Add latest changes from gitlab-org/gitlab@12-4-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2019-12-06 13:49:32 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2019-12-06 13:49:32 +0000
commit: 97a41ac6af97842bb00222c5291f72e05c801481 (patch)
tree: abaa60ffa144e699b8ad6f2d8f83c61d8d2e031d
parent: 6051a4b29b5ac00937ece5d04dd79eab7e2b10f3 (diff)
download: gitlab-ce-97a41ac6af97842bb00222c5291f72e05c801481.tar.gz
6 files changed, 34 insertions, 8 deletions
diff --git a/CHANGELOG-EE.md b/CHANGELOG-EE.md
index b0e0af8e359..b5c2c266538 100644
--- a/CHANGELOG-EE.md
+++ b/CHANGELOG-EE.md
@@ -1,5 +1,21 @@
 Please view this file on the master branch, on stable branches it's out of date.
 
+## 12.4.5
+
+- No changes.
+
+## 12.4.4
+
+### Security (6 changes)
+
+- Protect Jira integration endpoints from guest users.
+- Fix private comment Elasticsearch leak on project search scope.
+- Filter snippet search results by feature visibility.
+- Hide AWS secret on Admin Integration page.
+- Fail pull mirror when mirror user is blocked.
+- Prevent IDOR when adding users to protected environments.
+
+
 ## 12.4.3
 
 ### Fixed (2 changes)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 77c1c6ddb7a..41f1fd85fb3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,17 +8,20 @@ entry.
 
 ## 12.4.4
 
-### Security (9 changes)
+### Security (12 changes)
 
-- Check permissions before showing a forked project's source.
+- Do not create todos for approvers without access. !1442
+- Limit potential for DNS rebind SSRF in chat notifications.
 - Encrypt application setting tokens.
 - Update Workhorse and Gitaly to fix a security issue.
+- Add maven file_name regex validation on incoming files.
 - Hide commit counts from guest users in Cycle Analytics.
-- Limit potential for DNS rebind SSRF in chat notifications.
+- Check permissions before showing a forked project's source.
 - Fix 500 error caused by invalid byte sequences in links.
 - Ensure are cleaned by ImportExport::AttributeCleaner.
 - Remove notes regarding Related Branches from Issue activity feeds for guest users.
 - Escape namespace in label references to prevent XSS.
+- Add authorization to using filter vulnerable in Dependency List.
 
 
 ## 12.4.3
diff --git a/VERSION b/VERSION
index dec1fa20e53..23707fee475 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-12.4.5
+12.4.5-ee
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 0b6846ccb72..1f39a7f5477 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -701,6 +701,9 @@ msgstr ""
 msgid "API Token"
 msgstr ""
 
+msgid "AWS Secret Access Key"
+msgstr ""
+
 msgid "Abort"
 msgstr ""
 
@@ -6129,6 +6132,9 @@ msgstr ""
 msgid "Enter merge request URLs"
 msgstr ""
 
+msgid "Enter new AWS Secret Access Key"
+msgstr ""
+
 msgid "Enter the issue description"
 msgstr ""
 
diff --git a/spec/features/groups/settings/group_badges_spec.rb b/spec/features/groups/settings/group_badges_spec.rb
index 9328fd9dcba..72e74df368b 100644
--- a/spec/features/groups/settings/group_badges_spec.rb
+++ b/spec/features/groups/settings/group_badges_spec.rb
@@ -7,8 +7,9 @@ describe 'Group Badges' do
 
   let(:user) { create(:user) }
   let(:group) { create(:group) }
-  let(:badge_link_url) { 'https://gitlab.com/gitlab-org/gitlab/commits/master'}
-  let(:badge_image_url) { 'https://gitlab.com/gitlab-org/gitlab/badges/master/build.svg'}
+  let(:project) { create(:project, namespace: group) }
+  let(:badge_link_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/commits/master" }
+  let(:badge_image_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/badges/master/pipeline.svg" }
   let!(:badge_1) { create(:group_badge, group: group) }
   let!(:badge_2) { create(:group_badge, group: group) }
 
diff --git a/spec/features/projects/settings/project_badges_spec.rb b/spec/features/projects/settings/project_badges_spec.rb
index 03d2f1cf044..c419bb1868c 100644
--- a/spec/features/projects/settings/project_badges_spec.rb
+++ b/spec/features/projects/settings/project_badges_spec.rb
@@ -8,8 +8,8 @@ describe 'Project Badges' do
   let(:user) { create(:user) }
   let(:group) { create(:group) }
   let(:project) { create(:project, namespace: group) }
-  let(:badge_link_url) { 'https://gitlab.com/gitlab-org/gitlab/commits/master'}
-  let(:badge_image_url) { 'https://gitlab.com/gitlab-org/gitlab/badges/master/build.svg'}
+  let(:badge_link_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/commits/master" }
+  let(:badge_image_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/badges/master/pipeline.svg" }
   let!(:project_badge) { create(:project_badge, project: project) }
   let!(:group_badge) { create(:group_badge, group: group) }
author	GitLab Bot <gitlab-bot@gitlab.com>	2019-12-06 13:49:32 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2019-12-06 13:49:32 +0000
commit	97a41ac6af97842bb00222c5291f72e05c801481 (patch)
tree	abaa60ffa144e699b8ad6f2d8f83c61d8d2e031d
parent	6051a4b29b5ac00937ece5d04dd79eab7e2b10f3 (diff)
download	gitlab-ce-97a41ac6af97842bb00222c5291f72e05c801481.tar.gz