Age | Commit message (Collapse) | Author | |
---|---|---|---|
2019-12-20 | Update VERSION to 12.6.0 | GitLab Release Tools Bot | |
2019-12-20 | Update CHANGELOG.md for 12.6.0 | GitLab Release Tools Bot | |
[ci skip] | |||
2019-12-20 | Add latest changes from gitlab-org/security/gitlab@12-6-stable-ee | GitLab Bot | |
2019-12-20 | Add latest changes from gitlab-org/gitlab@12-6-stable-ee | GitLab Bot | |
2019-12-20 | Update VERSION to 12.6.0-rc42v12.6.0-rc42 | GitLab Release Tools Bot | |
2019-12-20 | Add latest changes from gitlab-org/gitlab@12-6-stable-ee | GitLab Bot | |
2019-12-16 | Update VERSION to 12.5.5v12.5.5 | John T Skarbek | |
2019-12-16 | Update CHANGELOG.md for 12.5.5 | John T Skarbek | |
[ci skip] | |||
2019-12-16 | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | |
2019-12-16 | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | |
2019-12-16 | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | |
2019-12-10 | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | |
2019-12-10 | Merge remote-tracking branch 'dev/12-5-stable' into 12-5-stable | GitLab Release Tools Bot | |
2019-12-09 | Update VERSION to 12.5.4v12.5.4 | GitLab Release Tools Bot | |
2019-12-09 | Update CHANGELOG.md for 12.5.4 | GitLab Release Tools Bot | |
[ci skip] | |||
2019-12-09 | Merge branch 'security-37766-transfer-group-reindex-ce-12-5' into '12-5-stable' | Alessio Caiazza | |
Trigger Elasticsearch indexing when public group moved to private See merge request gitlab/gitlabhq!3577 | |||
2019-12-06 | Trigger Elasticsearch indexing when public group moved to private | Dylan Griffith | |
This fixes https://gitlab.com/gitlab-org/gitlab/issues/37766 which is caused by the fact that we leave the stale permissions data in the index after a group is moved to another group. | |||
2019-12-05 | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | |
2019-12-03 | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | |
2019-12-03 | Update VERSION to 12.5.3v12.5.3 | GitLab Release Tools Bot | |
2019-12-03 | Update CHANGELOG.md for 12.5.3 | GitLab Release Tools Bot | |
[ci skip] | |||
2019-12-03 | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | |
2019-11-27 | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | |
2019-11-27 | Merge remote-tracking branch 'dev/12-5-stable' into 12-5-stable | GitLab Release Tools Bot | |
2019-11-27 | Update VERSION to 12.5.2v12.5.2 | GitLab Release Tools Bot | |
2019-11-27 | Update CHANGELOG.md for 12.5.2 | GitLab Release Tools Bot | |
[ci skip] | |||
2019-11-27 | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | |
2019-11-27 | Merge remote-tracking branch 'dev/12-5-stable' into 12-5-stable | GitLab Release Tools Bot | |
2019-11-26 | Merge branch 'security-dos-issue-and-commit-comments-12-5' into '12-5-stable' | GitLab Release Tools Bot | |
Fix invalid byte sequence See merge request gitlab/gitlabhq!3547 | |||
2019-11-26 | Update VERSION to 12.5.1v12.5.1 | GitLab Release Tools Bot | |
2019-11-26 | Update CHANGELOG.md for 12.5.1 | GitLab Release Tools Bot | |
[ci skip] | |||
2019-11-26 | Merge branch 'security-29660-update-dependencies-12-5' into '12-5-stable' | GitLab Release Tools Bot | |
Update Workhorse and Gitaly to fix a security issue See merge request gitlab/gitlabhq!3531 | |||
2019-11-26 | Merge branch 'security-aws-secret-key-2937-ce-12-5' into '12-5-stable' | GitLab Release Tools Bot | |
Hide AWS secret on Admin Integration page See merge request gitlab/gitlabhq!3532 | |||
2019-11-26 | Hide AWS secret on Admin Integration page | Justin Ho Tuan Duong | |
2019-11-26 | Merge branch 'security-ag-cycle-analytics-guest-permissions-12-5' into ↵ | GitLab Release Tools Bot | |
'12-5-stable' Prevent guests from seeing commits for cycle analytics See merge request gitlab/gitlabhq!3534 | |||
2019-11-26 | Merge branch 'security-filter-related-branches-from-activity-feed-12.5' into ↵ | GitLab Release Tools Bot | |
'12-5-stable' Related Branches Visible to Guests in Issue Activity See merge request gitlab/gitlabhq!3538 | |||
2019-11-26 | Merge branch 'security-2943-encrypt-plaintext-tokens-12-5' into '12-5-stable' | GitLab Release Tools Bot | |
GitLab stores AWS, Slack, Askimet, reCaptcha tokens in plaintext See merge request gitlab/gitlabhq!3543 | |||
2019-11-26 | Merge branch 'security-dns-rebind-ssrf-in-slack-notifications-12-5-ce' into ↵ | GitLab Release Tools Bot | |
'12-5-stable' Use Gitlab::HTTP for all chat notifications See merge request gitlab/gitlabhq!3544 | |||
2019-11-26 | Merge branch 'security-33712-ce-12-5' into '12-5-stable' | GitLab Release Tools Bot | |
Fix private comment Elasticsearch leak See merge request gitlab/gitlabhq!3546 | |||
2019-11-26 | Merge branch 'security-fix-xss-in-label-namespace-12-5' into '12-5-stable' | GitLab Release Tools Bot | |
Escape namespace in label references See merge request gitlab/gitlabhq!3550 | |||
2019-11-26 | Merge branch 'security-28802-respect-fork-parent-visibility-12-5' into ↵ | GitLab Release Tools Bot | |
'12-5-stable' Check permissions before showing a forked project's source See merge request gitlab/gitlabhq!3555 | |||
2019-11-26 | Merge branch 'security-exclude_ids_attribute_cleaning-12-5-ce' into ↵ | GitLab Release Tools Bot | |
'12-5-stable' Ensure attributes that end in `_ids` are cleaned See merge request gitlab/gitlabhq!3558 | |||
2019-11-26 | Spec to ensure `_ids` are cleaned by ImportExport::AttributeCleaner | Imre Farkas | |
2019-11-26 | Ensure attributes that end in `_ids` are cleaned | DJ Mountney | |
This prevents an issue where you can steal other projects objects by asking for ids that don't belong to you in import. | |||
2019-11-25 | Check permissions before showing a forked project's source | Nick Thomas | |
2019-11-25 | Encrypt application settings with pre and post deployments | Arturo Herrero | |
We had concerns about the cached values on Redis with the previous two releases strategy: First release (this commit): - Create new encrypted fields in the database. - Start populating new encrypted fields, read the encrypted fields or fallback to the plaintext fields. - Backfill the data removing the plaintext fields to the encrypted fields. Second release: - Remove the virtual attribute (created in step 2). - Drop plaintext columns from the database (empty columns after step 3). We end up with a better strategy only using migration scripts in one release: - Pre-deployment migration: Add columns required for storing encrypted values. - Pre-deployment migration: Store the encrypted values in the new columns. - Post-deployment migration: Remove the old unencrypted columns | |||
2019-11-25 | Escape namespace in label references | Heinrich Lee Yu | |
When referencing cross-namespace labels, we append the namespace name to the rendered label. This MR escapes the name to prevent XSS attacks. | |||
2019-11-22 | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | |
2019-11-22 | Fix invalid byte sequence | Patrick Derichs | |
2019-11-22 | Add search_helpers changes from security-33712 | Dylan Griffith | |