Add argument to catch

See merge request gitlab-org/gitlab-ee!15911

[ci skip]

[ci skip]

Prepare 12.1.10 release

See merge request gitlab-org/gitlab-foss!32979

Fix order-dependent spec failures with reCAPTCHA

Closes #67133

See merge request gitlab-org/gitlab-ce!32771

[12-1-stable] Re-add ignore_column for import columns

See merge request gitlab-org/gitlab-foss!32977

This `ignore_column` was present for a while but recently removed, but
to ensure we don't get error 500s let's keep it for a while.

[ci skip]

Set max-age and secure flag for pages auth cookies

See merge request gitlab/gitlabhq!3380

[ci skip]

Merge branch '66641-broken-master-real-http-connections-are-disabled-unregistered-request' into 'master'

Use `stub_full_request` to fix spec failure

Closes #66641

See merge request gitlab-org/gitlab-ce!32259

This reverts commit 4f6293e2.

Return NO_ACCESS if user is nil

See merge request gitlab/gitlabhq!3389

Also change test URL sequest to .test TLD

[ci skip]

Avoid exposing unaccessible repo data upon GFM post processing

See merge request gitlab/gitlabhq!3383

When post-processing relative links to absolute links
RelativeLinkFilter didn't take into consideration that
internal repository data could be exposed for users
that do not have repository access to the project.

This commit solves that by checking whether the user
can `download_code` at this repository, avoiding any
processing of this filter if the user can't.

Additionally, if we're processing for a group (
no project was given), we check if the user can
read it in order to expand the href as an extra.
That doesn't seem necessarily a breach now,
but an extra check doesn't hurt as after all
the user needs to be able to `read_group`.

Prevent disclosure of merge request id via email

See merge request gitlab/gitlabhq!3351

Send TODOs for comments on commits correctly

See merge request gitlab/gitlabhq!3366

Require a captcha after unique failed logins from the same IP

See merge request gitlab/gitlabhq!3295

Add method to store session ids by ip

Add new specs for storing session ids

Add cleaning up records after login

Add retrieving anonymous sessions

Add login recaptcha setting

Add new setting to sessions controller

Add conditions for showing captcha

Add sessions controller specs

Add admin settings specs for login protection

Add new settings to api

Add stub to devise spec

Add new translation key

Add cr remarks

Rename class call

Add cr remarks

Change if-clause for consistency

Add cr remarks

Add code review remarks

Refactor AnonymousSession class

Add changelog entry

Move AnonymousSession class to lib

Move store unauthenticated sessions to sessions controller

Move link to recaptcha info

Regenerate text file

Improve copy on the spam page

Change action filter for storing anonymous sessions

Fix rubocop offences

Add code review remarks

Fix schema

Update schema version

Use image proxy to mitigate stealing ip addresses

See merge request gitlab/gitlabhq!3231

Limit the size of issuable description and comments

See merge request gitlab/gitlabhq!3271

Permission fix for MergeRequestsController#pipeline_status

See merge request gitlab/gitlabhq!3278

Enforce max chars and max render time in markdown math

See merge request gitlab/gitlabhq!3287

DNS Rebind SSRF in Kubernetes Integration

See merge request gitlab/gitlabhq!3289

Fix HTML injection for label description

See merge request gitlab/gitlabhq!3298

Ensure only authorised users can create notes on merge requests and issues

See merge request gitlab/gitlabhq!3307

Filter out old system notes for epics in notes api endpoint response

See merge request gitlab/gitlabhq!3310

Fix DNS rebind vulnerability for JIRA integration

See merge request gitlab/gitlabhq!3311

Add merge note type as cross reference

See merge request gitlab/gitlabhq!3327