gitlab Debian release 11.8.3-1

-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEsclPZxif+sAmSPvz1N6yL8C5bhUFAlyT3qIACgkQ1N6yL8C5
 bhXi5Q//bdF+ms+S3H2dPNzKb4fbA0UP3nfdHkjhUIcFP2UV4yVibm3uKpEH82W4
 r+LjqtFhQmtbqwNzPZk/xf7+AP6PEcDCck82zK1YEBOJKUuBY+4G4Y7vciOjApwf
 zBPC0E7cXoV9e1j4up01YXeZfugxA3gZUn+rIuwdXct3BFUTYlPaVz/SqGe0KoGu
 DLOjM2Xh7P/HXZiYZeAgBh+TOXlCoKJ8BtKgmiRfjMC+f6OpfCSvtYLkrvZBgYIG
 Tm5DBWMp3J4FPM8apGUrMhAfuBrqBOgV5ah19J5Rs1i01GTDf/pyDOG8awvi20AE
 V3fHKRlLa6Jmlc2iAc++cMSCHeIoMklYjEeCAWnRelnLwOtuA7iwY3smsgBLQMJf
 1c7wTwl6t9WAIWzvLaKNn3b76eDYOJ9eyVJXNseSkuscHFUzmentT/WmxM9+ETxK
 DsjmHHsfGOjAadH1NULGAsIeujYxPIMJBJDv91/iKdZoWjMJRDorNjvhNb7ERXey
 5Da4Gyvi3pzOjJq1pqhBaTnYyC2CWqcIcy9+2uvVFlbnhrHGudPQfF1aAQ9vwK6l
 wPbJ6Tx9j1ZWrCZf5QL/1CcNxACb44IrmYNxqPwSBhrj7pLSnl/BB/hGocKUpNz9
 loCX4kRa1WNNyz6+Psm4N9I3P2gK65+kQtSGufVuxUxF6E890xE=
 =T/42
 -----END PGP SIGNATURE-----

Merge tag 'debian/11.8.3-1' into buster-fasttrack

gitlab Debian release 11.8.3-1
This commit is contained in:
Pirate Praveen 2019-03-22 15:24:05 +05:30
commit 70c9743e18
6 changed files with 51 additions and 3 deletions

View file

@ -2,6 +2,13 @@
documentation](doc/development/changelog.md) for instructions on adding your own documentation](doc/development/changelog.md) for instructions on adding your own
entry. entry.
## 11.8.3 (2019-03-19)
### Security (1 change)
- Remove project serialization in quick actions response.
## 11.8.2 (2019-03-13) ## 11.8.2 (2019-03-13)
### Security (1 change) ### Security (1 change)

View file

@ -1 +1 @@
11.8.2 11.8.3

View file

@ -54,7 +54,7 @@ module NotesActions
respond_to do |format| respond_to do |format|
format.json do format.json do
json = { json = {
commands_changes: @note.commands_changes commands_changes: @note.commands_changes&.slice(:emoji_award, :time_estimate, :spend_time)
} }
if @note.persisted? && return_discussion? if @note.persisted? && return_discussion?

10
debian/changelog vendored
View file

@ -1,3 +1,13 @@
gitlab (11.8.3-1) unstable; urgency=high
[ Pirate Praveen ]
* Set minimum version of git to 2.18
[ Sruthi Chandran ]
* New upstream version 11.8.3 (Closes: #925196) (Fixes: CVE-2019-9866)
-- Sruthi Chandran <srud@disroot.org> Fri, 22 Mar 2019 00:19:33 +0530
gitlab (11.8.2-3+fto10+1) buster-fasttrack; urgency=medium gitlab (11.8.2-3+fto10+1) buster-fasttrack; urgency=medium
* Rebuild for buster-fasttrack * Rebuild for buster-fasttrack

2
debian/control vendored
View file

@ -367,7 +367,7 @@ Architecture: all
Depends: ${shlibs:Depends}, ${misc:Depends}, Depends: ${shlibs:Depends}, ${misc:Depends},
ruby | ruby-interpreter, ruby | ruby-interpreter,
adduser (>= 3.34~), adduser (>= 3.34~),
git (>= 1:2.7.3~), git (>= 1:2.18~),
ucf, ucf,
gitlab-shell (>= 8.4.4~) gitlab-shell (>= 8.4.4~)
Description: git powered software platform to collaborate on code (common) Description: git powered software platform to collaborate on code (common)

View file

@ -397,6 +397,37 @@ describe Projects::NotesController do
end end
end end
end end
context 'when creating a note with quick actions' do
context 'with commands that return changes' do
let(:note_text) { "/award :thumbsup:\n/estimate 1d\n/spend 3h" }
it 'includes changes in commands_changes ' do
post :create, params: request_params.merge(note: { note: note_text }, format: :json)
expect(response).to have_gitlab_http_status(200)
expect(json_response['commands_changes']).to include('emoji_award', 'time_estimate', 'spend_time')
expect(json_response['commands_changes']).not_to include('target_project', 'title')
end
end
context 'with commands that do not return changes' do
let(:issue) { create(:issue, project: project) }
let(:other_project) { create(:project) }
let(:note_text) { "/move #{other_project.full_path}\n/title AAA" }
before do
other_project.add_developer(user)
end
it 'does not include changes in commands_changes' do
post :create, params: request_params.merge(note: { note: note_text }, target_type: 'issue', target_id: issue.id, format: :json)
expect(response).to have_gitlab_http_status(200)
expect(json_response['commands_changes']).not_to include('target_project', 'title')
end
end
end
end end
describe 'PUT update' do describe 'PUT update' do