diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-02-08 16:54:12 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-02-08 16:54:12 +0000 |
commit | 9104dda057cc7f2c65f07e509013f3cff10db590 (patch) | |
tree | 74af16bfb1bc2afc23fb385727fda39b0f211862 | |
parent | 2b77b43bec240eb5ed2c5422eb810df5eb8edfcc (diff) | |
download | gitlab-ce-9104dda057cc7f2c65f07e509013f3cff10db590.tar.gz |
Add latest changes from gitlab-org/gitlab@14-7-stable-ee
-rw-r--r-- | Gemfile.lock | 2 | ||||
-rw-r--r-- | app/assets/javascripts/pages/admin/index.js | 2 | ||||
-rw-r--r-- | app/controllers/application_controller.rb | 2 | ||||
-rw-r--r-- | app/models/clusters/concerns/elasticsearch_client.rb | 2 | ||||
-rw-r--r-- | data/whats_new/202201200001_14_07.yml | 42 | ||||
-rw-r--r-- | lib/gitlab/gitaly_client.rb | 3 | ||||
-rw-r--r-- | spec/features/admin/dashboard_spec.rb | 10 | ||||
-rw-r--r-- | spec/support/shared_examples/models/clusters/elastic_stack_client_shared.rb | 2 |
8 files changed, 59 insertions, 6 deletions
diff --git a/Gemfile.lock b/Gemfile.lock index 797a72ce943..4fd0bf053c4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1121,7 +1121,7 @@ GEM rubocop-ast (>= 0.7.1) ruby-fogbugz (0.2.1) crack (~> 0.4) - ruby-magic (0.5.3) + ruby-magic (0.5.4) mini_portile2 (~> 2.6) ruby-prof (1.3.1) ruby-progressbar (1.11.0) diff --git a/app/assets/javascripts/pages/admin/index.js b/app/assets/javascripts/pages/admin/index.js index 8d5dfd689e8..f0f85b82e2b 100644 --- a/app/assets/javascripts/pages/admin/index.js +++ b/app/assets/javascripts/pages/admin/index.js @@ -1,8 +1,10 @@ +import initGitlabVersionCheck from '~/gitlab_version_check'; import initAdminStatisticsPanel from '../../admin/statistics_panel/index'; import initVueAlerts from '../../vue_alerts'; import initAdmin from './admin'; initVueAlerts(); +initGitlabVersionCheck(); const statisticsPanelContainer = document.getElementById('js-admin-statistics-container'); initAdmin(); diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index d3ecbdcc1f6..8e758c669db 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -273,7 +273,7 @@ class ApplicationController < ActionController::Base end def default_headers - headers['X-Frame-Options'] = 'DENY' + headers['X-Frame-Options'] = 'SAMEORIGIN' headers['X-XSS-Protection'] = '1; mode=block' headers['X-UA-Compatible'] = 'IE=edge' headers['X-Content-Type-Options'] = 'nosniff' diff --git a/app/models/clusters/concerns/elasticsearch_client.rb b/app/models/clusters/concerns/elasticsearch_client.rb index 7b0b6bdae02..e9aab7897a8 100644 --- a/app/models/clusters/concerns/elasticsearch_client.rb +++ b/app/models/clusters/concerns/elasticsearch_client.rb @@ -15,7 +15,7 @@ module Clusters proxy_url = kube_client.proxy_url('service', service_name, ELASTICSEARCH_PORT, ELASTICSEARCH_NAMESPACE) - Elasticsearch::Client.new(url: proxy_url) do |faraday| + Elasticsearch::Client.new(url: proxy_url, adapter: :net_http) do |faraday| # ensures headers containing auth data are appended to original client options faraday.headers.merge!(kube_client.headers) # ensure TLS certs are properly verified diff --git a/data/whats_new/202201200001_14_07.yml b/data/whats_new/202201200001_14_07.yml new file mode 100644 index 00000000000..4f260ee8a8c --- /dev/null +++ b/data/whats_new/202201200001_14_07.yml @@ -0,0 +1,42 @@ +- title: GitLab Runner compliant with FIPS 140-2 + body: | + For some GitLab customers, U.S. government regulatory requirements require the use of FIPS (Federal Information Processing Standards) compliant software. The FIPS 140-2 and FIPS 140-3 publications define the security requirements for cryptographic modules used in computer and telecommunication systems, and within cyber systems that protect sensitive information. GitLab Runner is now FIPS 140-2 compliant for AMD64 compute architectures and Red Hat Enterprise Linux (RHEL) distributions. Refer to [this epic](https://gitlab.com/groups/gitlab-org/-/epics/5104) to follow the discussions about making GitLab FIPS compliant. + stage: Verify + self-managed: true + gitlab-com: false + packages: [Free, Premium, Ultimate] + url: 'https://docs.gitlab.com/runner/install/index.html#fips-compliant-gitlab-runner' + image_url: https://about.gitlab.com/images/growth/verify.png + published_at: 2022-01-22 + release: 14.7 +- title: Streaming audit events + body: | + You can now stream audit events to a destination of your choosing! This is a great way to correlate GitLab audit events with other data streams you have, maintain a backup of audit events, or build out your own automation to take action when a specific audit event happens. + + You can specify an HTTPS endpoint with our new GraphQL API and events are sent to it as webhooks. These messages contain the same information as the Audit Events UI about what type of change happened, when it happened, who was involved, as well as some additional metadata. + + After you receive those messages, you can filter based on person, type, or inject that data into another third-party tool. This is a great way to trigger any custom automation you have built if, for example, a new user is created or a key setting is changed. We're excited to see what you use streaming audit events for and would love to hear from you about it! Let us know by commenting on the [epic](https://gitlab.com/groups/gitlab-org/-/epics/5925). + stage: Manage + self-managed: true + gitlab-com: true + packages: [Ultimate] + url: 'https://docs.gitlab.com/ee/administration/audit_event_streaming.html' + image_url: https://about.gitlab.com/images/growth/manage.jpg + published_at: 2022-01-22 + release: 14.7 +- title: Group access tokens + body: | + With group access tokens, you can use a single token to perform actions for groups, manage the projects within the group, and, in GitLab 14.2 and later, authenticate with Git over HTTPS. + + Previously, group access tokens were limited to self-managed instances only, and could only be generated using the Rails console. Now, you can create group access tokens using the UI and API. You can define token name, expiration date, and scope. You can also revoke an existing group access token. + + Thank you [Fabio Huser](https://gitlab.com/fh1ch) for your contribution! + stage: Manage + self-managed: true + gitlab-com: true + packages: [Free, Premium, Ultimate] + url: 'https://docs.gitlab.com/ee/user/group/settings/group_access_tokens.html' + image_url: https://about.gitlab.com/images/14_7/group_access_token.png + published_at: 2022-01-22 + release: 14.7 + diff --git a/lib/gitlab/gitaly_client.rb b/lib/gitlab/gitaly_client.rb index cc3f20ab774..a824f97e197 100644 --- a/lib/gitlab/gitaly_client.rb +++ b/lib/gitlab/gitaly_client.rb @@ -56,8 +56,7 @@ module Gitlab # https://gitlab.com/gitlab-org/gitaly/-/blob/bf9f52bc/client/dial.go#L78 { 'grpc.keepalive_time_ms': 20000, - 'grpc.keepalive_permit_without_calls': 1, - 'grpc.http2.max_pings_without_data': 0 + 'grpc.keepalive_permit_without_calls': 1 } end private_class_method :channel_args diff --git a/spec/features/admin/dashboard_spec.rb b/spec/features/admin/dashboard_spec.rb index 112dc9e01d8..e7ff8c23a8c 100644 --- a/spec/features/admin/dashboard_spec.rb +++ b/spec/features/admin/dashboard_spec.rb @@ -53,4 +53,14 @@ RSpec.describe 'admin visits dashboard' do expect(page).to have_content('Active users 71') end end + + describe 'Version check', :js do + it 'shows badge on CE' do + visit admin_root_path + + page.within('.admin-dashboard') do + expect(find('.badge')).to have_content('Up to date') + end + end + end end diff --git a/spec/support/shared_examples/models/clusters/elastic_stack_client_shared.rb b/spec/support/shared_examples/models/clusters/elastic_stack_client_shared.rb index d3ce916cd64..744262d79ea 100644 --- a/spec/support/shared_examples/models/clusters/elastic_stack_client_shared.rb +++ b/spec/support/shared_examples/models/clusters/elastic_stack_client_shared.rb @@ -47,7 +47,7 @@ RSpec.shared_examples 'cluster-based #elasticsearch_client' do |factory| it 'copies proxy_url, options and headers from kube client to elasticsearch_client' do expect(Elasticsearch::Client) .to(receive(:new)) - .with(url: a_valid_url) + .with(url: a_valid_url, adapter: :net_http) .and_call_original client = subject.elasticsearch_client |