diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-06 13:49:32 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-06 13:49:32 +0000 |
commit | 97a41ac6af97842bb00222c5291f72e05c801481 (patch) | |
tree | abaa60ffa144e699b8ad6f2d8f83c61d8d2e031d | |
parent | 6051a4b29b5ac00937ece5d04dd79eab7e2b10f3 (diff) | |
download | gitlab-ce-97a41ac6af97842bb00222c5291f72e05c801481.tar.gz |
Add latest changes from gitlab-org/gitlab@12-4-stable-ee
-rw-r--r-- | CHANGELOG-EE.md | 16 | ||||
-rw-r--r-- | CHANGELOG.md | 9 | ||||
-rw-r--r-- | VERSION | 2 | ||||
-rw-r--r-- | locale/gitlab.pot | 6 | ||||
-rw-r--r-- | spec/features/groups/settings/group_badges_spec.rb | 5 | ||||
-rw-r--r-- | spec/features/projects/settings/project_badges_spec.rb | 4 |
6 files changed, 34 insertions, 8 deletions
diff --git a/CHANGELOG-EE.md b/CHANGELOG-EE.md index b0e0af8e359..b5c2c266538 100644 --- a/CHANGELOG-EE.md +++ b/CHANGELOG-EE.md @@ -1,5 +1,21 @@ Please view this file on the master branch, on stable branches it's out of date. +## 12.4.5 + +- No changes. + +## 12.4.4 + +### Security (6 changes) + +- Protect Jira integration endpoints from guest users. +- Fix private comment Elasticsearch leak on project search scope. +- Filter snippet search results by feature visibility. +- Hide AWS secret on Admin Integration page. +- Fail pull mirror when mirror user is blocked. +- Prevent IDOR when adding users to protected environments. + + ## 12.4.3 ### Fixed (2 changes) diff --git a/CHANGELOG.md b/CHANGELOG.md index 77c1c6ddb7a..41f1fd85fb3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,17 +8,20 @@ entry. ## 12.4.4 -### Security (9 changes) +### Security (12 changes) -- Check permissions before showing a forked project's source. +- Do not create todos for approvers without access. !1442 +- Limit potential for DNS rebind SSRF in chat notifications. - Encrypt application setting tokens. - Update Workhorse and Gitaly to fix a security issue. +- Add maven file_name regex validation on incoming files. - Hide commit counts from guest users in Cycle Analytics. -- Limit potential for DNS rebind SSRF in chat notifications. +- Check permissions before showing a forked project's source. - Fix 500 error caused by invalid byte sequences in links. - Ensure are cleaned by ImportExport::AttributeCleaner. - Remove notes regarding Related Branches from Issue activity feeds for guest users. - Escape namespace in label references to prevent XSS. +- Add authorization to using filter vulnerable in Dependency List. ## 12.4.3 @@ -1 +1 @@ -12.4.5 +12.4.5-ee diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 0b6846ccb72..1f39a7f5477 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -701,6 +701,9 @@ msgstr "" msgid "API Token" msgstr "" +msgid "AWS Secret Access Key" +msgstr "" + msgid "Abort" msgstr "" @@ -6129,6 +6132,9 @@ msgstr "" msgid "Enter merge request URLs" msgstr "" +msgid "Enter new AWS Secret Access Key" +msgstr "" + msgid "Enter the issue description" msgstr "" diff --git a/spec/features/groups/settings/group_badges_spec.rb b/spec/features/groups/settings/group_badges_spec.rb index 9328fd9dcba..72e74df368b 100644 --- a/spec/features/groups/settings/group_badges_spec.rb +++ b/spec/features/groups/settings/group_badges_spec.rb @@ -7,8 +7,9 @@ describe 'Group Badges' do let(:user) { create(:user) } let(:group) { create(:group) } - let(:badge_link_url) { 'https://gitlab.com/gitlab-org/gitlab/commits/master'} - let(:badge_image_url) { 'https://gitlab.com/gitlab-org/gitlab/badges/master/build.svg'} + let(:project) { create(:project, namespace: group) } + let(:badge_link_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/commits/master" } + let(:badge_image_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/badges/master/pipeline.svg" } let!(:badge_1) { create(:group_badge, group: group) } let!(:badge_2) { create(:group_badge, group: group) } diff --git a/spec/features/projects/settings/project_badges_spec.rb b/spec/features/projects/settings/project_badges_spec.rb index 03d2f1cf044..c419bb1868c 100644 --- a/spec/features/projects/settings/project_badges_spec.rb +++ b/spec/features/projects/settings/project_badges_spec.rb @@ -8,8 +8,8 @@ describe 'Project Badges' do let(:user) { create(:user) } let(:group) { create(:group) } let(:project) { create(:project, namespace: group) } - let(:badge_link_url) { 'https://gitlab.com/gitlab-org/gitlab/commits/master'} - let(:badge_image_url) { 'https://gitlab.com/gitlab-org/gitlab/badges/master/build.svg'} + let(:badge_link_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/commits/master" } + let(:badge_image_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/badges/master/pipeline.svg" } let!(:project_badge) { create(:project_badge, project: project) } let!(:group_badge) { create(:group_badge, group: group) } |