Add latest changes from gitlab-org/gitlab@master

5 files changed, 37 insertions, 58 deletions

diff --git a/doc/development/secure_coding_guidelines.md b/doc/development/secure_coding_guidelines.md
index c9cd7161354..700de9e6b6e 100644
--- a/doc/development/secure_coding_guidelines.md
+++ b/doc/development/secure_coding_guidelines.md
@@ -53,6 +53,10 @@ Each time you implement a new feature/endpoint, whether it is at UI, API or Grap
 
 Be careful to **also test [visibility levels](https://gitlab.com/gitlab-org/gitlab-foss/-/blob/master/doc/development/permissions.md#feature-specific-permissions)** and not only project access rights.
 
+The HTTP status code returned when an authorization check fails should generally be `404 Not Found` in order to avoid revealing information
+about whether or not the requested resource exists. `403 Forbidden` may be appropriate if you need to display a specific message to the user
+about why they cannot access the resource. If you are displaying a generic message such as "access denied", consider returning `404 Not Found` instead.
+
 Some example of well implemented access controls and tests:
 
 1. [example1](https://dev.gitlab.org/gitlab/gitlab-ee/-/merge_requests/710/diffs?diff_id=13750#af40ef0eaae3c1e018809e1d88086e32bccaca40_43_43)
diff --git a/doc/development/service_ping/metrics_dictionary.md b/doc/development/service_ping/metrics_dictionary.md
index f52af156dc0..3439f581e7f 100644
--- a/doc/development/service_ping/metrics_dictionary.md
+++ b/doc/development/service_ping/metrics_dictionary.md
@@ -136,6 +136,9 @@ We use the following categories to classify a metric:
 - `subscription`: Data related to licensing.
 - `standard`: Standard set of identifiers that are included when collecting data.
 
+An aggregate metric is a metric that is the sum of two or more child metrics. Service Ping uses the data category of
+the aggregate metric to determine whether or not the data is included in the reported Service Ping payload.
+
 ### Metric name suggestion examples
 
 #### Metric with `data_source: database`
diff --git a/doc/subscriptions/index.md b/doc/subscriptions/index.md
index caf703ca900..2d809ed7ef8 100644
--- a/doc/subscriptions/index.md
+++ b/doc/subscriptions/index.md
@@ -176,42 +176,36 @@ To change the password for this customers portal account:
 
 ### GitLab for Education
 
-For qualifying non-profit educational institutions, the [GitLab for Education](https://about.gitlab.com/solutions/education/) program provides
-the top GitLab tier, plus 50,000 CI/CD minutes per month.
-
-The GitLab for Education license can only be used for instructional-use or
-non-commercial academic research.
-
-Find more information on how to apply and renew at
-[GitLab for Education](https://about.gitlab.com/solutions/education/).
+For qualifying non-profit educational institutions, the [GitLab for Education Program](https://about.gitlab.com/solutions/education/) provides GitLab Ultimate, plus 50,000 CI/CD minutes per month. The subscription granted under GitLab for Education can only be used for instructional use or non-commercial academic research. For more information—including instructions for applying to the program and renewing program membership—see the [GitLab for Education Program page](https://about.gitlab.com/solutions/education/) and the [GitLab handbook](https://about.gitlab.com/handbook/marketing/community-relations/community-programs/education-program/).
 
 ### GitLab for Open Source
 
-For qualifying open source projects, the [GitLab for Open Source Program](https://about.gitlab.com/solutions/open-source/) provides
-GitLab Ultimate, plus 50,000 CI/CD minutes per month. For more information, see [program requirements](https://about.gitlab.com/solutions/open-source/join/#requirements), [renewals](https://about.gitlab.com/solutions/open-source/join/#renewals), and [program benefits](https://about.gitlab.com/solutions/open-source/join/).
+For qualifying open source projects, the [GitLab for Open Source Program](https://about.gitlab.com/solutions/open-source/) provides GitLab Ultimate, plus 50,000 CI/CD minutes per month. For more information—including instructions for applying to the program and renewing program membership—see the [GitLab for Open Source Program page](https://about.gitlab.com/solutions/open-source/) and the [GitLab handbook](https://about.gitlab.com/handbook/marketing/community-relations/opensource-program/).
 
-If you have any questions, send an email to `opensource@gitlab.com` for assistance.
+#### Meeting GitLab for Open Source Program requirements
 
-#### License requirements for GitLab for Open Source Program members
+NOTE:
+GitLab for Open Source Program benefits apply to an entire GitLab namespace. To qualify for the GitLab for Open Source Program, all projects in an applicant's namespace must meet program requirements. Applicants submit materials related to one project in the applying namespace, and the open source program team uses that project to verify eligibility of the entire namespace.
 
-GitLab for Open Source Program benefits apply to an entire GitLab namespace. To qualify for the GitLab for Open Source Program, **all projects in an applicant's namespace** must carry an [OSI-approved license](https://opensource.org/licenses/).
+To meet GitLab for Open Source Program requirements, first add an OSI-approved open source license to all projects in your namespace.
 
-To add a license:
+To add a license to a project:
 
 1. On the top bar, select **Main menu > Projects** and find your project.
 1. On the overview page, select **Add LICENSE**. If the license you want is not available as a license template, manually copy the entire, unaltered [text of your chosen license](https://opensource.org/licenses/alphabetical) into the `LICENSE` file. Note that GitLab defaults to **All rights reserved** if users do not perform this action.
 
-Applicants must add the correct license to each project in their respective groups or namespaces When you're sure you're using OSI-approved licenses for your projects, you can take your screenshots.
+Applicants must add the correct license to each project in their respective groups or namespaces. When you're sure you're using OSI-approved licenses for your projects, you can take your screenshots.
 
 #### Verification for Open Source Program
 
-As part of the [application verification process](https://about.gitlab.com/solutions/open-source/join/), you must upload **three screenshots**:
+Next, take screenshots of your project to confirm that project's eligibility. You must upload three screenshots:
 
 - [OSI-approved license overview](#screenshot-1-license-overview)
 - [OSI-approved license contents](#screenshot-2-license-contents)
 - [Publicly visible settings](#screenshot-3-publicly-visible-settings)
 
-Benefits of the GitLab Open Source Program apply to all projects in a GitLab namespace. All projects in an eligible namespace must meet program requirements. However, if you submit materials for **one project** in your namespace, the open source program team uses that project to verify the contents of the entire namespace you use when applying to the program.
+NOTE:
+Benefits of the GitLab Open Source Program apply to all projects in a GitLab namespace. All projects in an eligible namespace must meet program requirements. 
 
 ##### Screenshot 1: License overview
 
@@ -243,24 +237,11 @@ To be eligible for the GitLab Open Source Program, projects must be publicly vis
 ![Publicly visible setting](img/publicly-visible.png)
 
 NOTE:
-Exceptions to this public visibility requirement apply in select circumstances (for example, in cases where a project may hold sensitive data). Email `opensource@gitlab.com` with details of your use case to request written permission for exceptions.
+Exceptions to this public visibility requirement apply in select circumstances (for example, in cases where a project in an applicant's namespace may hold sensitive data). Email `opensource@gitlab.com` with details of your use case to request written permission for exceptions.
 
 ### GitLab for Startups
 
-For qualifying startups, the [GitLab for Startups](https://about.gitlab.com/solutions/startups/) program provides
-the top GitLab tier, plus 50,000 CI/CD minutes per month for 12 months.
-
-For more information, including program requirements, see the [Startup program's landing page](https://about.gitlab.com/solutions/startups/).
-
-Send all questions and requests related to the GitLab for Startups program to `startups@gitlab.com`.
-
-### Support for Community Programs
-
-Because these Community Programs are free of cost, regular Priority Support is not included.
-
-As a community member, you can follow this diagram to find support:
-
-![Support diagram](img/support_diagram_c.png)
+For qualifying startups, the [GitLab for Startups](https://about.gitlab.com/solutions/startups/) program provides GitLab Ultimate, plus 50,000 CI/CD minutes per month for 12 months. For more information—including instructions for applying to the program and renewing program membership—see the [GitLab for Startups Program page](https://about.gitlab.com/solutions/startups/) and the [GitLab handbook](https://about.gitlab.com/handbook/marketing/community-relations/startups-program/).
 
 ## Contact Support
 
@@ -269,12 +250,9 @@ Learn more about:
 - The tiers of [GitLab Support](https://about.gitlab.com/support/).
 - [Submit a request via the Support Portal](https://support.gitlab.com/hc/en-us/requests/new).
 
-We also encourage all users to search our project trackers for known issues and
-existing feature requests in the
-[GitLab project](https://gitlab.com/gitlab-org/gitlab/-/issues/).
+We also encourage all users to search our project trackers for known issues and existing feature requests in the [GitLab project](https://gitlab.com/gitlab-org/gitlab/-/issues/).
 
-These issues are the best avenue for getting updates on specific product plans
-and for communicating directly with the relevant GitLab team members.
+These issues are the best avenue for getting updates on specific product plans and for communicating directly with the relevant GitLab team members.
 
 <!-- ## Troubleshooting
 
diff --git a/doc/user/application_security/dast/index.md b/doc/user/application_security/dast/index.md
index 2dc286d8c5f..5241442f39f 100644
--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -736,7 +736,7 @@ After DAST has authenticated with the application, all cookies are collected fro
 For each cookie a matching session token is created for use by ZAP. This ensures ZAP is recognized
 by the application as correctly authenticated.
 
-Authentication supports single form logins, multi-step login forms, and authenticating to URLs outside of the configured target URL.
+Authentication supports single form logins, multi-step login forms, and authenticating to URLs outside of the configured target URL. 
 
 WARNING:
 **Never** run an authenticated scan against a production server. When an authenticated
@@ -744,6 +744,17 @@ scan is run, it may perform *any* function that the authenticated user can. This
 includes actions like modifying and deleting data, submitting forms, and following links.
 Only run an authenticated scan against a test server.
 
+### SSO
+
+DAST can authenticate to websites making use of SSO, with the following restrictions:
+
+- DAST cannot bypass a CAPTCHA if the authentication flow includes one.
+- DAST cannot handle multi-factor authentication like one-time passwords (OTP) by using SMS or authenticator apps.
+- DAST must get a cookie, or a local or session storage, with a sufficiently random value.
+
+The [authentication debug output](index.md#configure-the-authentication-debug-output) can be helpful for troubleshooting SSO authentication 
+with DAST.
+
 ### Log in using automatic detection of the login form
 
 By providing a `DAST_USERNAME`, `DAST_PASSWORD`, and `DAST_AUTH_URL`, DAST attempts to authenticate to the
diff --git a/doc/user/free_user_limit.md b/doc/user/free_user_limit.md
index 0415aae57fa..3fbfb2e1aa7 100644
--- a/doc/user/free_user_limit.md
+++ b/doc/user/free_user_limit.md
@@ -6,26 +6,9 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 # Free user limit **(FREE SAAS)**
 
-From October 19, 2022, namespaces in GitLab.com on the Free tier
-will be limited to five (5) members per [namespace](namespace/index.md).
-This limit applies to top-level private groups.
+From October 19, 2022, a five-user limit will apply to top-level [namespaces](namespace/index.md) with private visibility on GitLab SaaS. These limits will roll out gradually, and impacted users will be notified in GitLab.com at least 60 days before the limit is applied.
 
-On the transition date, if your namespace has six or more unique members:
-
-- Five members will keep a status of `Active`.
-- Remaining members will get a status of `Over limit` and lose access to the
-  group.
-- Members invited through a group or project invitation outside of the namespace
-  will be removed. You can add these members back by inviting them through their
-  username or email address on the **Members** page for your group or project.
-
-## How active members are determined
-
-On the transition date, we'll automatically select the members who keep their `Active` status
-in the following order, until we reach a total of five:
-
-1. Members with the Owner or Maintainer role.
-1. The most recently active members.
+When the five-user limit is applied, top-level private namespaces exceeding the user limit are placed in a read-only state. These namespaces cannot write new data to repositories, Git Large File Storage (LFS), packages, or registries.
 
 ## Manage members in your namespace
 
@@ -43,7 +26,7 @@ Prerequisite:
 1. To remove a member, select **Remove user**.
 
 If you need more time to manage your members, or to try GitLab features
-with a team of more than five members, you can [start a trial](https://about.gitlab.com/free-trial/).
+with a team of more than five members, you can [start a trial](https://gitlab.com/-/trial_registrations/new?glm_source=docs.gitlab.com&glm_content=free-user-limit).
 A trial lasts for 30 days and includes an unlimited number of members.
 
 ## Related topics