Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-12-03Update VERSION to 12.5.3v12.5.3GitLab Release Tools Bot
2019-12-03Update CHANGELOG.md for 12.5.3GitLab Release Tools Bot
[ci skip]
2019-12-03Add latest changes from gitlab-org/gitlab@12-5-stable-eeGitLab Bot
2019-11-27Add latest changes from gitlab-org/gitlab@12-5-stable-eeGitLab Bot
2019-11-27Merge remote-tracking branch 'dev/12-5-stable' into 12-5-stableGitLab Release Tools Bot
2019-11-27Update VERSION to 12.5.2v12.5.2GitLab Release Tools Bot
2019-11-27Update CHANGELOG.md for 12.5.2GitLab Release Tools Bot
[ci skip]
2019-11-27Add latest changes from gitlab-org/gitlab@12-5-stable-eeGitLab Bot
2019-11-27Merge remote-tracking branch 'dev/12-5-stable' into 12-5-stableGitLab Release Tools Bot
2019-11-26Merge branch 'security-dos-issue-and-commit-comments-12-5' into '12-5-stable'GitLab Release Tools Bot
Fix invalid byte sequence See merge request gitlab/gitlabhq!3547
2019-11-26Update VERSION to 12.5.1v12.5.1GitLab Release Tools Bot
2019-11-26Update CHANGELOG.md for 12.5.1GitLab Release Tools Bot
[ci skip]
2019-11-26Merge branch 'security-29660-update-dependencies-12-5' into '12-5-stable'GitLab Release Tools Bot
Update Workhorse and Gitaly to fix a security issue See merge request gitlab/gitlabhq!3531
2019-11-26Merge branch 'security-aws-secret-key-2937-ce-12-5' into '12-5-stable'GitLab Release Tools Bot
Hide AWS secret on Admin Integration page See merge request gitlab/gitlabhq!3532
2019-11-26Hide AWS secret on Admin Integration pageJustin Ho Tuan Duong
2019-11-26Merge branch 'security-ag-cycle-analytics-guest-permissions-12-5' into ↵GitLab Release Tools Bot
'12-5-stable' Prevent guests from seeing commits for cycle analytics See merge request gitlab/gitlabhq!3534
2019-11-26Merge branch 'security-filter-related-branches-from-activity-feed-12.5' into ↵GitLab Release Tools Bot
'12-5-stable' Related Branches Visible to Guests in Issue Activity See merge request gitlab/gitlabhq!3538
2019-11-26Merge branch 'security-2943-encrypt-plaintext-tokens-12-5' into '12-5-stable'GitLab Release Tools Bot
GitLab stores AWS, Slack, Askimet, reCaptcha tokens in plaintext See merge request gitlab/gitlabhq!3543
2019-11-26Merge branch 'security-dns-rebind-ssrf-in-slack-notifications-12-5-ce' into ↵GitLab Release Tools Bot
'12-5-stable' Use Gitlab::HTTP for all chat notifications See merge request gitlab/gitlabhq!3544
2019-11-26Merge branch 'security-33712-ce-12-5' into '12-5-stable'GitLab Release Tools Bot
Fix private comment Elasticsearch leak See merge request gitlab/gitlabhq!3546
2019-11-26Merge branch 'security-fix-xss-in-label-namespace-12-5' into '12-5-stable'GitLab Release Tools Bot
Escape namespace in label references See merge request gitlab/gitlabhq!3550
2019-11-26Merge branch 'security-28802-respect-fork-parent-visibility-12-5' into ↵GitLab Release Tools Bot
'12-5-stable' Check permissions before showing a forked project's source See merge request gitlab/gitlabhq!3555
2019-11-26Merge branch 'security-exclude_ids_attribute_cleaning-12-5-ce' into ↵GitLab Release Tools Bot
'12-5-stable' Ensure attributes that end in `_ids` are cleaned See merge request gitlab/gitlabhq!3558
2019-11-26Spec to ensure `_ids` are cleaned by ImportExport::AttributeCleanerImre Farkas
2019-11-26Ensure attributes that end in `_ids` are cleanedDJ Mountney
This prevents an issue where you can steal other projects objects by asking for ids that don't belong to you in import.
2019-11-25Check permissions before showing a forked project's sourceNick Thomas
2019-11-25Encrypt application settings with pre and post deploymentsArturo Herrero
We had concerns about the cached values on Redis with the previous two releases strategy: First release (this commit): - Create new encrypted fields in the database. - Start populating new encrypted fields, read the encrypted fields or fallback to the plaintext fields. - Backfill the data removing the plaintext fields to the encrypted fields. Second release: - Remove the virtual attribute (created in step 2). - Drop plaintext columns from the database (empty columns after step 3). We end up with a better strategy only using migration scripts in one release: - Pre-deployment migration: Add columns required for storing encrypted values. - Pre-deployment migration: Store the encrypted values in the new columns. - Post-deployment migration: Remove the old unencrypted columns
2019-11-25Escape namespace in label referencesHeinrich Lee Yu
When referencing cross-namespace labels, we append the namespace name to the rendered label. This MR escapes the name to prevent XSS attacks.
2019-11-22Add latest changes from gitlab-org/gitlab@12-5-stable-eeGitLab Bot
2019-11-22Fix invalid byte sequencePatrick Derichs
2019-11-22Add search_helpers changes from security-33712Dylan Griffith
2019-11-22Fix group created from other test from pollutingMark Chao
2019-11-22Test admin for search accessibilityMark Chao
Disabled features are ignored as they are grey areas
2019-11-22Internalize private project minimum access levelMark Chao
Some feature allows GUEST to access only if project is not private. This method returns access level when targeting private projects.
2019-11-22Fix scope to handle private guest permissionMark Chao
Guest are blocked to certain feature when project is private, therefore the scope would filter additionally with REPORTER level.
2019-11-22ES: update permission spec tableMark Chao
Remove impossible cases due to private project's features can only be private or disabled. Fix spec due to sidekiq indexing not triggered. Update guest use cases: some features has additional constraint that "Guest users are able to perform action on public/internal projects, but not private ones."
2019-11-22Update VERSION to 12.5.0v12.5.0GitLab Release Tools Bot
2019-11-22Update CHANGELOG.md for 12.5.0GitLab Release Tools Bot
[ci skip]
2019-11-22Add latest changes from gitlab-org/gitlab@12-5-stable-eeGitLab Bot
2019-11-21Use Gitlab::HTTP for all chat notificationsHordur Freyr Yngvason
2019-11-21Update Workhorse and Gitaly to fix a security issueNick Thomas
2019-11-21Encrypt application setting tokensArturo Herrero
This is the plan to encrypt the plaintext tokens: First release (this commit): 1. Create new encrypted fields in the database. 2. Start populating new encrypted fields, read the encrypted fields or fallback to the plaintext fields. 3. Backfill the data removing the plaintext fields to the encrypted fields. Second release: 4. Remove the virtual attribute (created in step 2). 5. Drop plaintext columns from the database (empty columns after step 3).
2019-11-20Add latest changes from gitlab-org/gitlab@12-5-stable-eeGitLab Bot
2019-11-20Add latest changes from gitlab-org/gitlab@12-5-stable-eeGitLab Bot
2019-11-20Restrict branches visible to guests in Issue feedKerri Miller
Notes related to branch creation should not be shown in an issue's activity feed when the user doesn't have access to :download_code.
2019-11-20Add latest changes from gitlab-org/gitlab@12-5-stable-eeGitLab Bot
2019-11-20Add latest changes from gitlab-org/gitlab@12-5-stable-eeGitLab Bot
2019-11-20Ensure that summary items remain alignedBrandon Labuschagne
Default number of items is 3. If this is not the case, then increase the column width of the summary items to cater for 2 items plus the date filter.
2019-11-20Prevent guests from seeing commits for cycle analyticsAakriti Gupta
- if the user has access level lower than REPORTER, don't include commit count in summary
2019-11-20Add latest changes from gitlab-org/gitlab@12-5-stable-eeGitLab Bot
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-11 18:45:40 +0300