Add latest changes from gitlab-org/gitlab@15-7-stable-eev15.7.0-rc42

5 files changed, 30 insertions, 5 deletions

diff --git a/doc/security/crime_vulnerability.md b/doc/security/crime_vulnerability.md
index 463ccb7b629..e5d8d858df2 100644
--- a/doc/security/crime_vulnerability.md
+++ b/doc/security/crime_vulnerability.md
@@ -53,7 +53,7 @@ SPDY support earlier than version 4 is advertised.
 From the report above it is important to note that Nessus is only checking if
 TLS advertises the SPDY protocol earlier than version 4. It does not perform an
 attack nor does it check if compression is enabled. The Nessus scanner alone
-cannot tell that SPDY's compression is disabled and not subject to the CRIME
+cannot tell that SPDY compression is disabled and not subject to the CRIME
 vulnerability.
 
 ## References
diff --git a/doc/security/password_storage.md b/doc/security/password_storage.md
index bd514de6e2c..67ef161e634 100644
--- a/doc/security/password_storage.md
+++ b/doc/security/password_storage.md
@@ -21,7 +21,7 @@ GitLab uses the [Devise](https://github.com/heartcombo/devise) authentication
 library to hash user passwords. Created password hashes have these attributes:
 
 - **Hashing**:
-  - **BCrypt**: By default, the [`bcrypt`](https://en.wikipedia.org/wiki/Bcrypt) hashing
+  - **bcrypt**: By default, the [`bcrypt`](https://en.wikipedia.org/wiki/Bcrypt) hashing
     function is used to generate the hash of the provided password. This cryptographic hashing function is
     strong and industry-standard.
   - **PBKDF2+SHA512**: PBKDF2+SHA512 is supported:
@@ -29,7 +29,7 @@ library to hash user passwords. Created password hashes have these attributes:
     - In GitLab 15.6 and later when [FIPS mode](../development/fips_compliance.md) is enabled (feature flags are not required).
 - **Stretching**: Password hashes are [stretched](https://en.wikipedia.org/wiki/Key_stretching)
   to harden against brute-force attacks. By default, GitLab uses a stretching
-  factor of 10 for BCrypt and 20,000 for PBKDF2 + SHA512.
+  factor of 10 for bcrypt and 20,000 for PBKDF2 + SHA512.
 - **Salting**: A [cryptographic salt](https://en.wikipedia.org/wiki/Salt_(cryptography))
   is added to each password to harden against pre-computed hash and dictionary
   attacks. To increase security, each salt is randomly generated for each
diff --git a/doc/security/rate_limits.md b/doc/security/rate_limits.md
index 20a81ed0c30..929609cd4a4 100644
--- a/doc/security/rate_limits.md
+++ b/doc/security/rate_limits.md
@@ -141,6 +141,19 @@ This is to mitigate the risk of misuses, such as mass discovery of usernames in
 
 The **rate limit** is 20 calls per minute per IP address.
 
+### Project Jobs API endpoint
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/104912) in GitLab 15.7 [with a flag](../administration/feature_flags.md) named `ci_enforce_rate_limits_jobs_api`. Disabled by default.
+
+FLAG:
+On self-managed GitLab, by default this feature is not available. To make it available,
+ask an administrator to [enable the feature flag](../administration/feature_flags.md) named `ci_enforce_rate_limits_jobs_api`.
+The feature is not ready for production use.
+
+There is a rate limit for the endpoint `project/:id/jobs`, which is enforced to reduce timeouts when retrieving jobs.
+
+The **rate limit** is 600 calls per minute per signed-in user.
+
 ## Troubleshooting
 
 ### Rack Attack is denylisting the load balancer
diff --git a/doc/security/reset_user_password.md b/doc/security/reset_user_password.md
index 248737fc908..38c52912d5c 100644
--- a/doc/security/reset_user_password.md
+++ b/doc/security/reset_user_password.md
@@ -7,7 +7,7 @@ type: howto
 
 # Reset a user's password **(FREE SELF)**
 
-You can reset user passwords by using a Rake task, a Rails console, or the
+You can reset user passwords by using the UI, a Rake task, a Rails console, or the
 [Users API](../api/users.md#user-modification).
 
 ## Prerequisites
@@ -16,6 +16,18 @@ To reset a user password, you must be an administrator of a self-managed GitLab
 
 The user's new password must meet all [password requirements](../user/profile/user_passwords.md#password-requirements).
 
+## Use the UI
+
+To reset a user's password in the UI:
+
+1. On the top bar, select **Main menu > Admin**.
+1. On the left sidebar, select **Overview > Users**.
+1. For the user whose password you want to update, select **Edit** (**{pencil-square}**).
+1. In the **Password** area, type a password and password confirmation.
+1. Select **Save changes**.
+
+A confirmation is displayed.
+
 ## Use a Rake task
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/52347) in GitLab 13.9.
diff --git a/doc/security/user_email_confirmation.md b/doc/security/user_email_confirmation.md
index ffc537c8f10..c3f19c92f91 100644
--- a/doc/security/user_email_confirmation.md
+++ b/doc/security/user_email_confirmation.md
@@ -13,7 +13,7 @@ they confirm their email address.
 
 1. On the top bar, select **Main menu > Admin**.
 1. On the left sidebar, select **Settings > General** (`/admin/application_settings/general`).
-1. Expand the **Sign-up restrictions** section and look for the **Send confirmation email on sign-up** option.
+1. Expand the **Sign-up restrictions** section and look for the **Email confirmation settings** options.
 
 ## Confirmation token expiry