attribute caching. !24907
+
+
 ## 11.7.2 (2019-01-29)
 
 ### Fixed (1 change)
diff --git a/changelogs/unreleased/56424-fix-gl-form-init-tag-editing.yml b/changelogs/unreleased/56424-fix-gl-form-init-tag-editing.yml
deleted file mode 100644
index b19b4d650fd..00000000000
--- a/changelogs/unreleased/56424-fix-gl-form-init-tag-editing.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix form functionality for edit tag page
-merge_request: 24645
-author:
-type: fixed
diff --git a/changelogs/unreleased/fj-regression-external-wiki-url.yml b/changelogs/unreleased/fj-regression-external-wiki-url.yml
deleted file mode 100644
index d4f21dab982..00000000000
--- a/changelogs/unreleased/fj-regression-external-wiki-url.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Changed external wiki query method to prevent attribute caching
-merge_request: 24907
-author:
-type: fixed
diff --git a/changelogs/unreleased/osw-adjusts-suggestions-unable-to-be-applied.yml b/changelogs/unreleased/osw-adjusts-suggestions-unable-to-be-applied.yml
deleted file mode 100644
index 3ba62b92413..00000000000
--- a/changelogs/unreleased/osw-adjusts-suggestions-unable-to-be-applied.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Adjusts suggestions unable to be applied
-merge_request: 24603
-author:
-type: fixed
diff --git a/changelogs/unreleased/sh-fix-detect-host-keys.yml b/changelogs/unreleased/sh-fix-detect-host-keys.yml
deleted file mode 100644
index 993d7c35b18..00000000000
--- a/changelogs/unreleased/sh-fix-detect-host-keys.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix Detect Host Keys not working
-merge_request: 24884
-author:
-type: fixed
diff --git a/changelogs/unreleased/sh-fix-issue-9357.yml b/changelogs/unreleased/sh-fix-issue-9357.yml
deleted file mode 100644
index 756cd6047b8..00000000000
--- a/changelogs/unreleased/sh-fix-issue-9357.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix 500 errors with legacy appearance logos
-merge_request: 24615
-author:
-type: fixed
diff --git a/changelogs/unreleased/sh-fix-oauth2-callback-caps.yml b/changelogs/unreleased/sh-fix-oauth2-callback-caps.yml
deleted file mode 100644
index 8d17900cb79..00000000000
--- a/changelogs/unreleased/sh-fix-oauth2-callback-caps.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Downcase aliased OAuth2 callback providers
-merge_request: 24877
-author:
-type: fixed
diff --git a/changelogs/unreleased/sh-remove-bitbucket-mirror-constant.yml b/changelogs/unreleased/sh-remove-bitbucket-mirror-constant.yml
deleted file mode 100644
index 8c0b000220f..00000000000
--- a/changelogs/unreleased/sh-remove-bitbucket-mirror-constant.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix import handling errors in Bitbucket Server importer
-merge_request: 24499
-author:
-type: fixed
diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index 9f1394571d8..a1f0efa3c68 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -1116,7 +1116,9 @@ module API
 
     class Release < TagRelease
       expose :name
-      expose :description_html
+      expose :description_html do |entity|
+        MarkupHelper.markdown_field(entity, :description)
+      end
       expose :created_at
       expose :author, using: Entities::UserBasic, if: -> (release, _) { release.author.present? }
       expose :commit, using: Entities::Commit
diff --git a/spec/requests/api/releases_spec.rb b/spec/requests/api/releases_spec.rb
index 811e23fb854..1f317971a66 100644
--- a/spec/requests/api/releases_spec.rb
+++ b/spec/requests/api/releases_spec.rb
@@ -127,6 +127,31 @@ describe API::Releases do
           .to match_array(release.sources.map(&:url))
       end
 
+      context "when release description contains confidential issue's link" do
+        let(:confidential_issue) do
+          create(:issue,
+                 :confidential,
+                 project: project,
+                 title: 'A vulnerability')
+        end
+
+        let!(:release) do
+          create(:release,
+                 project: project,
+                 tag: 'v0.1',
+                 sha: commit.id,
+                 author: maintainer,
+                 description: "This is confidential #{confidential_issue.to_reference}")
+        end
+
+        it "does not expose confidential issue's title" do
+          get api("/projects/#{project.id}/releases/v0.1", maintainer)
+
+          expect(json_response['description_html']).to include(confidential_issue.to_reference)
+          expect(json_response['description_html']).not_to include('A vulnerability')
+        end
+      end
+
       context 'when release has link asset' do
         let!(:link) do
           create(:release_link,