diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-06 13:52:20 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-06 13:52:20 +0000 |
commit | e101b3064ee505a9d000c0d08d2bdf7446e30fcc (patch) | |
tree | a469e3b1d03361fd56fb77afd9f40397a1f1b78b | |
parent | 7d2eede7372805848bcdb6ee8e6469d5a0507d19 (diff) | |
download | gitlab-ce-e101b3064ee505a9d000c0d08d2bdf7446e30fcc.tar.gz |
Add latest changes from gitlab-org/gitlab@12-3-stable-ee
-rw-r--r-- | CHANGELOG-EE.md | 16 | ||||
-rw-r--r-- | CHANGELOG.md | 9 | ||||
-rw-r--r-- | VERSION | 2 | ||||
-rw-r--r-- | locale/gitlab.pot | 6 | ||||
-rw-r--r-- | spec/features/groups/settings/group_badges_spec.rb | 5 | ||||
-rw-r--r-- | spec/features/projects/settings/project_badges_spec.rb | 4 | ||||
-rw-r--r-- | spec/support/shared_examples/models/concern/issuable_shared_examples.rb | 2 |
7 files changed, 35 insertions, 9 deletions
diff --git a/CHANGELOG-EE.md b/CHANGELOG-EE.md index b5a8d2fa308..1ffbd78715d 100644 --- a/CHANGELOG-EE.md +++ b/CHANGELOG-EE.md @@ -1,5 +1,21 @@ Please view this file on the master branch, on stable branches it's out of date. +## 12.3.8 + +- No changes. + +## 12.3.7 + +### Security (6 changes) + +- Protect Jira integration endpoints from guest users. +- Fix private comment Elasticsearch leak on project search scope. +- Filter snippet search results by feature visibility. +- Hide AWS secret on Admin Integration page. +- Fail pull mirror when mirror user is blocked. +- Prevent IDOR when adding users to protected environments. + + ## 12.3.6 ### Security (4 changes) diff --git a/CHANGELOG.md b/CHANGELOG.md index 79dcefc8f66..b6920e2f33e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,17 +8,20 @@ entry. ## 12.3.7 -### Security (9 changes) +### Security (12 changes) -- Check permissions before showing a forked project's source. +- Do not create todos for approvers without access. !1442 +- Limit potential for DNS rebind SSRF in chat notifications. - Encrypt application setting tokens. - Update Workhorse and Gitaly to fix a security issue. +- Add maven file_name regex validation on incoming files. - Hide commit counts from guest users in Cycle Analytics. -- Limit potential for DNS rebind SSRF in chat notifications. +- Check permissions before showing a forked project's source. - Fix 500 error caused by invalid byte sequences in links. - Ensure are cleaned by ImportExport::AttributeCleaner. - Remove notes regarding Related Branches from Issue activity feeds for guest users. - Escape namespace in label references to prevent XSS. +- Add authorization to using filter vulnerable in Dependency List. ## 12.3.6 @@ -1 +1 @@ -12.3.8 +12.3.8-ee diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 3abee537e28..8f103c098c8 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -666,6 +666,9 @@ msgstr "" msgid "API Token" msgstr "" +msgid "AWS Secret Access Key" +msgstr "" + msgid "Abort" msgstr "" @@ -5653,6 +5656,9 @@ msgstr "" msgid "Enter merge request URLs" msgstr "" +msgid "Enter new AWS Secret Access Key" +msgstr "" + msgid "Enter the issue description" msgstr "" diff --git a/spec/features/groups/settings/group_badges_spec.rb b/spec/features/groups/settings/group_badges_spec.rb index 9328fd9dcba..72e74df368b 100644 --- a/spec/features/groups/settings/group_badges_spec.rb +++ b/spec/features/groups/settings/group_badges_spec.rb @@ -7,8 +7,9 @@ describe 'Group Badges' do let(:user) { create(:user) } let(:group) { create(:group) } - let(:badge_link_url) { 'https://gitlab.com/gitlab-org/gitlab/commits/master'} - let(:badge_image_url) { 'https://gitlab.com/gitlab-org/gitlab/badges/master/build.svg'} + let(:project) { create(:project, namespace: group) } + let(:badge_link_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/commits/master" } + let(:badge_image_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/badges/master/pipeline.svg" } let!(:badge_1) { create(:group_badge, group: group) } let!(:badge_2) { create(:group_badge, group: group) } diff --git a/spec/features/projects/settings/project_badges_spec.rb b/spec/features/projects/settings/project_badges_spec.rb index 03d2f1cf044..c419bb1868c 100644 --- a/spec/features/projects/settings/project_badges_spec.rb +++ b/spec/features/projects/settings/project_badges_spec.rb @@ -8,8 +8,8 @@ describe 'Project Badges' do let(:user) { create(:user) } let(:group) { create(:group) } let(:project) { create(:project, namespace: group) } - let(:badge_link_url) { 'https://gitlab.com/gitlab-org/gitlab/commits/master'} - let(:badge_image_url) { 'https://gitlab.com/gitlab-org/gitlab/badges/master/build.svg'} + let(:badge_link_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/commits/master" } + let(:badge_image_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/badges/master/pipeline.svg" } let!(:project_badge) { create(:project_badge, project: project) } let!(:group_badge) { create(:group_badge, group: group) } diff --git a/spec/support/shared_examples/models/concern/issuable_shared_examples.rb b/spec/support/shared_examples/models/concern/issuable_shared_examples.rb index 9604555c57d..c7adfe39788 100644 --- a/spec/support/shared_examples/models/concern/issuable_shared_examples.rb +++ b/spec/support/shared_examples/models/concern/issuable_shared_examples.rb @@ -2,7 +2,7 @@ shared_examples_for 'matches_cross_reference_regex? fails fast' do it 'fails fast for long strings' do # took well under 1 second in CI https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/3267#note_172823 expect do - Timeout.timeout(3.seconds) { mentionable.matches_cross_reference_regex? } + Timeout.timeout(6.seconds) { mentionable.matches_cross_reference_regex? } end.not_to raise_error end end |