Add latest changes from gitlab-org/gitlab@master

3 files changed, 30 insertions, 5 deletions

diff --git a/doc/api/epics.md b/doc/api/epics.md
index 675b88649e0..d6b22c3dc54 100644
--- a/doc/api/epics.md
+++ b/doc/api/epics.md
@@ -49,6 +49,8 @@ GET /groups/:id/epics?state=opened
 | `created_before`    | datetime         | no         | Return epics created on or before the given time                                                                            |
 | `updated_after`     | datetime         | no         | Return epics updated on or after the given time                                                                             |
 | `updated_before`    | datetime         | no         | Return epics updated on or before the given time                                                                            |
+| `include_ancestor_groups` | boolean    | no         | Include epics from the requested group's ancestors. Default is `false`                                                      |
+| `include_descendant_groups` | boolean  | no         | Include epics from the requested group's descendants. Default is `true`                                                     |
 
 ```bash
 curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/1/epics
diff --git a/doc/user/application_security/container_scanning/index.md b/doc/user/application_security/container_scanning/index.md
index c3f80c6a0fd..cb802612b56 100644
--- a/doc/user/application_security/container_scanning/index.md
+++ b/doc/user/application_security/container_scanning/index.md
@@ -11,7 +11,7 @@ in [GitLab Ultimate](https://about.gitlab.com/pricing/) 10.4.
 
 If you are using [GitLab CI/CD](../../../ci/README.md), you can check your Docker
 images (or more precisely the containers) for known vulnerabilities by using
-[Clair](https://github.com/coreos/clair) and [clair-scanner](https://github.com/arminc/clair-scanner),
+[Clair](https://github.com/coreos/clair) and [klar](https://github.com/optiopay/klar),
 two open source tools for Vulnerability Static Analysis for containers.
 
 You can take advantage of Container Scanning by either [including the CI job](#configuration) in
@@ -90,10 +90,6 @@ artifact available. Behind the scenes, the
 [GitLab Container Scanning analyzer](https://gitlab.com/gitlab-org/security-products/container-scanning)
 is used and runs the scans.
 
-If you want to whitelist some specific vulnerabilities, you can do so by defining
-them in a YAML file named `clair-whitelist.yml`. Read more in the
-[Clair documentation](https://github.com/arminc/clair-scanner/blob/master/README.md#example-whitelist-yaml-file).
-
 ## Example
 
 The following is a sample `.gitlab-ci.yml` that will build your Docker Image, push it to the container registry and run Container Scanning.
@@ -124,6 +120,31 @@ build:
     - docker push $IMAGE
 ```
 
+## Vulnerability Whitelisting
+
+If you want to whitelist specific vulnerabilities, you'll need to:
+
+   1. Set `GIT_STRATEGY: fetch` in your `.gitlab-ci.yml` file by following the instructions described in the
+   [overriding the Container Scanning template](#overriding-the-container-scanning-template) section of this document.
+   1. Define the whitelisted vulnerabilities in a YAML file named `clair-whitelist.yml` which must use the format described
+   in the [following whitelist example file](https://github.com/arminc/clair-scanner/blob/v12/example-whitelist.yaml).
+   1. Add the `clair-whitelist.yml` file to the git repository of your project
+
+### Overriding the Container Scanning template
+
+If you want to override the job definition (for example, change properties like
+`variables`), you need to declare a `container_scanning` job after the
+template inclusion and specify any additional keys under it. For example:
+
+```yaml
+include:
+  - template: Container-Scanning.gitlab-ci.yml
+
+container_scanning:
+  variables:
+    GIT_STRATEGY: fetch
+```
+
 ## Security Dashboard
 
 The Security Dashboard is a good place to get an overview of all the security
diff --git a/doc/user/project/operations/feature_flags.md b/doc/user/project/operations/feature_flags.md
index 39ca1bd0c77..1c9157b0f67 100644
--- a/doc/user/project/operations/feature_flags.md
+++ b/doc/user/project/operations/feature_flags.md
@@ -120,6 +120,8 @@ A feature flag may be enabled for a list of target users. It is implemented
 using the Unleash [`userWithId`](https://unleash.github.io/docs/activation_strategy#userwithid)
 activation strategy.
 
+The feature will always be enabled for all users in the list across all environments even if the matching environment spec **Status** is disabled.
+
 ![Feature flag target users](img/target_users_v12_2.png)
 
 CAUTION: **Caution:**