diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml index 04883e5680..73e4712cc8 100644 --- a/.gitlab/ci/global.gitlab-ci.yml +++ b/.gitlab/ci/global.gitlab-ci.yml @@ -113,7 +113,7 @@ policy: push .qa-ruby-gems-cache: &qa-ruby-gems-cache - key: "qa-ruby-gems-v1" + key: "qa-ruby-gems-v1-debian-buster" paths: - qa/vendor/ruby/ policy: pull diff --git a/CHANGELOG.md b/CHANGELOG.md index 5c356e303f..39ae46d244 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,19 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 14.6.5 (2022-02-25) + +### Security (8 changes) + +- [Limit commands_changes to certain keys](gitlab-org/security/gitlab@138c437f2819d62ce4750fb84399d8868c844b01) ([merge request](gitlab-org/security/gitlab!2227)) +- [Add runners_token prefix to Group and Project](gitlab-org/security/gitlab@682d4e9b63d3d36901638edc75c1b265460d42dc) ([merge request](gitlab-org/security/gitlab!2250)) +- [Anonymous user can enumerate all users through GraphQL endpoint](gitlab-org/security/gitlab@2b00a8036b291d3ad5de551a5e13c2a0a39d0234) ([merge request](gitlab-org/security/gitlab!2102)) +- [Check for unsafe characters in email addresses before sending](gitlab-org/security/gitlab@6bc653b3dadefb3d2c80823786d43e6b7f8c4620) ([merge request](gitlab-org/security/gitlab!2208)) +- [Warn when snippet contains unretrievable files](gitlab-org/security/gitlab@f9ae9515ec98ab934f4aa3a35af0aca806bbe21d) ([merge request](gitlab-org/security/gitlab!2203)) +- [Prevent DOS when rendering math markdown](gitlab-org/security/gitlab@fd6d496df6f4b5eb3da0b851f9ff8ebb1d68d3f2) ([merge request](gitlab-org/security/gitlab!2201)) +- [Check permission when creating members through service](gitlab-org/security/gitlab@948e5103285de2a6cdb5152ff2c13ae4db2f4cda) ([merge request](gitlab-org/security/gitlab!2211)) +- [Reset password field on page load](gitlab-org/security/gitlab@1417b463f2771a4b17e068dea9de3aa6c4540962) ([merge request](gitlab-org/security/gitlab!2194)) + ## 14.6.4 (2022-02-03) No changes. diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index 7d6296b6cb..5ac2cb5708 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -14.6.4 \ No newline at end of file +14.6.5 \ No newline at end of file diff --git a/VERSION b/VERSION index 7d6296b6cb..5ac2cb5708 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -14.6.4 \ No newline at end of file +14.6.5 \ No newline at end of file diff --git a/app/assets/javascripts/mirrors/mirror_repos.js b/app/assets/javascripts/mirrors/mirror_repos.js index e59da18fb7..5bf08be1ea 100644 --- a/app/assets/javascripts/mirrors/mirror_repos.js +++ b/app/assets/javascripts/mirrors/mirror_repos.js @@ -6,6 +6,8 @@ import { __ } from '~/locale'; import { hide } from '~/tooltips'; import SSHMirror from './ssh_mirror'; +const PASSWORD_FIELD_SELECTOR = '.js-mirror-password-field'; + export default class MirrorRepos { constructor(container) { this.$container = $(container); @@ -27,7 +29,6 @@ export default class MirrorRepos { this.$passwordGroup = $('.js-password-group', this.$container); this.$password = $('.js-password', this.$passwordGroup); this.$authMethod = $('.js-auth-method', this.$form); - this.$keepDivergentRefsInput.on('change', () => this.updateKeepDivergentRefs()); this.$authMethod.on('change', () => this.togglePassword()); this.$password.on('input.updateUrl', () => this.debouncedUpdateUrl()); @@ -35,6 +36,13 @@ export default class MirrorRepos { this.initMirrorSSH(); this.updateProtectedBranches(); this.updateKeepDivergentRefs(); + MirrorRepos.resetPasswordField(); + } + + static resetPasswordField() { + if (document.querySelector(PASSWORD_FIELD_SELECTOR)) { + document.querySelector(PASSWORD_FIELD_SELECTOR).value = ''; + } } initMirrorSSH() { diff --git a/app/assets/javascripts/snippets/components/show.vue b/app/assets/javascripts/snippets/components/show.vue index 35d88d5ec8..ee8b00c1f5 100644 --- a/app/assets/javascripts/snippets/components/show.vue +++ b/app/assets/javascripts/snippets/components/show.vue @@ -1,5 +1,5 @@