| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-03-27 | Update VERSION to 11.7.8v11.7.8 | GitLab Release Tools Bot | |
| 2019-03-27 | Update CHANGELOG.md for 11.7.8 | GitLab Release Tools Bot | |
| [ci skip] | |||
| 2019-03-26 | Merge branch 'security-55503-fix-pdf-js-11-7' into '11-7-stable' | Yorick Peterse | |
| Fix PDF.js vulnerability See merge request gitlab/gitlabhq!3026 | |||
| 2019-03-26 | Merge branch 'security-mass-assignment-on-project-update-11-7' into ↵ | Yorick Peterse | |
| '11-7-stable' Disallow changing namespace of a project in update method See merge request gitlab/gitlabhq!3031 | |||
| 2019-03-26 | Merge branch 'security-milestone-labels-11-7' into '11-7-stable' | GitLab Release Tools Bot | |
| Check label_ids parent when updating issue board See merge request gitlab/gitlabhq!3037 | |||
| 2019-03-26 | Merge branch 'security-use-untrusted-regexp-11-7' into '11-7-stable' | GitLab Release Tools Bot | |
| Use UntrustedRegexp for CI refs matching See merge request gitlab/gitlabhq!3008 | |||
| 2019-03-26 | Merge branch 'security-exif-migration-11-7' into '11-7-stable' | GitLab Release Tools Bot | |
| Rake task for removing exif from uploads See merge request gitlab/gitlabhq!3012 | |||
| 2019-03-26 | Merge branch 'security-2819-xss-resolve-conflicts-branch-name-11-7' into ↵ | GitLab Release Tools Bot | |
| '11-7-stable' Fix XSS in resolve conflicts form See merge request gitlab/gitlabhq!2988 | |||
| 2019-03-26 | Merge branch 'security-56224-11-7' into '11-7-stable' | GitLab Release Tools Bot | |
| Fix related branches visible in issues for guests See merge request gitlab/gitlabhq!3020 | |||
| 2019-03-26 | Merge branch 'security-disallow-guests-to-access-releases-11-7' into ↵ | GitLab Release Tools Bot | |
| '11-7-stable' Disallow guest users from accessing Releases See merge request gitlab/gitlabhq!3044 | |||
| 2019-03-26 | Disallow guest users from accessing Releases | Shinya Maeda | |
| As they do not have a permission to read git tag | |||
| 2019-03-26 | Refactor specs according to the code review | Małgorzata Ksionek | |
| 2019-03-25 | Rake task for removing exif from uploads | Jan Provaznik | |
| Adds a rake task which can be used for removing EXIF data from existing uploads. | |||
| 2019-03-25 | Add cr remarks | Małgorzata Ksionek | |
| 2019-03-25 | Check if labels are available for target issuable | Jarka Košanová | |
| - labels have to be in the same project/group as an issuable | |||
| 2019-03-21 | Disallow changing namespace of a project in update method | Małgorzata Ksionek | |
| 2019-03-20 | Updated PDF.js to 2.0.943 | Natalia Tepluhina | |
| fix: changed PDFJS prop to GlobalWorkerOptions Fixed pdf tests Added changelog entry | |||
| 2019-03-20 | Hide related branches when user does not have permission | Mark Chao | |
| Guest user of a project should not see branches | |||
| 2019-03-19 | Update VERSION to 11.7.7v11.7.7 | GitLab Release Tools Bot | |
| 2019-03-19 | Update CHANGELOG.md for 11.7.7 | GitLab Release Tools Bot | |
| [ci skip] | |||
| 2019-03-19 | Merge branch 'security-11-7-2826-fix-project-serialization-in-quick-actions' ↵ | Yorick Peterse | |
| into '11-7-stable' Fix project serialization in quick actions response See merge request gitlab/gitlabhq!3017 | |||
| 2019-03-18 | Only return `commands_changes` used in frontend | Heinrich Lee Yu | |
| When executing quick actions, this limits the `commands_changes` response to only those used by the frontend | |||
| 2019-03-15 | Make CI refs matching to to use UntrustedRegexp | Kamil Trzciński | |
| This makes ref validation to use always `UntrustedRegexp`. This also splits the existing RubySyntax into separate class. | |||
| 2019-03-05 | Fix XSS in resolve conflicts form | Paul Slaughter | |
| The issue arose when the branch name contained Vue template JavaScript. The fix is to use `v-pre` which disables Vue compilation in a template. | |||
| 2019-03-04 | Merge branch 'security-shared-project-private-group-11-7' into '11-7-stable' | Yorick Peterse | |
| Sharing a public project with a private group makes the group page publicly accessible See merge request gitlab/gitlabhq!2985 | |||
| 2019-02-28 | Secure vulerability and add specs | Małgorzata Ksionek | |
| 2019-02-28 | Update VERSION to 11.7.6v11.7.6 | GitLab Release Tools Bot | |
| 2019-02-28 | Update CHANGELOG.md for 11.7.6 | GitLab Release Tools Bot | |
| [ci skip] | |||
| 2019-02-28 | Merge branch '11-7-security-2774-milestones-detail' into '11-7-stable' | Robert Speicher | |
| Display only information visible to current user on Milestone detail See merge request gitlab/gitlabhq!2918 | |||
| 2019-02-27 | Display only informaton visible to current user | Jarka Košanová | |
| Display only labels and assignees of issues visible by the currently logged user Display only issues visible to user in the burndown chart | |||
| 2019-02-27 | Merge branch 'security-id-fix-mr-visibility-11-7' into '11-7-stable' | Yorick Peterse | |
| Display the correct number of MRs a user has access to See merge request gitlab/gitlabhq!2928 | |||
| 2019-02-27 | Display the correct number of MRs a user has access to | Igor Drozdov | |
| 2019-02-27 | Merge branch 'security-2818_filter_impersonated_sessions-11-7' into ↵ | Yorick Peterse | |
| '11-7-stable' Filter impersonated sessions from active sessions and remove ability to revoke session See merge request gitlab/gitlabhq!2982 | |||
| 2019-02-27 | Merge branch 'security-id-restricted-access-to-private-repo-11-7' into ↵ | Yorick Peterse | |
| '11-7-stable' Forbid creating discussions for users with restricted access See merge request gitlab/gitlabhq!2891 | |||
| 2019-02-27 | Merge branch '11-7-security-2773-milestones-fix' into '11-7-stable' | Yorick Peterse | |
| Check issue milestone availability See merge request gitlab/gitlabhq!2905 | |||
| 2019-02-27 | Merge branch 'security-tags-oracle-11-7' into '11-7-stable' | Yorick Peterse | |
| Prevent Releases links API to leak tag existence See merge request gitlab/gitlabhq!2909 | |||
| 2019-02-27 | Merge branch 'security-2798-fix-boards-policy-11-7' into '11-7-stable' | Yorick Peterse | |
| Disable issue board policies when issues are disabled See merge request gitlab/gitlabhq!2911 | |||
| 2019-02-27 | Merge branch '11-7-security-2797-milestone-mrs' into '11-7-stable' | Yorick Peterse | |
| Show only MRs visible to user on milestone detail See merge request gitlab/gitlabhq!2924 | |||
| 2019-02-27 | Merge branch 'security-commit-private-related-mr-11-7' into '11-7-stable' | Yorick Peterse | |
| Don't allow non-members to see private related MRs See merge request gitlab/gitlabhq!2931 | |||
| 2019-02-27 | Merge branch 'security-kubernetes-google-login-csrf-11-7' into '11-7-stable' | Yorick Peterse | |
| Validate session key when authorizing with GCP to create a cluster See merge request gitlab/gitlabhq!2935 | |||
| 2019-02-27 | Merge branch 'security-50334-11-7' into '11-7-stable' | Yorick Peterse | |
| Fix git clone revealing private repo's presence See merge request gitlab/gitlabhq!2939 | |||
| 2019-02-27 | Merge branch 'security-56348-11-7' into '11-7-stable' | Yorick Peterse | |
| Check snippet attached file to be moved is within designated directory See merge request gitlab/gitlabhq!2942 | |||
| 2019-02-27 | Merge branch 'security-55468-check-validity-before-querying-11-7' into ↵ | Yorick Peterse | |
| '11-7-stable' Fix blind SSRF in Prometheus Integration See merge request gitlab/gitlabhq!2945 | |||
| 2019-02-27 | Check validity of prometheus_service before query | Reuben Pereira | |
| Check validity before querying so that if the dns entry for the api_url has been changed to something invalid after the model was saved and checked for validity, it will not query. This is to solve a toctou (time of check to time of use) issue. | |||
| 2019-02-27 | Merge branch 'security-protect-private-repo-information-11-7' into '11-7-stable' | Yorick Peterse | |
| Fix leaking private repository information in API See merge request gitlab/gitlabhq!2949 | |||
| 2019-02-27 | Merge branch 'security-fj-diff-import-file-read-fix-11-7' into '11-7-stable' | Yorick Peterse | |
| Arbitrary file read via MergeRequestDiff See merge request gitlab/gitlabhq!2952 | |||
| 2019-02-27 | Arbitrary file read via MergeRequestDiff | Francisco Javier López | |
| 2019-02-27 | Merge branch '11-7-security-2799-emails' into '11-7-stable' | Yorick Peterse | |
| Remove link after issue move when no permissions See merge request gitlab/gitlabhq!2956 | |||
| 2019-02-27 | Merge branch 'security-kubernetes-local-ssrf-11-7' into '11-7-stable' | Yorick Peterse | |
| Block local URLs for Kubernetes integration See merge request gitlab/gitlabhq!2960 | |||
| 2019-02-27 | Merge branch ↵ | Yorick Peterse | |
| 'security-add-public-internal-groups-as-members-to-your-project-idor-11-7' into '11-7-stable' Add public/internal groups as members to your Project(IDOR) See merge request gitlab/gitlabhq!2963 | |||
Welcome to mirror list, hosted at ThFree Co, Russian Federation.
 |
index : gitlab.com/gitlab-org/gitlab-foss.git | |
| Unnamed repository; edit this file 'description' to name the repository. | root |
| summaryrefslogtreecommitdiff |