New upstream version 12.6.4
This commit is contained in:
parent
b4802bbd4a
commit
54d8419492
4 changed files with 23 additions and 6 deletions
|
@ -2,9 +2,15 @@
|
||||||
documentation](doc/development/changelog.md) for instructions on adding your own
|
documentation](doc/development/changelog.md) for instructions on adding your own
|
||||||
entry.
|
entry.
|
||||||
|
|
||||||
|
## 12.6.4
|
||||||
|
|
||||||
|
### Security (1 change)
|
||||||
|
|
||||||
|
- Fix private objects exposure when using Project Import functionality.
|
||||||
|
|
||||||
|
|
||||||
## 12.6.3
|
## 12.6.3
|
||||||
|
|
||||||
- No changes.
|
|
||||||
### Security (1 change)
|
### Security (1 change)
|
||||||
|
|
||||||
- Upgrade json-jwt to v1.11.0. !22440
|
- Upgrade json-jwt to v1.11.0. !22440
|
||||||
|
|
2
VERSION
2
VERSION
|
@ -1 +1 @@
|
||||||
12.6.3
|
12.6.4
|
||||||
|
|
|
@ -3,8 +3,8 @@
|
||||||
module Gitlab
|
module Gitlab
|
||||||
module ImportExport
|
module ImportExport
|
||||||
class AttributeCleaner
|
class AttributeCleaner
|
||||||
ALLOWED_REFERENCES = RelationFactory::PROJECT_REFERENCES + RelationFactory::USER_REFERENCES + %w[group_id commit_id discussion_id]
|
ALLOWED_REFERENCES = RelationFactory::PROJECT_REFERENCES + RelationFactory::USER_REFERENCES + %w[group_id commit_id discussion_id custom_attributes]
|
||||||
PROHIBITED_REFERENCES = Regexp.union(/\Acached_markdown_version\Z/, /_id\Z/, /_ids\Z/, /_html\Z/).freeze
|
PROHIBITED_REFERENCES = Regexp.union(/\Acached_markdown_version\Z/, /_id\Z/, /_ids\Z/, /_html\Z/, /attributes/).freeze
|
||||||
|
|
||||||
def self.clean(*args)
|
def self.clean(*args)
|
||||||
new(*args).clean
|
new(*args).clean
|
||||||
|
|
|
@ -25,11 +25,21 @@ describe Gitlab::ImportExport::AttributeCleaner do
|
||||||
'legit_html' => '<p>legit html</p>',
|
'legit_html' => '<p>legit html</p>',
|
||||||
'_html' => '<p>perfectly ordinary html</p>',
|
'_html' => '<p>perfectly ordinary html</p>',
|
||||||
'cached_markdown_version' => 12345,
|
'cached_markdown_version' => 12345,
|
||||||
|
'custom_attributes' => 'whatever',
|
||||||
|
'some_attributes_metadata' => 'whatever',
|
||||||
'group_id' => 99,
|
'group_id' => 99,
|
||||||
'commit_id' => 99,
|
'commit_id' => 99,
|
||||||
|
'issue_ids' => [1, 2, 3],
|
||||||
|
'merge_request_ids' => [1, 2, 3],
|
||||||
|
'note_ids' => [1, 2, 3],
|
||||||
|
'attributes' => {
|
||||||
'issue_ids' => [1, 2, 3],
|
'issue_ids' => [1, 2, 3],
|
||||||
'merge_request_ids' => [1, 2, 3],
|
'merge_request_ids' => [1, 2, 3],
|
||||||
'note_ids' => [1, 2, 3]
|
'note_ids' => [1, 2, 3]
|
||||||
|
},
|
||||||
|
'variables_attributes' => {
|
||||||
|
'id' => 1
|
||||||
|
}
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -40,7 +50,8 @@ describe Gitlab::ImportExport::AttributeCleaner do
|
||||||
'random_id_in_the_middle' => 99,
|
'random_id_in_the_middle' => 99,
|
||||||
'notid' => 99,
|
'notid' => 99,
|
||||||
'group_id' => 99,
|
'group_id' => 99,
|
||||||
'commit_id' => 99
|
'commit_id' => 99,
|
||||||
|
'custom_attributes' => 'whatever'
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue