Add latest changes from gitlab-org/gitlab@13-11-stable-ee

3 files changed, 40 insertions, 5 deletions

diff --git a/doc/administration/pages/index.md b/doc/administration/pages/index.md
index d04688dab7a..ae4fa086e3f 100644
--- a/doc/administration/pages/index.md
+++ b/doc/administration/pages/index.md
@@ -1001,7 +1001,7 @@ to using that.
 
 ### Migrate Pages deployments to object storage
 
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/325285) in GitLab 13.11
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/325285) in GitLab 13.11.
 
 Existing Pages deployments objects (which store [ZIP archives](#zip-storage)) can similarly be
 migrated to [object storage](#using-object-storage), if
@@ -1010,7 +1010,7 @@ you've been having them stored locally.
 Migrate your existing Pages deployments from local storage to object storage:
 
 ```shell
-sudo gitlab-rails gitlab:pages:deployments:migrate_to_object_storage
+sudo gitlab-rake gitlab:pages:deployments:migrate_to_object_storage
 ```
 
 ### Rolling Pages deployments back to local storage
@@ -1018,7 +1018,7 @@ sudo gitlab-rails gitlab:pages:deployments:migrate_to_object_storage
 After the migration to object storage is performed, you can choose to revert your Pages deployments back to local storage:
 
 ```shell
-sudo gitlab-rails gitlab:pages:deployments:migrate_to_local
+sudo gitlab-rake gitlab:pages:deployments:migrate_to_local
 ```
 
 ## Backup
diff --git a/doc/api/projects.md b/doc/api/projects.md
index 50c1356dfd8..d9aabfbc337 100644
--- a/doc/api/projects.md
+++ b/doc/api/projects.md
@@ -2016,6 +2016,41 @@ The returned `url` is relative to the project path. The returned `full_path` is
 the absolute path to the file. In Markdown contexts, the link is expanded when
 the format in `markdown` is used.
 
+### Max attachment size enforcement
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/57250) in GitLab 13.11.
+
+GitLab 13.11 added enforcement of the [maximum attachment size limit](../user/admin_area/settings/account_and_limit_settings.md#max-attachment-size) behind the `enforce_max_attachment_size_upload_api` feature flag. GitLab 14.0 will enable this by default.
+
+**In Omnibus installations:**
+
+1. Enter the Rails console:
+
+   ```shell
+   sudo gitlab-rails console
+   ```
+
+1. Enable the feature flag:
+
+   ```ruby
+   Feature.enable(:enforce_max_attachment_size_upload_api)
+   ```
+
+**In installations from source:**
+
+1. Enter the Rails console:
+
+   ```shell
+   cd /home/git/gitlab
+   sudo -u git -H bundle exec rails console -e production
+   ```
+
+1. Enable the feature flag to disable the validation:
+
+   ```ruby
+   Feature.enable(:enforce_max_attachment_size_upload_api)
+   ```
+
 ## Upload a project avatar
 
 Uploads an avatar to the specified project.
diff --git a/doc/user/application_security/dast/index.md b/doc/user/application_security/dast/index.md
index d3f679fe9dd..65ddece1bde 100644
--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -300,7 +300,7 @@ variables:
   DAST_SUBMIT_FIELD: login # the `id` or `name` of the element that when clicked will submit the login form or the password form of a multi-page login process
   DAST_FIRST_SUBMIT_FIELD: next # the `id` or `name` of the element that when clicked will submit the username form of a multi-page login process
   DAST_EXCLUDE_URLS: http://example.com/sign-out,http://example.com/sign-out-2  # optional, URLs to skip during the authenticated scan; comma-separated, no spaces in between
-  DAST_AUTH_VALIDATION_URL: http://example.com/loggedin_page  # optional, a URL only accessible to logged in users that DAST can use to confirm successful authentication
+  DAST_AUTH_VERIFICATION_URL: http://example.com/loggedin_page  # optional, a URL only accessible to logged in users that DAST can use to confirm successful authentication
 ```
 
 The results are saved as a
@@ -645,7 +645,7 @@ DAST can be [configured](#customizing-the-dast-settings) using CI/CD variables.
 | `DAST_API_SPECIFICATION`     | URL or string | The API specification to import. The specification can be hosted at a URL, or the name of a file present in the `/zap/wrk` directory. `DAST_WEBSITE` must be specified if this is omitted. |
 | `DAST_SPIDER_START_AT_HOST`  | boolean | Set to `false` to prevent DAST from resetting the target to its host before scanning. When `true`, non-host targets `http://test.site/some_path` is reset to `http://test.site` before scan. Default: `true`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/258805) in GitLab 13.6. |
 | `DAST_AUTH_URL`              | URL     | The URL of the page containing the sign-in HTML form on the target website. `DAST_USERNAME` and `DAST_PASSWORD` are submitted with the login form to create an authenticated scan. Not supported for API scans. |
-| `DAST_AUTH_VALIDATION_URL`   | URL     | A URL only accessible to logged in users that DAST can use to confirm successful authentication. If provided, DAST will exit if it cannot access the URL. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/207335) in GitLab 13.8.
+| `DAST_AUTH_VERIFICATION_URL`   | URL     | A URL only accessible to logged in users that DAST can use to confirm successful authentication. If provided, DAST will exit if it cannot access the URL. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/207335) in GitLab 13.8.
 | `DAST_USERNAME`              | string  | The username to authenticate to in the website. |
 | `DAST_PASSWORD`              | string  | The password to authenticate to in the website. |
 | `DAST_USERNAME_FIELD`        | string  | The name of username field at the sign-in HTML form. |