Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-01-13Update VERSION to 12.4.8v12.4.8GitLab Release Tools Bot
2020-01-13Update CHANGELOG.md for 12.4.8GitLab Release Tools Bot
[ci skip]
2020-01-10Add latest changes from gitlab-org/security/gitlab@12-4-stable-eeGitLab Bot
2020-01-02Merge remote-tracking branch 'dev/12-4-stable' into 12-4-stableGitLab Release Tools Bot
2020-01-02Update VERSION to 12.4.7v12.4.7GitLab Release Tools Bot
2020-01-02Update CHANGELOG.md for 12.4.7GitLab Release Tools Bot
[ci skip]
2019-12-31Add latest changes from gitlab-org/security/gitlab@12-4-stable-eeGitLab Bot
2019-12-16Add latest changes from gitlab-org/gitlab@12-4-stable-eeGitLab Bot
2019-12-10Merge remote-tracking branch 'dev/12-4-stable' into 12-4-stableGitLab Release Tools Bot
2019-12-09Update VERSION to 12.4.6v12.4.6GitLab Release Tools Bot
2019-12-09Update CHANGELOG.md for 12.4.6GitLab Release Tools Bot
[ci skip]
2019-12-09Merge branch 'security-37766-transfer-group-reindex-ce-12-4' into '12-4-stable'Alessio Caiazza
Trigger Elasticsearch indexing when public group moved to private See merge request gitlab/gitlabhq!3578
2019-12-06Trigger Elasticsearch indexing when public group moved to privateDylan Griffith
This fixes https://gitlab.com/gitlab-org/gitlab/issues/37766 which is caused by the fact that we leave the stale permissions data in the index after a group is moved to another group.
2019-12-06Add latest changes from gitlab-org/gitlab@12-4-stable-eeGitLab Bot
2019-11-27Merge remote-tracking branch 'dev/12-4-stable' into 12-4-stableGitLab Release Tools Bot
2019-11-27Update VERSION to 12.4.5v12.4.5GitLab Release Tools Bot
2019-11-27Update CHANGELOG.md for 12.4.5GitLab Release Tools Bot
[ci skip]
2019-11-27Merge remote-tracking branch 'dev/12-4-stable' into 12-4-stableGitLab Release Tools Bot
2019-11-27Update VERSION to 12.4.4v12.4.4GitLab Release Tools Bot
2019-11-27Update CHANGELOG.md for 12.4.4GitLab Release Tools Bot
[ci skip]
2019-11-26Merge branch 'security-dos-issue-and-commit-comments-12-4' into '12-4-stable'GitLab Release Tools Bot
Fix invalid byte sequence See merge request gitlab/gitlabhq!3548
2019-11-26Merge branch 'security-29660-update-dependencies-12-4' into '12-4-stable'GitLab Release Tools Bot
Update Workhorse and Gitaly to fix a security issue See merge request gitlab/gitlabhq!3500
2019-11-26Merge branch 'security-dns-rebind-ssrf-in-slack-notifications-12-4-ce' into ↵GitLab Release Tools Bot
'12-4-stable' Use Gitlab::HTTP for all chat notifications See merge request gitlab/gitlabhq!3516
2019-11-26Merge branch 'security-33712-ce-12-4' into '12-4-stable'GitLab Release Tools Bot
Fix private comment Elasticsearch leak See merge request gitlab/gitlabhq!3524
2019-11-26Merge branch 'security-aws-secret-key-2937-ce-12-4' into '12-4-stable'GitLab Release Tools Bot
Hide AWS secret on Admin Integration page See merge request gitlab/gitlabhq!3526
2019-11-26Hide AWS secret on Admin Integration pageJustin Ho Tuan Duong
2019-11-26Merge branch 'security-ag-cycle-analytics-guest-permissions-12-4' into ↵GitLab Release Tools Bot
'12-4-stable' Prevent guests from seeing commits for cycle analytics See merge request gitlab/gitlabhq!3533
2019-11-26Merge branch 'security-filter-related-branches-from-activity-feed-12.4' into ↵GitLab Release Tools Bot
'12-4-stable' Related Branches Visible to Guests in Issue Activity See merge request gitlab/gitlabhq!3539
2019-11-26Merge branch 'security-2943-encrypt-plaintext-tokens-12-4' into '12-4-stable'GitLab Release Tools Bot
GitLab stores AWS, Slack, Askimet, reCaptcha tokens in plaintext See merge request gitlab/gitlabhq!3542
2019-11-26Merge branch 'security-fix-xss-in-label-namespace-12-4' into '12-4-stable'GitLab Release Tools Bot
Escape namespace in label references See merge request gitlab/gitlabhq!3551
2019-11-26Merge branch 'security-28802-respect-fork-parent-visibility-12-4' into ↵GitLab Release Tools Bot
'12-4-stable' Check permissions before showing a forked project's source See merge request gitlab/gitlabhq!3556
2019-11-26Merge branch 'security-exclude_ids_attribute_cleaning-12-4-ce' into ↵GitLab Release Tools Bot
'12-4-stable' Ensure attributes that end in `_ids` are cleaned See merge request gitlab/gitlabhq!3559
2019-11-26Spec to ensure `_ids` are cleaned by ImportExport::AttributeCleanerImre Farkas
2019-11-26Ensure attributes that end in `_ids` are cleanedDJ Mountney
This prevents an issue where you can steal other projects objects by asking for ids that don't belong to you in import.
2019-11-26Add latest changes from gitlab-org/gitlab@12-4-stable-eeGitLab Bot
2019-11-25Check permissions before showing a forked project's sourceNick Thomas
2019-11-25Encrypt application settings with pre and post deploymentsArturo Herrero
We had concerns about the cached values on Redis with the previous two releases strategy: First release (this commit): - Create new encrypted fields in the database. - Start populating new encrypted fields, read the encrypted fields or fallback to the plaintext fields. - Backfill the data removing the plaintext fields to the encrypted fields. Second release: - Remove the virtual attribute (created in step 2). - Drop plaintext columns from the database (empty columns after step 3). We end up with a better strategy only using migration scripts in one release: - Pre-deployment migration: Add columns required for storing encrypted values. - Pre-deployment migration: Store the encrypted values in the new columns. - Post-deployment migration: Remove the old unencrypted columns
2019-11-25Escape namespace in label referencesHeinrich Lee Yu
When referencing cross-namespace labels, we append the namespace name to the rendered label. This MR escapes the name to prevent XSS attacks.
2019-11-22Fix invalid byte sequencePatrick Derichs
2019-11-21Encrypt application setting tokensArturo Herrero
This is the plan to encrypt the plaintext tokens: First release (this commit): 1. Create new encrypted fields in the database. 2. Start populating new encrypted fields, read the encrypted fields or fallback to the plaintext fields. 3. Backfill the data removing the plaintext fields to the encrypted fields. Second release: 4. Remove the virtual attribute (created in step 2). 5. Drop plaintext columns from the database (empty columns after step 3).
2019-11-20Restrict branches visible to guests in Issue feedKerri Miller
Notes related to branch creation should not be shown in an issue's activity feed when the user doesn't have access to :download_code.
2019-11-20Ensure that summary items remain alignedBrandon Labuschagne
Default number of items is 3. If this is not the case, then increase the column width of the summary items to cater for 2 items plus the date filter.
2019-11-20Prevent guests from seeing commits for cycle analyticsAakriti Gupta
- if the user has access level lower than REPORTER, don't include commit count in summary
2019-11-20Update Workhorse and Gitaly to fix a security issueNick Thomas
2019-11-18Update VERSION to 12.4.3v12.4.3refs/environments/review-v12-4-3-8a3gii/deployments/163428GitLab Release Tools Bot
2019-11-18Update CHANGELOG.md for 12.4.3GitLab Release Tools Bot
[ci skip]
2019-11-15Add search_helpers changes from security-33712Dylan Griffith
2019-11-15Fix group created from other test from pollutingMark Chao
2019-11-15Test admin for search accessibilityMark Chao
Disabled features are ignored as they are grey areas
2019-11-15Internalize private project minimum access levelMark Chao
Some feature allows GUEST to access only if project is not private. This method returns access level when targeting private projects.
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 11:38:14 +0300