Age | Commit message (Collapse) | Author |
|
|
|
[ci skip]
|
|
|
|
[ci skip]
|
|
Update Gitaly to v1.47.2 for security fix
See merge request gitlab/gitlabhq!3300
|
|
|
|
Fix gitlab api token recovery
See merge request gitlab/gitlabhq!3292
|
|
|
|
Fix docs-lint job for 12-0-stable
See merge request gitlab-org/gitlab-ce!31356
|
|
|
|
|
|
[ci skip]
|
|
'12-0-stable'
Don't display badges when builds are restricted
See merge request gitlab/gitlabhq!3185
|
|
Do not allow localhost url redirection in GitHub Integration
See merge request gitlab/gitlabhq!3206
|
|
Server Side Request Forgery mitigation bypass
See merge request gitlab/gitlabhq!3213
|
|
MR pipeline permissions
See merge request gitlab/gitlabhq!3216
|
|
Extract SanitizeNodeLink and apply to WikiLinkFilter
See merge request gitlab/gitlabhq!3222
|
|
'12-0-stable'
Drop feature to take ownership of a trigger token
See merge request gitlab/gitlabhq!3227
|
|
'security-2873-restrict-slash-commands-to-users-who-can-log-in-12-0' into '12-0-stable'
Restrict slash commands to users who can log in
See merge request gitlab/gitlabhq!3238
|
|
Filter params in MR build service
See merge request gitlab/gitlabhq!3254
|
|
Do not show moved issue ids for user not authorized
See merge request gitlab/gitlabhq!3260
|
|
Reusing the existing `IssuableBaseService#filter_params` which uses
the policies to determine what params a user can set, and which values
it can be set to.
This also removed the need for the seperate call to
`IssuableBaseService#ensure_milestone_available`.
The `Issues::BuildService` does not suffer from this because it limits
the params that are assignable to the `title`, `description` and
`milestone_id`.
|
|
Removing API and frontend interactions that allowed
users to take ownership of a trigger token.
Removed mentions from the documentation.
|
|
Fix order-dependent spec failure in appearance_spec.rb
Closes #64083
See merge request gitlab-org/gitlab-ce!30323
|
|
Do not show moved issue id for users that cannot read issue
|
|
|
|
|
|
The SanitizationFilter was running before the WikiFilter. Since
WikiFilter can modify links, we could see links that _should_ be stopped
by SanatizationFilter being rendered on the page. I (kerrizor) had
previously addressed the bug in: https://gitlab.com/gitlab-org/gitlab-ee/commit/7bc971915bbeadb950bb0e1f13510bf3038229a4
However, an additional exploit was discovered after that was merged.
Working through the issue, we couldn't simply shuffle the order of
filters, due to some implicit assumptions about the order of filters, so
instead we've extracted the logic that sanitizes a Nokogiri-generated
Node object, and applied it to the WikiLinkFilter as well.
On moving filters around:
Once we start moving around filters, we get cascading failures; fix one,
another one crops up. Many of the existing filters in the WikiPipeline
chain seem to assume that other filters have already done their work,
and thus operate on a "transform anything that's left" basis;
WikiFilter, for instance, assumes any link it finds in the markdown
should be prepended with the wiki_base_path.. but if it does that, it
also turns `href="@user"` into `href="/path/to/wiki/@user"`, which the
UserReferenceFilter doesn't see as a user reference it needs to
transform into a user profile link. This is true for all the reference
filters in the WikiPipeline.
|
|
MergeRequest#all_pipelines
MergeRequest#all_pipelines fetches Ci::Pipeline records from the source
project, so we should specifically check that project for permissions.
This was already happening for intra-project merge requests, but in the
event that the target and source projects both have private builds, we
should ensure that the project permissions are respected.
|
|
When we can't resolve the hostname or it is invalid, we shouldn't
even perform the request. This fix also fixes the problem the
SSRF rebinding attack.
We can't stub feature flags outside example blocks. Nevertheless,
there are some actions that calls the UrlBlocker, that are performed
outside example blocks, ie: `set` instruction.
That's why we have to use some signalign mechanism outside the scope
of the specs.
|
|
[ci skip]
|
|
'12-0-stable'
Support object storage at FileMover class
See merge request gitlab/gitlabhq!3195
|
|
|
|
|
|
[ci skip]
|
|
Badges were leaked to unauthorized users even when Public Builds
project setting is disabled.
Added guard clause to the controller to check if user can read
build.
|
|
Ability to write a note in a private snippet
See merge request gitlab/gitlabhq!3142
|
|
Prevent Billion Laughs attack
See merge request gitlab/gitlabhq!3146
|
|
Fix MR head pipeline leak
See merge request gitlab/gitlabhq!3154
|
|
'security-prevent-detection-of-merge-request-template-name-12-0' into '12-0-stable'
Guests can know whether merge request template name exists or not
See merge request gitlab/gitlabhq!3161
|
|
Persist tmp snippet uploads at users
See merge request gitlab/gitlabhq!3162
|
|
'12-0-stable'
Expose merge requests count based on user access
See merge request gitlab/gitlabhq!3167
|
|
Fix DOS when rendering issue/MR comments
See merge request gitlab/gitlabhq!3171
|
|
'12-0-stable'
Fix type authorizations in GraphQL
See merge request gitlab/gitlabhq!3172
|
|
Fix color validation regex causing DoS
See merge request gitlab/gitlabhq!3176
|
|
Disable Rails SQL query cache when applying service templates
See merge request gitlab/gitlabhq!3179
|
|
[Backport] Add how to migrate deployments for deploy boards
See merge request gitlab-org/gitlab-ce!30059
|
|
When the SQL query cache is active, the SELECT query for finding
projects to apply service templates returns the same values. This causes
an infinite loop because even though bulk INSERT queries are made, the
cached results never reflect that progress. To fix this, we call
`Project.uncached` around the query to ensure new data is retrieved.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/63595
|
|
|
|
|