Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-11-30 12:07:06 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-11-30 12:07:06 +0000
commit: 7aa22e9a103b049dd2da70045a5822c51164f7db (patch)
tree: f741dded2bd2965e9e9b7ce4c680e2ddaf0aa3d3
parent: 5c229c2ebe3304a58afd1d40418410a8c3723ea5 (diff)
download: gitlab-ce-7aa22e9a103b049dd2da70045a5822c51164f7db.tar.gz
41 files changed, 306 insertions, 239 deletions
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index db6166dc4c2..cabdb0c1288 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-fa40f12667f4a271a9dd6750c90465afdcb1f3d8
+ff3095c307c9223585ffe01d3e013929aa6279d8
diff --git a/app/assets/javascripts/awards_handler.js b/app/assets/javascripts/awards_handler.js
index 9ab1d6bfd80..1855fb9ed8c 100644
--- a/app/assets/javascripts/awards_handler.js
+++ b/app/assets/javascripts/awards_handler.js
@@ -2,7 +2,7 @@
 
 import { GlBreakpointInstance as bp } from '@gitlab/ui/dist/utils';
 import $ from 'jquery';
-import { uniq } from 'lodash';
+import { uniq, escape } from 'lodash';
 import { getEmojiScoreWithIntent } from '~/emoji/utils';
 import { getCookie, setCookie, scrollToElement } from '~/lib/utils/common_utils';
 import * as Emoji from '~/emoji';
@@ -149,7 +149,7 @@ export class AwardsHandler {
     let frequentlyUsedCatgegory = '';
     if (frequentlyUsedEmojis.length > 0) {
       frequentlyUsedCatgegory = this.renderCategory('Frequently used', frequentlyUsedEmojis, {
-        menuListClass: 'frequent-emojis',
+        frequentEmojis: true,
       });
     }
 
@@ -228,9 +228,9 @@ export class AwardsHandler {
   renderCategory(name, emojiList, opts = {}) {
     return `
       <h5 class="emoji-menu-title">
-        ${name}
+        ${escape(name)}
       </h5>
-      <ul class="clearfix emoji-menu-list ${opts.menuListClass || ''}">
+      <ul class="clearfix emoji-menu-list ${opts.frequentEmojis ? 'frequent-emojis' : ''}">
         ${emojiList
           .map(
             (emojiName) => `
diff --git a/app/assets/javascripts/gfm_auto_complete.js b/app/assets/javascripts/gfm_auto_complete.js
index 18647cca0b2..293cd2df16f 100644
--- a/app/assets/javascripts/gfm_auto_complete.js
+++ b/app/assets/javascripts/gfm_auto_complete.js
@@ -997,7 +997,7 @@ GfmAutoComplete.Issues = {
     return value.reference || '${atwho-at}${id}';
   },
   templateFunction({ id, title, reference }) {
-    return `<li><small>${reference || id}</small> ${escape(title)}</li>`;
+    return `<li><small>${escape(reference || id)}</small> ${escape(title)}</li>`;
   },
 };
 // Milestones
diff --git a/app/assets/javascripts/lib/utils/common_utils.js b/app/assets/javascripts/lib/utils/common_utils.js
index beced4f9144..9ef8eee2132 100644
--- a/app/assets/javascripts/lib/utils/common_utils.js
+++ b/app/assets/javascripts/lib/utils/common_utils.js
@@ -4,7 +4,7 @@
 
 import { GlBreakpointInstance as breakpointInstance } from '@gitlab/ui/dist/utils';
 import $ from 'jquery';
-import { isFunction, defer } from 'lodash';
+import { isFunction, defer, escape } from 'lodash';
 import Cookies from '~/lib/utils/cookies';
 import { SCOPED_LABEL_DELIMITER } from '~/vue_shared/components/sidebar/labels_select_widget/constants';
 import { convertToCamelCase, convertToSnakeCase } from './text_utility';
@@ -469,7 +469,7 @@ export const backOff = (fn, timeout = 60000) => {
 export const spriteIcon = (icon, className = '') => {
   const classAttribute = className.length > 0 ? `class="${className}"` : '';
 
-  return `<svg ${classAttribute}><use xlink:href="${gon.sprite_icons}#${icon}" /></svg>`;
+  return `<svg ${classAttribute}><use xlink:href="${gon.sprite_icons}#${escape(icon)}" /></svg>`;
 };
 
 /**
diff --git a/app/assets/javascripts/projects/settings/access_dropdown.js b/app/assets/javascripts/projects/settings/access_dropdown.js
index 335545c802a..dcf7415a444 100644
--- a/app/assets/javascripts/projects/settings/access_dropdown.js
+++ b/app/assets/javascripts/projects/settings/access_dropdown.js
@@ -580,7 +580,7 @@ export default class AccessDropdown {
     return `
       <li>
         <a href="#" class="${isActiveClass} item-${role.type}" data-role-id="${role.id}">
-          ${role.text}
+          ${escape(role.text)}
         </a>
       </li>
     `;
diff --git a/app/models/appearance.rb b/app/models/appearance.rb
index bd948c2c32a..03fbf0d176c 100644
--- a/app/models/appearance.rb
+++ b/app/models/appearance.rb
@@ -3,7 +3,6 @@
 class Appearance < ApplicationRecord
   include CacheableAttributes
   include CacheMarkdownField
-  include ObjectStorage::BackgroundMove
   include WithUploads
 
   attribute :title, default: ''
diff --git a/app/models/bulk_imports/export_upload.rb b/app/models/bulk_imports/export_upload.rb
index a9cba5119af..4304032b28c 100644
--- a/app/models/bulk_imports/export_upload.rb
+++ b/app/models/bulk_imports/export_upload.rb
@@ -3,7 +3,6 @@
 module BulkImports
   class ExportUpload < ApplicationRecord
     include WithUploads
-    include ObjectStorage::BackgroundMove
 
     self.table_name = 'bulk_import_export_uploads'
 
diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb
index 9ad1331b948..40b46a3a342 100644
--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@@ -7,7 +7,6 @@ module Ci
     include Ci::Contextable
     include TokenAuthenticatable
     include AfterCommitQueue
-    include ObjectStorage::BackgroundMove
     include Presentable
     include Importable
     include Ci::HasRef
diff --git a/app/models/ci/job_artifact.rb b/app/models/ci/job_artifact.rb
index 922806a21c3..af233609a3b 100644
--- a/app/models/ci/job_artifact.rb
+++ b/app/models/ci/job_artifact.rb
@@ -5,7 +5,6 @@ module Ci
     include Ci::Partitionable
     include IgnorableColumns
     include AfterCommitQueue
-    include ObjectStorage::BackgroundMove
     include UpdateProjectStatistics
     include UsageStatistics
     include Sortable
diff --git a/app/models/concerns/avatarable.rb b/app/models/concerns/avatarable.rb
index b32502c3ee2..f419fa8518e 100644
--- a/app/models/concerns/avatarable.rb
+++ b/app/models/concerns/avatarable.rb
@@ -16,7 +16,6 @@ module Avatarable
 
   included do
     prepend ShadowMethods
-    include ObjectStorage::BackgroundMove
     include Gitlab::Utils::StrongMemoize
     include ApplicationHelper
 
diff --git a/app/models/container_repository.rb b/app/models/container_repository.rb
index 7da4e31b472..db0fcd915b3 100644
--- a/app/models/container_repository.rb
+++ b/app/models/container_repository.rb
@@ -98,6 +98,8 @@ class ContainerRepository < ApplicationRecord
     )
   end
 
+  before_update :set_status_updated_at_to_now, if: :status_changed?
+
   state_machine :migration_state, initial: :default, use_transactions: false do
     state :pre_importing do
       validates :migration_pre_import_started_at, presence: true
@@ -521,11 +523,20 @@ class ContainerRepository < ApplicationRecord
   end
 
   def set_delete_ongoing_status
-    update_columns(status: :delete_ongoing, delete_started_at: Time.zone.now)
+    now = Time.zone.now
+    update_columns(
+      status: :delete_ongoing,
+      delete_started_at: now,
+      status_updated_at: now
+    )
   end
 
   def set_delete_scheduled_status
-    update_columns(status: :delete_scheduled, delete_started_at: nil)
+    update_columns(
+      status: :delete_scheduled,
+      delete_started_at: nil,
+      status_updated_at: Time.zone.now
+    )
   end
 
   def migration_in_active_state?
@@ -623,6 +634,10 @@ class ContainerRepository < ApplicationRecord
       tag
     end
   end
+
+  def set_status_updated_at_to_now
+    self.status_updated_at = Time.zone.now
+  end
 end
 
 ContainerRepository.prepend_mod_with('ContainerRepository')
diff --git a/app/models/import_export_upload.rb b/app/models/import_export_upload.rb
index bc363cce8dd..bdb53653637 100644
--- a/app/models/import_export_upload.rb
+++ b/app/models/import_export_upload.rb
@@ -2,7 +2,6 @@
 
 class ImportExportUpload < ApplicationRecord
   include WithUploads
-  include ObjectStorage::BackgroundMove
 
   belongs_to :project
   belongs_to :group
diff --git a/app/models/lfs_object.rb b/app/models/lfs_object.rb
index 8aa48561e60..e1f28c0e117 100644
--- a/app/models/lfs_object.rb
+++ b/app/models/lfs_object.rb
@@ -4,7 +4,6 @@ class LfsObject < ApplicationRecord
   include AfterCommitQueue
   include Checksummable
   include EachBatch
-  include ObjectStorage::BackgroundMove
   include FileStoreMounter
 
   has_many :lfs_objects_projects
diff --git a/app/models/merge_request_diff.rb b/app/models/merge_request_diff.rb
index 08c56131d78..40b2a8d16be 100644
--- a/app/models/merge_request_diff.rb
+++ b/app/models/merge_request_diff.rb
@@ -6,7 +6,6 @@ class MergeRequestDiff < ApplicationRecord
   include ManualInverseAssociation
   include EachBatch
   include Gitlab::Utils::StrongMemoize
-  include ObjectStorage::BackgroundMove
   include BulkInsertableAssociations
 
   # Don't display more than 100 commits at once
diff --git a/app/models/projects/import_export/relation_export_upload.rb b/app/models/projects/import_export/relation_export_upload.rb
index 965dc39d19f..12cfb3415d8 100644
--- a/app/models/projects/import_export/relation_export_upload.rb
+++ b/app/models/projects/import_export/relation_export_upload.rb
@@ -4,7 +4,6 @@ module Projects
   module ImportExport
     class RelationExportUpload < ApplicationRecord
       include WithUploads
-      include ObjectStorage::BackgroundMove
 
       self.table_name = 'project_relation_export_uploads'
 
diff --git a/app/services/users/migrate_records_to_ghost_user_service.rb b/app/services/users/migrate_records_to_ghost_user_service.rb
index 2d92aaed7da..5d518803315 100644
--- a/app/services/users/migrate_records_to_ghost_user_service.rb
+++ b/app/services/users/migrate_records_to_ghost_user_service.rb
@@ -42,6 +42,7 @@ module Users
       migrate_award_emoji
       migrate_snippets
       migrate_reviews
+      migrate_releases
     end
 
     def post_migrate_records
@@ -96,6 +97,10 @@ module Users
       batched_migrate(Review, :author_id)
     end
 
+    def migrate_releases
+      batched_migrate(Release, :author_id)
+    end
+
     # rubocop:disable CodeReuse/ActiveRecord
     def batched_migrate(base_scope, column, batch_size: 50)
       loop do
diff --git a/app/uploaders/file_mover.rb b/app/uploaders/file_mover.rb
index 95bc2680ed6..92ab2d88b41 100644
--- a/app/uploaders/file_mover.rb
+++ b/app/uploaders/file_mover.rb
@@ -24,7 +24,6 @@ class FileMover
 
     if update_markdown
       update_upload_model
-      uploader.schedule_background_upload
     end
   end
 
diff --git a/app/uploaders/file_uploader.rb b/app/uploaders/file_uploader.rb
index 7250ce5c0b0..f947f70985c 100644
--- a/app/uploaders/file_uploader.rb
+++ b/app/uploaders/file_uploader.rb
@@ -27,10 +27,6 @@ class FileUploader < GitlabUploader
 
   after :remove, :prune_store_dir
 
-  # FileUploader do not run in a model transaction, so we can simply
-  # enqueue a job after the :store hook.
-  after :store, :schedule_background_upload
-
   def self.root
     File.join(options.storage_path, 'uploads')
   end
diff --git a/app/uploaders/object_storage.rb b/app/uploaders/object_storage.rb
index ac764b219b1..c07ca3b8107 100644
--- a/app/uploaders/object_storage.rb
+++ b/app/uploaders/object_storage.rb
@@ -67,10 +67,6 @@ module ObjectStorage
         super
       end
 
-      def schedule_background_upload(*args)
-        # TODO remove this method https://gitlab.com/gitlab-com/gl-infra/scalability/-/issues/1690
-      end
-
       def exclusive_lease_key
         # For FileUploaders, model may have many uploaders. In that case
         # we want to use exclusive key per upload, not per model to allow
@@ -93,40 +89,6 @@ module ObjectStorage
     end
   end
 
-  # Add support for automatic background uploading after the file is stored.
-  #
-  module BackgroundMove
-    extend ActiveSupport::Concern
-
-    def background_upload(mount_points = [])
-      return unless mount_points.any?
-
-      run_after_commit do
-        mount_points.each { |mount| send(mount).schedule_background_upload } # rubocop:disable GitlabSecurity/PublicSend
-      end
-    end
-
-    def changed_mounts
-      self.class.uploaders.select do |mount, uploader_class|
-        mounted_as = uploader_class.serialization_column(self.class, mount)
-        uploader = send(:"#{mounted_as}") # rubocop:disable GitlabSecurity/PublicSend
-
-        next unless uploader
-        next unless uploader.exists?
-        next unless send(:"saved_change_to_#{mounted_as}?") # rubocop:disable GitlabSecurity/PublicSend
-
-        mount
-      end.keys
-    end
-
-    included do
-      include AfterCommitQueue
-      after_save do
-        background_upload(changed_mounts)
-      end
-    end
-  end
-
   module Concern
     extend ActiveSupport::Concern
 
@@ -305,10 +267,6 @@ module ObjectStorage
       end
     end
 
-    def schedule_background_upload(*args)
-      # TODO remove this method https://gitlab.com/gitlab-com/gl-infra/scalability/-/issues/1690
-    end
-
     def fog_directory
       self.class.remote_store_path
     end
diff --git a/config/feature_flags/development/enable_environments_search_within_folder.yml b/config/feature_flags/development/enable_environments_search_within_folder.yml
index 91fe42503d8..a03b31ffbfc 100644
--- a/config/feature_flags/development/enable_environments_search_within_folder.yml
+++ b/config/feature_flags/development/enable_environments_search_within_folder.yml
@@ -2,7 +2,7 @@
 name: enable_environments_search_within_folder
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/102227/diffs
 rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/382108
-milestone: '15.6'
+milestone: '15.7'
 type: development
 group: group::release
-default_enabled: false
+default_enabled: true
diff --git a/db/migrate/20221026095133_add_status_updated_at_to_container_repository.rb b/db/migrate/20221026095133_add_status_updated_at_to_container_repository.rb
new file mode 100644
index 00000000000..caf838e8307
--- /dev/null
+++ b/db/migrate/20221026095133_add_status_updated_at_to_container_repository.rb
@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class AddStatusUpdatedAtToContainerRepository < Gitlab::Database::Migration[2.0]
+  def change
+    add_column :container_repositories, :status_updated_at, :datetime_with_timezone
+  end
+end
diff --git a/db/schema_migrations/20221026095133 b/db/schema_migrations/20221026095133
new file mode 100644
index 00000000000..bd5893ed226
--- /dev/null
+++ b/db/schema_migrations/20221026095133
@@ -0,0 +1 @@
+a2a0bc78f8f9012d294d42e90e144a209aa48c0160eedae09a748c1835132ab4
+\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index 33a261fb753..32c1fb5d75d 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -14183,6 +14183,7 @@ CREATE TABLE container_repositories (
     migration_plan text,
     last_cleanup_deleted_tags_count integer,
     delete_started_at timestamp with time zone,
+    status_updated_at timestamp with time zone,
     CONSTRAINT check_05e9012f36 CHECK ((char_length(migration_plan) <= 255)),
     CONSTRAINT check_13c58fe73a CHECK ((char_length(migration_state) <= 255)),
     CONSTRAINT check_97f0249439 CHECK ((char_length(migration_aborted_in_state) <= 255))
diff --git a/doc/administration/audit_events.md b/doc/administration/audit_events.md
index 341a14e5e73..1951ab5e2c7 100644
--- a/doc/administration/audit_events.md
+++ b/doc/administration/audit_events.md
@@ -12,6 +12,8 @@ You can use audit events to track, for example:
 - Who changed the permission level of a particular user for a GitLab project, and when.
 - Who added a new user or removed a user, and when.
 
+Audit events are similar to the [log system](logs/index.md).
+
 The GitLab API, database, and `audit_json.log` record many audit events. Some audit events are only available through
 [streaming audit events](audit_event_streaming.md).
 
@@ -21,6 +23,18 @@ NOTE:
 You can't configure a retention policy for audit events, but epic
 [7917](https://gitlab.com/groups/gitlab-org/-/epics/7917) proposes to change this.
 
+## Time zones
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/242014) in GitLab 15.7, GitLab UI shows dates and times in the user's local time zone instead of UTC.
+
+The time zone used for audit events depends on where you view them:
+
+- In GitLab UI, your local time zone (GitLab 15.7 and later) or UTC (GitLab 15.6 and earlier) is used.
+- The [Audit Events API](../api/audit_events.md) returns dates and times in UTC by default, or the
+  [configured time zone](timezone.md) on a self-managed GitLab instance.
+- In `audit_json.log`, UTC is used.
+- In CSV exports, UTC is used.
+
 ## View audit events
 
 Depending on the events you want to view, at a minimum you must have:
@@ -99,17 +113,14 @@ The first row contains the headers, which are listed in the following table alon
 | **IP Address**       | IP address of the author who performed the action. |
 | **Created At (UTC)** | Formatted as `YYYY-MM-DD HH:MM:SS`.                |
 
-## Time zones
+## View sign-in events **(FREE)**
 
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/242014) in GitLab 15.7, GitLab UI shows dates and times in the user's local time zone instead of UTC.
+Successful sign-in events are the only audit events available at all tiers. To see successful sign-in events:
 
-The time zone used for audit events depends on where you view them:
+1. Select your avatar.
+1. Select **Edit profile > Authentication log**.
 
-- In GitLab UI, your local time zone (GitLab 15.7 and later) or UTC (GitLab 15.6 and earlier) is used.
-- The [Audit Events API](../api/audit_events.md) returns dates and times in UTC by default, or the
-  [configured time zone](timezone.md) on a self-managed GitLab instance.
-- In `audit_json.log`, UTC is used.
-- In CSV exports, UTC is used.
+After upgrading to a paid tier, you can see also see successful sign-in events on audit event pages.
 
 ## Filter audit events
 
@@ -153,7 +164,7 @@ The following actions on groups generate group audit events:
 - Group created or deleted.
 - Group changed visibility.
 - User was added to group and with which [permissions](../user/permissions.md).
-- User sign-in via [Group SAML](../user/group/saml_sso/index.md).
+- User sign-in using [Group SAML](../user/group/saml_sso/index.md).
 - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/8071) in GitLab 14.5, changes to the following
   [group SAML](../user/group/saml_sso/index.md) configuration:
   - Enabled status.
@@ -168,8 +179,8 @@ The following actions on groups generate group audit events:
 - Permissions changes of a user assigned to a group.
 - Removed user from group.
 - Project repository imported into group.
-- [Project shared with group](../user/project/members/share_project_with_groups.md)
-  and with which [permissions](../user/permissions.md).
+- [Project shared with group](../user/project/members/share_project_with_groups.md) and with which
+  [permissions](../user/permissions.md).
 - Removal of a previously shared group with a project.
 - LFS enabled or disabled.
 - Shared runners minutes limit changed.
@@ -177,22 +188,32 @@ The following actions on groups generate group audit events:
 - Request access enabled or disabled.
 - 2FA enforcement or grace period changed.
 - Roles allowed to create project changed.
-- Group CI/CD variable added, removed, or protected status changed. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/30857) in GitLab 13.3.
-- Compliance framework created, updated, or deleted. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/340649) in GitLab 14.5.
-- Event streaming destination created, updated, or deleted. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/344664) in GitLab 14.6.
-- Instance administrator started or stopped impersonation of a group member. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/300961) in GitLab 14.8.
-- Group deploy token was successfully created, revoked, or deleted. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/353452) in GitLab 14.9.
-- Failed attempt to create a group deploy token. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/353452) in GitLab 14.9.
-- [IP restrictions](../user/group/access_and_permissions.md#restrict-access-to-groups-by-ip-address) changed. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/358986) in GitLab 15.0.
+- Group CI/CD variable added, removed, or protected status changed.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/30857) in GitLab 13.3.
+- Compliance framework created, updated, or deleted.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/340649) in GitLab 14.5.
+- Event streaming destination created, updated, or deleted.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/344664) in GitLab 14.6.
+- Instance administrator started or stopped impersonation of a group member.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/300961) in GitLab 14.8.
+- Group deploy token was successfully created, revoked, or deleted.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/353452) in GitLab 14.9.
+- Failed attempt to create a group deploy token. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/353452)
+  in GitLab 14.9.
+- [IP restrictions](../user/group/access_and_permissions.md#restrict-access-to-groups-by-ip-address) changed.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/358986) in GitLab 15.0.
 - Changes to push rules. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/227629) in GitLab 15.0.
-- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/356152) in GitLab 15.1, changes to the following merge request approvals settings:
+- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/356152) in GitLab 15.1, changes to the following merge
+  request approvals settings:
   - Prevent approval by author.
   - Prevent approvals by users who add commits.
   - Prevent editing approval rules in projects and merge requests.
   - Require user password to approve.
   - Remove all approvals when commits are added to the source branch.
-- Changes to streaming audit destination custom HTTP headers. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/366350) in GitLab 15.3.
-- Group had a security policy project linked, changed, or unlinked. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/377877) in GitLab 15.6)
+- Changes to streaming audit destination custom HTTP headers.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/366350) in GitLab 15.3.
+- Group had a security policy project linked, changed, or unlinked.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/377877) in GitLab 15.6.
 
 ### Project events
 
@@ -211,49 +232,83 @@ The following actions on projects generate project audit events:
 - Added, removed, or updated protected branches
 - Release was added to a project
 - Release was updated
-- Release was deleted ([introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/94793/) in GitLab 15.3)
+- Release was deleted. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/94793/) in GitLab 15.3.
 - Release milestone associations changed
-- Permission to approve merge requests by committers was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7531) in GitLab 12.9)
+- Permission to approve merge requests by committers was updated.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7531) in GitLab 12.9.
 - Permission to approve merge requests by committers was updated.
   - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7531) in GitLab 12.9.
   - Message for event [changed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/72623/diffs) in GitLab 14.6.
-
-- Permission to approve merge requests by authors was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7531) in GitLab 12.9)
-- Number of required approvals was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7531) in GitLab 12.9)
-- Added or removed users and groups from project approval groups ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/213603) in GitLab 13.2)
-- Project CI/CD variable added, removed, or protected status changed ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/30857) in GitLab 13.4)
-- Project access token was successfully created or revoked ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/230007) in GitLab 13.9)
-- Failed attempt to create or revoke a project access token ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/230007) in GitLab 13.9)
-- When default branch changes for a project ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/52339) in GitLab 13.9)
-- Created, updated, or deleted DAST profiles, DAST scanner profiles, and DAST site profiles
-  ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/217872) in GitLab 14.1)
-- Changed a project's compliance framework ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/329362) in GitLab 14.1)
-- User password required for approvals was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/336211) in GitLab 14.2)
-- Permission to modify merge requests approval rules in merge requests was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/336211) in GitLab 14.2)
-- New approvals requirement when new commits are added to an MR was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/336211) in GitLab 14.2)
-- When [strategies for feature flags](../operations/feature_flags.md#feature-flag-strategies) are changed ([introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68408) in GitLab 14.3)
-- Allowing force push to protected branch changed ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/338873) in GitLab 14.3)
-- Code owner approval requirement on merge requests targeting protected branch changed ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/338873) in GitLab 14.3)
-- Users and groups allowed to merge and push to protected branch added or removed ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/338873) in GitLab 14.3)
-- Project deploy token was successfully created, revoked or deleted ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/353451) in GitLab 14.9)
-- Failed attempt to create a project deploy token ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/353451) in GitLab 14.9)
-- When merge method is updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9)
-- Merged results pipelines enabled or disabled ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9)
-- Merge trains enabled or disabled ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9)
-- Automatically resolve merge request diff discussions enabled or disabled ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9)
-- Show link to create or view a merge request when pushing from the command line enabled or disabled ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9)
-- Delete source branch option by default enabled or disabled ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9)
-- Squash commits when merging is updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9)
-- Pipelines must succeed enabled or disabled ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9)
-- Skipped pipelines are considered successful enabled or disabled ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9)
-- All discussions must be resolved enabled or disabled ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9)
-- Commit message suggestion is updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9)
-- Status check is added, edited, or deleted ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/355805) in GitLab 15.0)
-- Merge commit message template is updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/355805) in GitLab 15.0)
-- Squash commit message template is updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/355805) in GitLab 15.0)
-- Default description template for merge requests is updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/355805) in GitLab 15.0)
-- Project was scheduled for deletion due to inactivity ([introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/85689) in GitLab 15.0)
-- Project had a security policy project linked, changed, or unlinked ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/377877) in GitLab 15.6)
+- Permission to approve merge requests by authors was updated.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7531) in GitLab 12.9.
+- Number of required approvals was updated.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7531) in GitLab 12.9.
+- Added or removed users and groups from project approval groups.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/213603) in GitLab 13.2.
+- Project CI/CD variable added, removed, or protected status changed.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/30857) in GitLab 13.4.
+- Project access token was successfully created or revoked.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/230007) in GitLab 13.9.
+- Failed attempt to create or revoke a project access token.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/230007) in GitLab 13.9.
+- When default branch changes for a project.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/52339) in GitLab 13.9.
+- Created, updated, or deleted DAST profiles, DAST scanner profiles, and DAST site profiles.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/217872) in GitLab 14.1.
+- Changed a project's compliance framework.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/329362) in GitLab 14.1.
+- User password required for approvals was updated.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/336211) in GitLab 14.2.
+- Permission to modify merge requests approval rules in merge requests was updated.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/336211) in GitLab 14.2.
+- New approvals requirement when new commits are added to an MR was updated.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/336211) in GitLab 14.2.
+- When [strategies for feature flags](../operations/feature_flags.md#feature-flag-strategies) are changed.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68408) in GitLab 14.3.
+- Allowing force push to protected branch changed.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/338873) in GitLab 14.3.
+- Code owner approval requirement on merge requests targeting protected branch changed.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/338873) in GitLab 14.3.
+- Users and groups allowed to merge and push to protected branch added or removed.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/338873) in GitLab 14.3.
+- Project deploy token was successfully created, revoked or deleted.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/353451) in GitLab 14.9.
+- Failed attempt to create a project deploy token.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/353451) in GitLab 14.9.
+- When merge method is updated.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9.
+- Merged results pipelines enabled or disabled.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9.
+- Merge trains enabled or disabled.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9.
+- Automatically resolve merge request diff discussions enabled or disabled.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9.
+- Show link to create or view a merge request when pushing from the command line enabled or disabled.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9.
+- Delete source branch option by default enabled or disabled.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9.
+- Squash commits when merging is updated.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9.
+- Pipelines must succeed enabled or disabled.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9.
+- Skipped pipelines are considered successful enabled or disabled.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9.
+- All discussions must be resolved enabled or disabled.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9.
+- Commit message suggestion is updated.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/301124) in GitLab 14.9.
+- Status check is added, edited, or deleted.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/355805) in GitLab 15.0.
+- Merge commit message template is updated.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/355805) in GitLab 15.0.
+- Squash commit message template is updated.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/355805) in GitLab 15.0.
+- Default description template for merge requests is updated.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/355805) in GitLab 15.0.
+- Project was scheduled for deletion due to inactivity.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/85689) in GitLab 15.0.
+- Project had a security policy project linked, changed, or unlinked.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/377877) in GitLab 15.6.
 
 ### Instance events **(PREMIUM SELF)**
 
@@ -267,66 +322,47 @@ The following user actions on a GitLab instance generate instance audit events:
 - Ask for password reset
 - Grant OAuth access
 - Started or stopped user impersonation
-- Changed username ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7797) in GitLab 12.8)
-- User was deleted ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/251) in GitLab 12.8)
-- User was added ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/251) in GitLab 12.8)
-- User requests access to an instance ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/298783) in GitLab 13.9)
-- User was approved via Admin Area ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/276250) in GitLab 13.6)
-- User was rejected via Admin Area ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/298783) in GitLab 13.9)
-- User was blocked via Admin Area ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/251) in GitLab 12.8)
-- User was blocked via API ([introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/25872) in GitLab 12.9)
-- Failed second-factor authentication attempt ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/16826) in GitLab 13.5)
-- A user's personal access token was successfully created or revoked ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/276921) in GitLab 13.6)
-- A failed attempt to create or revoke a user's personal access token ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/276921) in GitLab 13.6)
-- Administrator added or removed ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/323905) in GitLab 14.1)
-- Removed SSH key ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/220127) in GitLab 14.1)
-- Added or removed GPG key ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/220127) in GitLab 14.1)
-- A user's two-factor authentication was disabled ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/238177) in GitLab 15.1)
-- Enabled Admin Mode ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/362101) in GitLab 15.7)
-
-Instance events can also be accessed via the [Instance Audit Events API](../api/audit_events.md#instance-audit-events).
-
-### Sign-in events **(FREE)**
-
-Successful sign-in events are the only Audit Events available at all tiers. To see
-successful sign-in events:
-
-1. Select your avatar.
-1. Select **Edit profile > Authentication log**.
-
-After upgrading from GitLab Free to a paid tier, successful sign-in events are the only Audit
-Events visible in Audit Events views until more events are logged.
-
-### "Deleted User" events
-
-Audit events can be created for a user after the user is deleted. The user name associated with the event is set to
-"Deleted User" because the actual user name is unknowable. For example, if a deleted user's access to a project is
-removed automatically due to expiration, the audit event is created for "Deleted User". We are [investigating](https://gitlab.com/gitlab-org/gitlab/-/issues/343933)
-whether this is avoidable.
-
-### Missing events
-
-Some events are not tracked in audit events. See the following
-epics for more detail on which events are not being tracked, and our progress
-on adding these events into GitLab:
-
-- [Project settings and activity](https://gitlab.com/groups/gitlab-org/-/epics/474)
-- [Group settings and activity](https://gitlab.com/groups/gitlab-org/-/epics/475)
-- [Instance-level settings and activity](https://gitlab.com/groups/gitlab-org/-/epics/476)
-
-Don't see the event you want in any of the epics linked above? You can either:
+- Changed username. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7797) in GitLab 12.8.
+- User was deleted. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/251) in GitLab 12.8.
+- User was added. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/251) in GitLab 12.8.
+- User requests access to an instance. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/298783) in GitLab 13.9.
+- User was approved using the Admin Area. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/276250) in GitLab 13.6.
+- User was rejected using the Admin Area. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/298783) in GitLab 13.9.
+- User was blocked using the Admin Area. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/251) in GitLab 12.8.
+- User was blocked using the API. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/25872) in GitLab 12.9.
+- Failed second-factor authentication attempt. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/16826) in
+  GitLab 13.5.
+- A user's personal access token was successfully created or revoked.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/276921) in GitLab 13.6.
+- A failed attempt to create or revoke a user's personal access token.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/276921) in GitLab 13.6.
+- Administrator added or removed. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/323905) in GitLab 14.1.
+- Removed SSH key. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/220127) in GitLab 14.1.
+- Added or removed GPG key. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/220127) in GitLab 14.1.
+- A user's two-factor authentication was disabled. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/238177) in
+  GitLab 15.1.
+- Enabled Admin Mode. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/362101) in GitLab 15.7.
+
+Instance events can also be accessed using the [Instance Audit Events API](../api/audit_events.md#instance-audit-events).
+
+## "Deleted User" events
+
+Audit events created after users are deleted are created for "Deleted User". For example, if a deleted user's access to
+a project is removed automatically due to expiration.
+
+Issue [343933](https://gitlab.com/gitlab-org/gitlab/-/issues/343933) proposes to change this behavior.
+
+## Unsupported events
+
+Some events are not tracked in audit events. The following epics propose support for more events:
+
+- [Project settings and activity](https://gitlab.com/groups/gitlab-org/-/epics/474).
+- [Group settings and activity](https://gitlab.com/groups/gitlab-org/-/epics/475).
+- [Instance-level settings and activity](https://gitlab.com/groups/gitlab-org/-/epics/476).
+
+If you don't see the event you want in any of the epics, you can either:
 
 - Use the **Audit Event Proposal** issue template to
   [create an issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new?issuable_template=Audit%20Event%20Proposal) to
   request it.
 - [Add it yourself](../development/audit_event_guide/index.md).
-
-### Removed events
-
-> - Repositories push events was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/337993) in GitLab 14.3.
-> - Repositories push events was [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/337993) in GitLab 15.0.
-
-The repositories push events feature was:
-
-- [Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/337993) in GitLab 14.3.
-- [Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/337993) in GitLab 15.0.
diff --git a/doc/administration/logs/index.md b/doc/administration/logs/index.md
index 65b45639a41..53661c202e1 100644
--- a/doc/administration/logs/index.md
+++ b/doc/administration/logs/index.md
@@ -6,9 +6,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 # Log system **(FREE SELF)**
 
-GitLab has an advanced log system where everything is logged, so you
-can analyze your instance using various system log files. In addition to
-system log files, GitLab Enterprise Edition provides [Audit Events](../audit_events.md).
+GitLab has an advanced log system where everything is logged, so you can analyze your instance using various system log
+files. The log system is similar to [audit events](../audit_events.md).
 
 System log files are typically plain text in a standard log file format.
 This guide talks about how to read and use these system log files.
diff --git a/doc/ci/environments/index.md b/doc/ci/environments/index.md
index 749ac60c783..a7db348b27f 100644
--- a/doc/ci/environments/index.md
+++ b/doc/ci/environments/index.md
@@ -46,7 +46,7 @@ Deployments show up in this list only after a deployment job has created them.
 ## Search environments
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10754) in GitLab 15.5.
-> - [Searching environments within a folder](https://gitlab.com/gitlab-org/gitlab/-/issues/373850) was introduced in GitLab 15.7 with [Feature flag `enable_environments_search_within_folder`](https://gitlab.com/gitlab-org/gitlab/-/issues/382108). Disabled by default.
+> - [Searching environments within a folder](https://gitlab.com/gitlab-org/gitlab/-/issues/373850) was introduced in GitLab 15.7 with [Feature flag `enable_environments_search_within_folder`](https://gitlab.com/gitlab-org/gitlab/-/issues/382108). Enabled by default.
 
 To search environments by name:
 
diff --git a/doc/subscriptions/gitlab_com/index.md b/doc/subscriptions/gitlab_com/index.md
index 092b0dd0077..bf4c3231ac0 100644
--- a/doc/subscriptions/gitlab_com/index.md
+++ b/doc/subscriptions/gitlab_com/index.md
@@ -78,7 +78,7 @@ A top-level group can be [changed](../../user/group/manage.md#change-a-groups-pa
 Every user is included in seat usage, with the following exceptions:
 
 - Users who are pending approval.
-- Members with the Guest role on an Ultimate subscription.
+- Members with the [Guest role on an Ultimate subscription](#free-guest-users).
 - GitLab-created service accounts:
   - [Ghost User](../../user/profile/account/delete_account.md#associated-records).
   - Bots such as:
@@ -160,6 +160,16 @@ For example, if you purchase a subscription for 10 users:
 
 Seats owed = 12 - 10 (Maximum users - users in subscription)
 
+### Free Guest users **(ULTIMATE)**
+
+In the **Ultimate** tier, users who are assigned the Guest role do not consume a seat.
+The user must not be assigned any other role, anywhere in the instance.
+
+- If your project is private or internal, a user with the Guest role has
+  [a set of permissions](../../user/permissions.md#project-members-permissions).
+- If your project is public, all users, including those with the Guest role
+  can access your project.
+
 ### Add users to your subscription
 
 Your subscription cost is based on the maximum number of seats you use during the billing period.
diff --git a/doc/subscriptions/self_managed/index.md b/doc/subscriptions/self_managed/index.md
index c4110fe4638..8dcec9263cc 100644
--- a/doc/subscriptions/self_managed/index.md
+++ b/doc/subscriptions/self_managed/index.md
@@ -63,7 +63,7 @@ billable user, with the following exceptions:
   [blocked users](../../user/admin_area/moderate_users.md#block-a-user) don't count as billable users in the current subscription. When they are either deactivated or blocked they release a _billable user_ seat. However, they may
   count toward overages in the subscribed seat count.
 - Users who are [pending approval](../../user/admin_area/moderate_users.md#users-pending-approval).
-- Members with the Guest role on an Ultimate subscription.
+- Members with the [Guest role on an Ultimate subscription](#free-guest-users).
 - Users without project or group memberships on an Ultimate subscription.
 - GitLab-created service accounts:
   - [Ghost User](../../user/profile/account/delete_account.md#associated-records).
@@ -97,6 +97,21 @@ If you add more users to your GitLab instance than you are licensed for, payment
 
 If you do not add these users during the renewal process, your license key will not work.
 
+#### Free Guest users **(ULTIMATE)**
+
+In the **Ultimate** tier, users who are assigned the Guest role do not consume a seat.
+The user must not be assigned any other role, anywhere in the instance.
+
+- If your project is private or internal, a user with the Guest role has
+  [a set of permissions](../../user/permissions.md#project-members-permissions).
+- If your project is public, all users, including those with the Guest role
+  can access your project.
+
+NOTE:
+If a user creates a project, they are assigned the Maintainer or Owner role.
+To prevent a user from creating projects, as an administrator, you can mark the user
+as [external](../../user/permissions.md#external-users).
+
 ### Tips for managing users and subscription seats
 
 Managing the number of users against the number of subscription seats can be a challenge:
diff --git a/doc/user/permissions.md b/doc/user/permissions.md
index ea4d1e374fb..0d13ad1a1a1 100644
--- a/doc/user/permissions.md
+++ b/doc/user/permissions.md
@@ -12,9 +12,6 @@ The role determines which actions they can take in GitLab.
 If you add a user to both a project's group and the
 project itself, the higher role is used.
 
-On [public and internal projects](../api/projects.md#project-visibility-level), the Guest role
-(not to be confused with [Guest user](#free-guest-users)) is not enforced.
-
 When a member leaves a team's project, all the assigned [issues](project/issues/index.md) and
 [merge requests](project/merge_requests/index.md) are automatically unassigned.
 
@@ -27,7 +24,7 @@ To add or import a user, you can follow the
 
 The available roles are:
 
-- Guest
+- Guest (This role applies to [private and internal projects](../user/public_access.md) only.)
 - Reporter
 - Developer
 - Maintainer
@@ -548,27 +545,6 @@ WARNING:
 Be aware that this regex could lead to a
 [regular expression denial of service (ReDoS) attack](https://en.wikipedia.org/wiki/ReDoS).
 
-## Free Guest users **(ULTIMATE)**
-
-When a user is given the Guest role on a project, group, or both, and holds no
-higher permission level on any other project or group on the GitLab instance,
-the user is considered a guest user by GitLab and does not consume a license seat.
-There is no other specific "guest" designation for newly created users.
-
-If the user is assigned a higher role on any projects or groups, the user
-takes a license seat. If a user creates a project, the user becomes a Maintainer
-on the project, resulting in the use of a license seat. Also, note that if your
-project is internal or private, Guest users have all the abilities that are
-mentioned in the [permissions table above](#project-members-permissions) (they
-are unable to browse the project's repository, for example).
-
-NOTE:
-To prevent a guest user from creating projects, as an administrator, you can edit the
-user's profile to mark the user as [external](#external-users).
-Beware though that even if a user is external, if they already have Reporter or
-higher permissions in any project or group, they are **not** counted as a
-free guest user.
-
 ## Auditor users **(PREMIUM SELF)**
 
 Auditor users are given read-only access to all projects, groups, and other
diff --git a/doc/user/profile/account/delete_account.md b/doc/user/profile/account/delete_account.md
index 5e2908a26e1..18b4e53fb31 100644
--- a/doc/user/profile/account/delete_account.md
+++ b/doc/user/profile/account/delete_account.md
@@ -56,6 +56,7 @@ When deleting users, you can either:
   - Issues.
   - Merge requests.
   - Notes and comments.
+  - Releases.
   - Personal access tokens.
   - Snippets.
 
diff --git a/doc/user/project/integrations/gitlab_slack_application.md b/doc/user/project/integrations/gitlab_slack_application.md
index 1883f54949e..50b52421a5a 100644
--- a/doc/user/project/integrations/gitlab_slack_application.md
+++ b/doc/user/project/integrations/gitlab_slack_application.md
@@ -38,10 +38,10 @@ To enable the GitLab integration for your Slack workspace:
 
 1. Go to your project's **Settings > Integration > GitLab for Slack app** (only
    visible on GitLab.com).
-1. Select **Install Slack app**.
+1. Select **Install GitLab for Slack app**.
 1. Select **Allow** on Slack's confirmation screen.
 
-You can also select **Reinstall Slack app** to update the app in your Slack workspace
+You can also select **Reinstall GitLab for Slack app** to update the app in your Slack workspace
 to the latest version. See [Version history](#version-history) for details.
 
 ## Create a project alias for Slack
@@ -91,7 +91,7 @@ As a workaround, ensure your app is up to date.
 To update an existing Slack integration:
 
 1. Go to your [chat settings](https://gitlab.com/-/profile/chat_names).
-1. Next to your project, select **Slack application**.
-1. Select **Reinstall Slack app**.
+1. Next to your project, select **GitLab for Slack app**.
+1. Select **Reinstall GitLab for Slack app**.
 
 Alternatively, you can [configure a new Slack integration](https://about.gitlab.com/solutions/slack/).
diff --git a/lib/api/release/links.rb b/lib/api/release/links.rb
index c72f90dfdf3..0e83d086a6e 100644
--- a/lib/api/release/links.rb
+++ b/lib/api/release/links.rb
@@ -10,13 +10,13 @@ module API
       RELEASE_ENDPOINT_REQUIREMENTS = API::NAMESPACE_OR_PROJECT_REQUIREMENTS
         .merge(tag_name: API::NO_SLASH_URL_PART_REGEX)
 
-      before { authorize! :read_release, user_project }
+      after_validation { authorize! :read_release, user_project }
 
       feature_category :release_orchestration
       urgency :low
 
       params do
-        requires :id, type: [String, Integer], desc: 'The ID or URL-encoded path of the project'
+        requires :id, types: [String, Integer], desc: 'The ID or URL-encoded path of the project'
       end
       resource 'projects/:id', requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
         params do
diff --git a/lib/api/rubygem_packages.rb b/lib/api/rubygem_packages.rb
index c2665c78c60..af0ceb1acfc 100644
--- a/lib/api/rubygem_packages.rb
+++ b/lib/api/rubygem_packages.rb
@@ -28,11 +28,14 @@ module API
     before do
       require_packages_enabled!
       authenticate_non_get!
+    end
+
+    after_validation do
       not_found! unless Feature.enabled?(:rubygem_packages, user_project)
     end
 
     params do
-      requires :id, type: [Integer, String], desc: 'The ID or full path of a project'
+      requires :id, types: [Integer, String], desc: 'The ID or URL-encoded path of the project'
     end
     resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
       namespace ':id/packages/rubygems' do
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 2317d81bc63..31afdb16aba 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -35980,6 +35980,9 @@ msgstr ""
 msgid "ScanResultPolicy|%{ifLabelStart}if%{ifLabelEnd} %{scanners} find(s) more than %{vulnerabilitiesAllowed} %{severities} %{vulnerabilityStates} vulnerabilities in an open merge request targeting %{branches}"
 msgstr ""
 
+msgid "ScanResultPolicy|%{ifLabelStart}if%{ifLabelEnd} %{selector}"
+msgstr ""
+
 msgid "ScanResultPolicy|%{thenLabelStart}Then%{thenLabelEnd} Require approval from %{approvalsRequired} of the following approvers:"
 msgstr ""
 
@@ -36680,6 +36683,9 @@ msgstr ""
 msgid "SecurityOrchestration|Latest scan run against %{agent}"
 msgstr ""
 
+msgid "SecurityOrchestration|License Scan"
+msgstr ""
+
 msgid "SecurityOrchestration|New policy"
 msgstr ""
 
@@ -36791,6 +36797,9 @@ msgstr ""
 msgid "SecurityOrchestration|Security Approvals"
 msgstr ""
 
+msgid "SecurityOrchestration|Security Scan"
+msgstr ""
+
 msgid "SecurityOrchestration|Security policy project was linked successfully"
 msgstr ""
 
@@ -36806,6 +36815,9 @@ msgstr ""
 msgid "SecurityOrchestration|Select policy"
 msgstr ""
 
+msgid "SecurityOrchestration|Select scan type"
+msgstr ""
+
 msgid "SecurityOrchestration|Select security project"
 msgstr ""
 
@@ -38379,7 +38391,7 @@ msgstr ""
 msgid "Slack logo"
 msgstr ""
 
-msgid "SlackIntegration|Are you sure you want to remove this project from the Slack application?"
+msgid "SlackIntegration|Are you sure you want to remove this project from the GitLab for Slack app?"
 msgstr ""
 
 msgid "SlackIntegration|Client ID"
@@ -38394,7 +38406,7 @@ msgstr ""
 msgid "SlackIntegration|GitLab for Slack was successfully installed."
 msgstr ""
 
-msgid "SlackIntegration|Install Slack app"
+msgid "SlackIntegration|Install GitLab for Slack app"
 msgstr ""
 
 msgid "SlackIntegration|Notifications only work if you're on the latest version of the GitLab for Slack app"
@@ -38403,7 +38415,7 @@ msgstr ""
 msgid "SlackIntegration|Project alias"
 msgstr ""
 
-msgid "SlackIntegration|Reinstall Slack app"
+msgid "SlackIntegration|Reinstall GitLab for Slack app"
 msgstr ""
 
 msgid "SlackIntegration|Remove project"
@@ -38436,7 +38448,7 @@ msgstr ""
 msgid "SlackIntegration|You can now close this window and go to your Slack workspace."
 msgstr ""
 
-msgid "SlackIntegration|You may need to reinstall the Slack application when we %{linkStart}make updates or change permissions%{linkEnd}."
+msgid "SlackIntegration|You may need to reinstall the GitLab for Slack app when we %{linkStart}make updates or change permissions%{linkEnd}."
 msgstr ""
 
 msgid "SlackService|1. %{slash_command_link_start}Add a slash command%{slash_command_link_end} in your Slack team using this information:"
diff --git a/qa/qa/resource/user.rb b/qa/qa/resource/user.rb
index c8babbc0b16..56ab60466c4 100644
--- a/qa/qa/resource/user.rb
+++ b/qa/qa/resource/user.rb
@@ -155,7 +155,7 @@ module QA
       end
 
       def self.fabricate_or_use(username = nil, password = nil)
-        if Runtime::Env.signup_disabled? || !QA::Support::FIPS.enabled?
+        if Runtime::Env.signup_disabled? && !QA::Support::FIPS.enabled?
           fabricate_via_api! do |user|
             user.username = username
             user.password = password
diff --git a/qa/spec/resource/user_spec.rb b/qa/spec/resource/user_spec.rb
index d1fc02ff033..6b26ec999fa 100644
--- a/qa/spec/resource/user_spec.rb
+++ b/qa/spec/resource/user_spec.rb
@@ -143,4 +143,25 @@ RSpec.describe QA::Resource::User do
       end
     end
   end
+
+  describe '#fabricate_or_use' do
+    # Signup Disabled, FIPS enabled, method used, method that is not used
+    [
+      [true,  false, :fabricate_via_api!, :fabricate!],
+      [false, false, :fabricate!, :fabricate_via_api!],
+      [false, true,  :fabricate!, :fabricate_via_api!],
+      [true,  true,  :fabricate!, :fabricate_via_api!]
+    ].each do |signup_disabled, fips_enabled, method_used, method_not_used|
+      it "when signup_disabled is #{signup_disabled}, fips_enabled is #{fips_enabled}, "\
+         "calls #{method_used}, does not call #{method_not_used}" do
+        allow(QA::Runtime::Env).to receive(:signup_disabled?).and_return(signup_disabled)
+        allow(QA::Support::FIPS).to receive(:enabled?).and_return(fips_enabled)
+
+        expect(described_class).to receive(method_used)
+        expect(described_class).not_to receive(method_not_used)
+
+        described_class.fabricate_or_use
+      end
+    end
+  end
 end
diff --git a/spec/models/container_repository_spec.rb b/spec/models/container_repository_spec.rb
index 9af53bae204..51b0c9495e8 100644
--- a/spec/models/container_repository_spec.rb
+++ b/spec/models/container_repository_spec.rb
@@ -879,10 +879,11 @@ RSpec.describe ContainerRepository, :aggregate_failures do
     it 'updates deletion status attributes' do
       expect { subject }.to change(repository, :status).from(nil).to('delete_ongoing')
                               .and change(repository, :delete_started_at).from(nil).to(Time.zone.now)
+                              .and change(repository, :status_updated_at).from(nil).to(Time.zone.now)
     end
   end
 
-  describe '#set_delete_scheduled_status' do
+  describe '#set_delete_scheduled_status', :freeze_time do
     let_it_be(:repository) { create(:container_repository, :status_delete_ongoing, delete_started_at: 3.minutes.ago) }
 
     subject { repository.set_delete_scheduled_status }
@@ -890,6 +891,27 @@ RSpec.describe ContainerRepository, :aggregate_failures do
     it 'updates delete attributes' do
       expect { subject }.to change(repository, :status).from('delete_ongoing').to('delete_scheduled')
                               .and change(repository, :delete_started_at).to(nil)
+                              .and change(repository, :status_updated_at).to(Time.zone.now)
+    end
+  end
+
+  describe '#status_updated_at', :freeze_time do
+    let_it_be_with_reload(:repository) { create(:container_repository) }
+
+    %i[delete_scheduled delete_ongoing delete_failed].each do |status|
+      context "when status is updated to #{status}" do
+        it 'updates status_changed_at' do
+          expect { repository.update!(status: status) }.to change(repository, :status_updated_at).from(nil).to(Time.zone.now)
+        end
+      end
+    end
+
+    context 'when status is not changed' do
+      it 'does not update status_changed_at' do
+        repository.name = 'different-image'
+
+        expect { repository.save! }.not_to change(repository, :status_updated_at)
+      end
     end
   end
 
diff --git a/spec/models/lfs_object_spec.rb b/spec/models/lfs_object_spec.rb
index aedbea3cd26..e38ffd97eb9 100644
--- a/spec/models/lfs_object_spec.rb
+++ b/spec/models/lfs_object_spec.rb
@@ -92,7 +92,7 @@ RSpec.describe LfsObject do
     end
   end
 
-  describe '#schedule_background_upload' do
+  describe 'storage types' do
     before do
       stub_lfs_setting(enabled: true)
     end
diff --git a/spec/services/users/migrate_records_to_ghost_user_service_spec.rb b/spec/services/users/migrate_records_to_ghost_user_service_spec.rb
index 6082c7bd10e..d7b137d5fc8 100644
--- a/spec/services/users/migrate_records_to_ghost_user_service_spec.rb
+++ b/spec/services/users/migrate_records_to_ghost_user_service_spec.rb
@@ -125,6 +125,12 @@ RSpec.describe Users::MigrateRecordsToGhostUserService do
         let(:created_record) { create(:review, author: user) }
       end
     end
+
+    context 'for releases' do
+      include_examples 'migrating records to the ghost user', Release, [:author] do
+        let(:created_record) { create(:release, author: user) }
+      end
+    end
   end
 
   context 'on post-migrate cleanups' do
diff --git a/spec/support/rspec_order_todo.yml b/spec/support/rspec_order_todo.yml
index d2367f93d41..92a26a6504e 100644
--- a/spec/support/rspec_order_todo.yml
+++ b/spec/support/rspec_order_todo.yml
@@ -10420,7 +10420,6 @@
 - './spec/uploaders/records_uploads_spec.rb'
 - './spec/uploaders/terraform/state_uploader_spec.rb'
 - './spec/uploaders/uploader_helper_spec.rb'
-- './spec/uploaders/workers/object_storage/background_move_worker_spec.rb'
 - './spec/uploaders/workers/object_storage/migrate_uploads_worker_spec.rb'
 - './spec/validators/addressable_url_validator_spec.rb'
 - './spec/validators/any_field_validator_spec.rb'
diff --git a/spec/uploaders/file_mover_spec.rb b/spec/uploaders/file_mover_spec.rb
index 3b8c6f6f881..13a5a7e0549 100644
--- a/spec/uploaders/file_mover_spec.rb
+++ b/spec/uploaders/file_mover_spec.rb
@@ -57,12 +57,6 @@ RSpec.describe FileMover do
             .to change { tmp_upload.reload.attributes.values_at('model_id', 'model_type') }
             .from([user.id, 'User']).to([snippet.id, 'Snippet'])
         end
-
-        it 'schedules a background migration' do
-          expect_any_instance_of(PersonalFileUploader).to receive(:schedule_background_upload).once
-
-          subject
-        end
       end
 
       context 'when update_markdown fails' do
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-11-30 12:07:06 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-11-30 12:07:06 +0000
commit	7aa22e9a103b049dd2da70045a5822c51164f7db (patch)
tree	f741dded2bd2965e9e9b7ce4c680e2ddaf0aa3d3
parent	5c229c2ebe3304a58afd1d40418410a8c3723ea5 (diff)
download	gitlab-ce-7aa22e9a103b049dd2da70045a5822c51164f7db.tar.gz