Add latest changes from gitlab-org/gitlab@12-3-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2019-12-06 13:52:20 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2019-12-06 13:52:20 +0000
commit: e101b3064ee505a9d000c0d08d2bdf7446e30fcc (patch)
tree: a469e3b1d03361fd56fb77afd9f40397a1f1b78b
parent: 7d2eede7372805848bcdb6ee8e6469d5a0507d19 (diff)
download: gitlab-ce-e101b3064ee505a9d000c0d08d2bdf7446e30fcc.tar.gz
7 files changed, 35 insertions, 9 deletions
diff --git a/CHANGELOG-EE.md b/CHANGELOG-EE.md
index b5a8d2fa308..1ffbd78715d 100644
--- a/CHANGELOG-EE.md
+++ b/CHANGELOG-EE.md
@@ -1,5 +1,21 @@
 Please view this file on the master branch, on stable branches it's out of date.
 
+## 12.3.8
+
+- No changes.
+
+## 12.3.7
+
+### Security (6 changes)
+
+- Protect Jira integration endpoints from guest users.
+- Fix private comment Elasticsearch leak on project search scope.
+- Filter snippet search results by feature visibility.
+- Hide AWS secret on Admin Integration page.
+- Fail pull mirror when mirror user is blocked.
+- Prevent IDOR when adding users to protected environments.
+
+
 ## 12.3.6
 
 ### Security (4 changes)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 79dcefc8f66..b6920e2f33e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,17 +8,20 @@ entry.
 
 ## 12.3.7
 
-### Security (9 changes)
+### Security (12 changes)
 
-- Check permissions before showing a forked project's source.
+- Do not create todos for approvers without access. !1442
+- Limit potential for DNS rebind SSRF in chat notifications.
 - Encrypt application setting tokens.
 - Update Workhorse and Gitaly to fix a security issue.
+- Add maven file_name regex validation on incoming files.
 - Hide commit counts from guest users in Cycle Analytics.
-- Limit potential for DNS rebind SSRF in chat notifications.
+- Check permissions before showing a forked project's source.
 - Fix 500 error caused by invalid byte sequences in links.
 - Ensure are cleaned by ImportExport::AttributeCleaner.
 - Remove notes regarding Related Branches from Issue activity feeds for guest users.
 - Escape namespace in label references to prevent XSS.
+- Add authorization to using filter vulnerable in Dependency List.
 
 
 ## 12.3.6
diff --git a/VERSION b/VERSION
index 212464673d6..c3c90f17940 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-12.3.8
+12.3.8-ee
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 3abee537e28..8f103c098c8 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -666,6 +666,9 @@ msgstr ""
 msgid "API Token"
 msgstr ""
 
+msgid "AWS Secret Access Key"
+msgstr ""
+
 msgid "Abort"
 msgstr ""
 
@@ -5653,6 +5656,9 @@ msgstr ""
 msgid "Enter merge request URLs"
 msgstr ""
 
+msgid "Enter new AWS Secret Access Key"
+msgstr ""
+
 msgid "Enter the issue description"
 msgstr ""
 
diff --git a/spec/features/groups/settings/group_badges_spec.rb b/spec/features/groups/settings/group_badges_spec.rb
index 9328fd9dcba..72e74df368b 100644
--- a/spec/features/groups/settings/group_badges_spec.rb
+++ b/spec/features/groups/settings/group_badges_spec.rb
@@ -7,8 +7,9 @@ describe 'Group Badges' do
 
   let(:user) { create(:user) }
   let(:group) { create(:group) }
-  let(:badge_link_url) { 'https://gitlab.com/gitlab-org/gitlab/commits/master'}
-  let(:badge_image_url) { 'https://gitlab.com/gitlab-org/gitlab/badges/master/build.svg'}
+  let(:project) { create(:project, namespace: group) }
+  let(:badge_link_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/commits/master" }
+  let(:badge_image_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/badges/master/pipeline.svg" }
   let!(:badge_1) { create(:group_badge, group: group) }
   let!(:badge_2) { create(:group_badge, group: group) }
 
diff --git a/spec/features/projects/settings/project_badges_spec.rb b/spec/features/projects/settings/project_badges_spec.rb
index 03d2f1cf044..c419bb1868c 100644
--- a/spec/features/projects/settings/project_badges_spec.rb
+++ b/spec/features/projects/settings/project_badges_spec.rb
@@ -8,8 +8,8 @@ describe 'Project Badges' do
   let(:user) { create(:user) }
   let(:group) { create(:group) }
   let(:project) { create(:project, namespace: group) }
-  let(:badge_link_url) { 'https://gitlab.com/gitlab-org/gitlab/commits/master'}
-  let(:badge_image_url) { 'https://gitlab.com/gitlab-org/gitlab/badges/master/build.svg'}
+  let(:badge_link_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/commits/master" }
+  let(:badge_image_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/badges/master/pipeline.svg" }
   let!(:project_badge) { create(:project_badge, project: project) }
   let!(:group_badge) { create(:group_badge, group: group) }
 
diff --git a/spec/support/shared_examples/models/concern/issuable_shared_examples.rb b/spec/support/shared_examples/models/concern/issuable_shared_examples.rb
index 9604555c57d..c7adfe39788 100644
--- a/spec/support/shared_examples/models/concern/issuable_shared_examples.rb
+++ b/spec/support/shared_examples/models/concern/issuable_shared_examples.rb
@@ -2,7 +2,7 @@ shared_examples_for 'matches_cross_reference_regex? fails fast' do
   it 'fails fast for long strings' do
     # took well under 1 second in CI https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/3267#note_172823
     expect do
-      Timeout.timeout(3.seconds) { mentionable.matches_cross_reference_regex? }
+      Timeout.timeout(6.seconds) { mentionable.matches_cross_reference_regex? }
     end.not_to raise_error
   end
 end
author	GitLab Bot <gitlab-bot@gitlab.com>	2019-12-06 13:52:20 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2019-12-06 13:52:20 +0000
commit	e101b3064ee505a9d000c0d08d2bdf7446e30fcc (patch)
tree	a469e3b1d03361fd56fb77afd9f40397a1f1b78b
parent	7d2eede7372805848bcdb6ee8e6469d5a0507d19 (diff)
download	gitlab-ce-e101b3064ee505a9d000c0d08d2bdf7446e30fcc.tar.gz