Skip to content
Snippets Groups Projects
  1. Nov 27, 2018
  2. Nov 26, 2018
  3. Nov 23, 2018
  4. Nov 21, 2018
  5. Nov 20, 2018
  6. Nov 19, 2018
  7. Nov 18, 2018
  8. Nov 16, 2018
  9. Nov 15, 2018
    • Alessio Caiazza's avatar
      Validate URI scheme also for internal URI · a4ef6934
      Alessio Caiazza authored
      This is a backport for 11.4 stable branch.
      
      Gitlab::UrlBlocker ignores scheme when validating URI matching either
      config.gitlab or config.gitlab_shell
      
      This patch enforces matching config.gitlab.protocol for internal web and
      ssh for internal shell.
      
      A cleanup migration for stored XSS from environments table is included.
      a4ef6934
  10. Nov 14, 2018
Loading