From b8d3aa799c0013697fce3627f5675cc25ecc9c44 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 10 Nov 2021 00:11:48 +0000
Subject: Add latest changes from gitlab-org/gitlab@master

---
 doc/update/deprecations.md                              | 8 ++++++++
 doc/user/application_security/secret_detection/index.md | 5 +++--
 2 files changed, 11 insertions(+), 2 deletions(-)

(limited to 'doc')

diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md
index 2e209b2787b..37c925b4e9d 100644
--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@@ -66,6 +66,14 @@ We decided to remove the GitLab Serverless features as they never really resonat
 
 Announced: 2021-09-22
 
+### Known host required for GitLab Runner SSH executor
+
+In [GitLab 14.3](https://gitlab.com/gitlab-org/gitlab-runner/-/merge_requests/3074), we added a configuration setting in the GitLab Runner `config.toml` file. This setting, [`[runners.ssh.disable_strict_host_key_checking]`](https://docs.gitlab.com/runner/executors/ssh.html#security), controls whether or not to use strict host key checking with the SSH executor.
+
+In GitLab 15.0 and later, the default value for this configuration option will change from `true` to `false`. This means that strict host key checking will be enforced when using the GitLab Runner SSH executor.
+
+Announced: 2021-11-22
+
 ### Legacy database configuration
 
 The syntax of [GitLabs database](https://docs.gitlab.com/omnibus/settings/database.html)
diff --git a/doc/user/application_security/secret_detection/index.md b/doc/user/application_security/secret_detection/index.md
index dc6fe2e92fc..140f660d729 100644
--- a/doc/user/application_security/secret_detection/index.md
+++ b/doc/user/application_security/secret_detection/index.md
@@ -202,8 +202,9 @@ Secret Detection can be customized by defining available CI/CD variables:
 
 | CI/CD variable                    | Default value | Description |
 |-----------------------------------|---------------|-------------|
-| `SECRET_DETECTION_COMMIT_FROM`    | -             | The commit a Gitleaks scan starts at. |
-| `SECRET_DETECTION_COMMIT_TO`      | -             | The commit a Gitleaks scan ends at. |
+| `SECRET_DETECTION_COMMIT_FROM`    | -             | The commit a Gitleaks scan starts at. [Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/243564) in GitLab 13.5. Replaced with `SECRET_DETECTION_COMMITS`. |
+| `SECRET_DETECTION_COMMIT_TO`      | -             | The commit a Gitleaks scan ends at. [Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/243564) in GitLab 13.5. Replaced with `SECRET_DETECTION_COMMITS`. |
+| `SECRET_DETECTION_COMMITS`        | -             | The list of commits that Gitleaks should scan. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/243564) in GitLab 13.5. |
 | `SECRET_DETECTION_EXCLUDED_PATHS` | ""            | Exclude vulnerabilities from output based on the paths. This is a comma-separated list of patterns. Patterns can be globs, or file or folder paths (for example, `doc,spec` ). Parent directories also match patterns. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/225273) in GitLab 13.3. |
 | `SECRET_DETECTION_HISTORIC_SCAN`  | false         | Flag to enable a historic Gitleaks scan. |
 
-- 
cgit v1.2.3