Add latest changes from gitlab-org/gitlab@master

6 files changed, 50 insertions, 26 deletions

diff --git a/doc/user/analytics/value_stream_analytics.md b/doc/user/analytics/value_stream_analytics.md
index 22af788b6f5..703b794981f 100644
--- a/doc/user/analytics/value_stream_analytics.md
+++ b/doc/user/analytics/value_stream_analytics.md
@@ -302,6 +302,14 @@ For Value Stream Analytics functionality introduced in GitLab 12.3 and later:
 - Features are available only on
   [Premium or Silver tiers](https://about.gitlab.com/pricing/) and above.
 
+## Troubleshooting
+
+If you see an error as listed in the following table, try the noted solution:
+
+| Error                                       | Solution                                                                                                                                                                                                                           |
+|---------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| There was an error fetching the top labels. | Manually enable tasks by type feature in the [rails console](../../administration/troubleshooting/navigating_gitlab_via_rails_console.md#starting-a-rails-console-session), specifically `Feature.enable(:tasks_by_type_chart)`. |
+
 ## More resources
 
 Learn more about Value Stream Analytics in the following resources:
diff --git a/doc/user/application_security/container_scanning/index.md b/doc/user/application_security/container_scanning/index.md
index 3d6c9e0b0ba..27b22fb925c 100644
--- a/doc/user/application_security/container_scanning/index.md
+++ b/doc/user/application_security/container_scanning/index.md
@@ -67,10 +67,10 @@ To enable Container Scanning in your pipeline, you need:
 
   ```yaml
   build:
-    image: docker:19.03.1
+    image: docker:19.03.8
     stage: build
     services:
-      - docker:19.03.1-dind
+      - docker:19.03.8-dind
     variables:
       IMAGE_TAG: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA
     script:
@@ -118,7 +118,7 @@ variables:
   DOCKER_DRIVER: overlay2
 
 services:
-  - docker:19.03.5-dind
+  - docker:19.03.8-dind
 
 stages:
   - build
@@ -158,9 +158,9 @@ variables:
 The `CLAIR_OUTPUT` variable defined in the main `gitlab-ci.yml` will overwrite what's
 defined in `Container-Scanning.gitlab-ci.yml`, changing the Container Scanning behavior.
 
-[//]: # "NOTE: The container scanning tool references the following heading in the code, so if you"
-[//]: # "      make a change to this heading, make sure to update the documentation URLs used in the"
-[//]: # "      container scanning tool (https://gitlab.com/gitlab-org/security-products/analyzers/klar)"
+<!-- NOTE: The container scanning tool references the following heading in the code, so if you"
+     make a change to this heading, make sure to update the documentation URLs used in the"
+     container scanning tool (https://gitlab.com/gitlab-org/security-products/analyzers/klar)" -->
 
 #### Available variables
 
@@ -240,7 +240,7 @@ It may be worthwhile to set up a [scheduled pipeline](../../../ci/pipelines/sche
 image: docker:stable
 
 services:
-  - docker:19.03.5-dind
+  - docker:19.03.8-dind
 
 stages:
   - build
diff --git a/doc/user/application_security/dependency_scanning/index.md b/doc/user/application_security/dependency_scanning/index.md
index 799f3e1f629..ae006178945 100644
--- a/doc/user/application_security/dependency_scanning/index.md
+++ b/doc/user/application_security/dependency_scanning/index.md
@@ -46,7 +46,7 @@ this is enabled by default.
 
 CAUTION: **Caution:**
 If you use your own Runners, make sure that the Docker version you have installed
-is **not** `19.03.00`. See [troubleshooting information](#error-response-from-daemon-error-processing-tar-file-docker-tar-relocation-error) for details.
+is **not** `19.03.0`. See [troubleshooting information](#error-response-from-daemon-error-processing-tar-file-docker-tar-relocation-error) for details.
 
 Privileged mode is not necessary if you've [disabled Docker in Docker for Dependency Scanning](#disabling-docker-in-docker-for-dependency-scanning)
 
@@ -419,7 +419,7 @@ You can also [submit new vulnerabilities](https://gitlab.com/gitlab-org/security
 
 ### Error response from daemon: error processing tar file: docker-tar: relocation error
 
-This error occurs when the Docker version used to run the SAST job is `19.03.00`.
-You are advised to update to Docker `19.03.01` or greater. Older versions are not
+This error occurs when the Docker version used to run the SAST job is `19.03.0`.
+You are advised to update to Docker `19.03.1` or greater. Older versions are not
 affected. Read more in
 [this issue](https://gitlab.com/gitlab-org/gitlab/issues/13830#note_211354992 "Current SAST container fails").
diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md
index 75afdfb5cf5..011f95c7049 100644
--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@@ -58,7 +58,7 @@ CAUTION: **Caution:** Our SAST jobs currently expect a Linux container type. Win
 
 CAUTION: **Caution:**
 If you use your own Runners, make sure that the Docker version you have installed
-is **not** `19.03.00`. See [troubleshooting information](#error-response-from-daemon-error-processing-tar-file-docker-tar-relocation-error) for details.
+is **not** `19.03.0`. See [troubleshooting information](#error-response-from-daemon-error-processing-tar-file-docker-tar-relocation-error) for details.
 
 ## Supported languages and frameworks
 
@@ -582,7 +582,7 @@ security reports without requiring internet access.
 
 ### Error response from daemon: error processing tar file: docker-tar: relocation error
 
-This error occurs when the Docker version used to run the SAST job is `19.03.00`.
-You are advised to update to Docker `19.03.01` or greater. Older versions are not
+This error occurs when the Docker version used to run the SAST job is `19.03.0`.
+You are advised to update to Docker `19.03.1` or greater. Older versions are not
 affected. Read more in
 [this issue](https://gitlab.com/gitlab-org/gitlab/issues/13830#note_211354992 "Current SAST container fails").
diff --git a/doc/user/clusters/applications.md b/doc/user/clusters/applications.md
index 73ef9482e71..cc7b5dcd5fb 100644
--- a/doc/user/clusters/applications.md
+++ b/doc/user/clusters/applications.md
@@ -298,6 +298,22 @@ Ingress with the recent changes.
 
 ![Disabling WAF](../../topics/web_application_firewall/img/guide_waf_ingress_save_changes_v12_10.png)
 
+##### Logging and blocking modes
+
+To help you tune your WAF rules, you can globally set your WAF to either
+**Logging** or **Blocking** mode:
+
+- **Logging mode** - Allows traffic matching the rule to pass, and logs the event.
+- **Blocking mode** - Prevents traffic matching the rule from passing, and logs the event.
+
+To change your WAF's mode:
+
+1. [Install ModSecurity](../../topics/web_application_firewall/quick_start_guide.md) if you have not already done so.
+1. Navigate to **{cloud-gear}** **Operations > Kubernetes**.
+1. In **Applications**, scroll to **Ingress**.
+1. Under **Global default**, select your desired mode.
+1. Click **Save changes**.
+
 ##### Viewing Web Application Firewall traffic
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/14707) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9.
diff --git a/doc/user/packages/container_registry/index.md b/doc/user/packages/container_registry/index.md
index d6c6767a8fd..5505a4503ca 100644
--- a/doc/user/packages/container_registry/index.md
+++ b/doc/user/packages/container_registry/index.md
@@ -240,10 +240,10 @@ should look similar to this:
 
 ```yaml
 build:
-  image: docker:19.03.1
+  image: docker:19.03.8
   stage: build
   services:
-    - docker:19.03.1-dind
+    - docker:19.03.8-dind
   script:
     - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
     - docker build -t $CI_REGISTRY/group/project/image:latest .
@@ -254,10 +254,10 @@ You can also make use of [other variables](../../../ci/variables/README.md) to a
 
 ```yaml
 build:
-  image: docker:19.03.1
+  image: docker:19.03.8
   stage: build
   services:
-    - docker:19.03.1-dind
+    - docker:19.03.8-dind
   variables:
     IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
   script:
@@ -280,9 +280,9 @@ when needed. Changes to `master` also get tagged as `latest` and deployed using
 an application-specific deploy script:
 
 ```yaml
-image: docker:19.03.1
+image: docker:19.03.8
 services:
-  - docker:19.03.1-dind
+  - docker:19.03.8-dind
 
 stages:
   - build
@@ -355,9 +355,9 @@ Below is an example of what your `.gitlab-ci.yml` should look like:
 
 ```yaml
  build:
-   image: $CI_REGISTRY/group/project/docker:19.03.1
+   image: $CI_REGISTRY/group/project/docker:19.03.8
    services:
-     - name: $CI_REGISTRY/group/project/docker:19.03.1-dind
+     - name: $CI_REGISTRY/group/project/docker:19.03.8-dind
        alias: docker
    stage: build
    script:
@@ -365,7 +365,7 @@ Below is an example of what your `.gitlab-ci.yml` should look like:
      - docker run my-docker-image /script/to/run/tests
 ```
 
-If you forget to set the service alias, the `docker:19.03.1` image won't find the
+If you forget to set the service alias, the `docker:19.03.8` image won't find the
 `dind` service, and an error like the following will be thrown:
 
 ```plaintext
@@ -435,10 +435,10 @@ stages:
   - clean
 
 build_image:
-  image: docker:19.03.1
+  image: docker:19.03.8
   stage: build
   services:
-    - docker:19.03.1-dind
+    - docker:19.03.8-dind
   variables:
     IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
   script:
@@ -451,10 +451,10 @@ build_image:
     - master
 
 delete_image:
-  image: docker:19.03.1
+  image: docker:19.03.8
   stage: clean
   services:
-    - docker:19.03.1-dind
+    - docker:19.03.8-dind
   variables:
     IMAGE_TAG: $CI_PROJECT_PATH:$CI_COMMIT_REF_SLUG
     REG_SHA256: ade837fc5224acd8c34732bf54a94f579b47851cc6a7fd5899a98386b782e228