- Jan 29, 2019
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
Robert Speicher authored
[ci skip]
-
Robert Speicher authored
This reverts commit 25241cd7.
-
Robert Speicher authored
[11.5] Fix uninitialized constant with GitLab Pages deploy See merge request gitlab/gitlabhq!2874
-
Stan Hu authored
pages:deploy step was failing with the following error: ``` unitialized constant SafeZip::Extract::Zip ``` Since license_finder already pulls in rubyzip, we can make it a required gem. We also use the scope operator to make the reference to Zip::File explicit.
-
- Jan 28, 2019
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
Douglas Barbosa Alexandre authored
Fix a JS race in a spec Closes #56860 See merge request gitlab-org/gitlab-ce!24684 (cherry picked from commit b5e10cd3)
-
- Jan 25, 2019
-
-
Yorick Peterse authored
[11.5] Disable git v2 protocol temporarily See merge request gitlab/gitlabhq!2861 (cherry picked from commit 49f3d2ccb4c47073caac7d05fb068d09e20fb93c) d28a201c Allow Gitaly to be built from a custom URL 66e00613 Disable git v2 protocol temporarily
-
- Jan 24, 2019
-
-
Yorick Peterse authored
[11.5] Alias GitHub and BitBucket OAuth2 callback URLs See merge request gitlab/gitlabhq!2847 (cherry picked from commit c038dc73735e9b0b933ab6417ca6630c3793e14c) 9eb5c6f3 Alias GitHub and BitBucket OAuth2 callback URLs
-
Yorick Peterse authored
[11.5] Security fix user email tag push leak See merge request gitlab/gitlabhq!2807 (cherry picked from commit a6a32e22eea76d202dbe1bd6343041d9c7726039) ccb25775 Prefer build() rather than create() d4945872 Fix private user email being visible in tag webhooks
-
Yorick Peterse authored
[11.5] Fix error disclosure on Project Import See merge request gitlab/gitlabhq!2732 (cherry picked from commit 427577d2adfd1833f6f0722a16b5410cc8d6d96b) 2e6e5af0 Fix path disclosure on Project Import 101acd98 Remove Sentry method call
-
Yorick Peterse authored
[11.5] Resolve "[Security] Stored XSS via KaTeX" See merge request gitlab/gitlabhq!2756 (cherry picked from commit a4f28a482db2ccbbc2eae5ecda4a24b9993f7dfd) 429cae1b 11.5 backport of fix for XSS in KaTex Links 46ca66ed Merge branch 'security-11-5' of https://dev.gitlab.org/gitlab/gitlabhq into...
-
Yorick Peterse authored
[11.5] Fix access to internal wiki when external wiki is enabled See merge request gitlab/gitlabhq!2802 (cherry picked from commit a3d3820ace7cef843b3a71b1962a92fc228145e2) b718e14f Fixed bug when external wiki is enabled a906ba0f Fixed some related spec problems
-
Yorick Peterse authored
[11.5] Contributed projects info is still visible even user enable private profile See merge request gitlab/gitlabhq!2766 (cherry picked from commit b94b469daa0a52d193c5b5848b08bd3c44007864) d87eaa57 Fix contributed projects finder shown private info 1b8eb080 Use old spec syntax
-
Yorick Peterse authored
[11.5] Fix Imported Project Retains Prior Visibility Setting See merge request gitlab/gitlabhq!2852 (cherry picked from commit df3008f7cd326dd9577601d2107f09ef638adcbc) 2bf7a831 Fix tree restorer visibility level e8b277ba Fix migration error 53b9cd23 Update schema file
-
Yorick Peterse authored
[11.5] Sent notification only to authorized users See merge request gitlab/gitlabhq!2858 (cherry picked from commit 81c1e9455ca291841704687cdcff085570e89043) baa1b756 Sent notification only to authorized users
-
Yorick Peterse authored
[11.5] GitLab vulnerable to IDN homograph attacks and RTLO attacks See merge request gitlab/gitlabhq!2823
-
Yorick Peterse authored
[11.5] Do not expose trigger token when user should not see it See merge request gitlab/gitlabhq!2760 (cherry picked from commit 138126043d62c57b4fb1e057561b433347b36d03) bd70c84e Do not expose trigger token when user should not see it
-
Yorick Peterse authored
[11.5] Fix DoS in reference extraction regexes See merge request gitlab/gitlabhq!2779 (cherry picked from commit 9f3dc81480d4b72a201e3517335c4f18235a1f7d) 0a37ec23 Fix slow project reference pattern regex
-
Yorick Peterse authored
[11.5] Don't process MR refs for guests in the notes See merge request gitlab/gitlabhq!2783 (cherry picked from commit 5a508bb7a5e3d7a048c6b3f50f74727e1c71b56e) d4af76d9 Don't process MR refs for guests in the notes
-
Yorick Peterse authored
[11.5] Pipelines section is available to unauthorized users See merge request gitlab/gitlabhq!2806 (cherry picked from commit 3a060db7ea48eee0f08d06f312b01936abf9cc70) bd1ae349 Backport security fix b2469eeb Add CHANGELOG entry 957f6694 Rename Project#all_pipelines to Project#pipelines 8a9894d6 Remove destroy_pipeline specs
-
Yorick Peterse authored
[11.5] Use common error for not logged in users when creating issues See merge request gitlab/gitlabhq!2813 (cherry picked from commit 6a1c300fadddd9d534cacc9a7c0afd5ea6b04014) 0cb3920b Use common error for unauthenticated users
-
Yorick Peterse authored
[11.5] LFS object forgery in project import See merge request gitlab/gitlabhq!2819 (cherry picked from commit 2bb4e59e6e24aaf25afa3325d9f043709d564129) ec8e01ab Added validations to prevent LFS object forgery
-
Yorick Peterse authored
[11.5] Fix discussion replies permissions check See merge request gitlab/gitlabhq!2826 (cherry picked from commit 4f03d5181046ccaf8c09906159c5266eb3564aef) 33bbf8f0 Prevent comments by email when issue is locked
-
Yorick Peterse authored
[11.5] Security extract pages with rubyzip See merge request gitlab/gitlabhq!2835 (cherry picked from commit 75d595e1d29f3a4141b150e32ea5c592aa0a4270) 46885a07 Extract GitLab Pages using RubyZip d2bd5db8 Fix Gemfile.rails5.lock
-
Yorick Peterse authored
[11.5] Stop showing ci for guest users See merge request gitlab/gitlabhq!2837 (cherry picked from commit ad1ab0b4ddfb94cbe3b987b556792edc18ac67eb) d7095784 Stop showing ci for guest users
-
Yorick Peterse authored
[11.5] Revoke award_emoji permissions for confidential issues See merge request gitlab/gitlabhq!2851 (cherry picked from commit 3826a84830da05489f0147c8efd818cdddbf9143) 31d43bdf Prevent award_emoji to notes not visible to user
-
Yorick Peterse authored
[11.5] Verify that LFS upload requests are genuine See merge request gitlab/gitlabhq!2864 (cherry picked from commit 5c3d4d012e734b12140ecc527ade0f5ae8a26049) dd634b25 Verify that LFS upload requests are genuine
-
- Jan 21, 2019
-
-
Brett Walker authored
Such as those with IDN homographs or embedded right-to-left (RTLO) characters. Autolinked hrefs should be escaped
-
- Jan 15, 2019
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
Yorick Peterse authored
[11.5] Validate bundle files before unpacking them See merge request gitlab/gitlabhq!2775 (cherry picked from commit 28bec61b5d3c43ef896780cb0eebf09353b51995) 68433868 Validate bundle files before unpacking them
-
- Jan 10, 2019
-
-
Marin Jankovski authored
Stop using deprecated argument to `gem` See merge request gitlab-org/gitlab-ce!24079
-
- Dec 28, 2018
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
- Dec 27, 2018
-
-
John Jarvis authored
-
John Jarvis authored
[11.5] Resolve "Removing a user from a private group doesn't remove them from group's project, if their project's role was changed" See merge request gitlab/gitlabhq!2715
-
John Jarvis authored
-