Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-10-01 | Add latest changes from gitlab-org/security/gitlab@13-4-stable-ee | GitLab Bot | |
2020-09-19 | Add latest changes from gitlab-org/gitlab@13-4-stable-ee | GitLab Bot | |
2020-08-20 | Add latest changes from gitlab-org/gitlab@13-3-stable-ee | GitLab Bot | |
2020-07-20 | Add latest changes from gitlab-org/gitlab@13-2-stable-ee | GitLab Bot | |
2020-06-29 | Add latest changes from gitlab-org/security/gitlab@13-1-stable-ee | GitLab Bot | |
2020-06-18 | Add latest changes from gitlab-org/gitlab@13-1-stable-ee | GitLab Bot | |
2020-05-20 | Add latest changes from gitlab-org/gitlab@13-0-stable-ee | GitLab Bot | |
2020-03-24 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2020-03-05 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2020-01-08 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-22 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-08 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-09-18 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-09-07 | Allow to load ECDSA certificates for pages domains | Vladimir Shushlin | |
Just replace RSA.new with PKey.read | |||
2019-09-05 | Avoid checking dns rebind protection in validation | Francisco Javier López | |
2019-08-02 | Refactor SystemHookUrlValidator and specs | George Koltsov | |
Simplify SystemHookUrlValidator to inherit from PublicUrlValidator Refactor specs to move out shared examples to be used in both system hooks and public url validators. | |||
2019-08-02 | Update security/webhooks.md doc page & specs | George Koltsov | |
Updating security/webhooks.md to match new behaviour as well as drying up few specs to extract shared examples | |||
2019-08-02 | Add outbound requests setting for system hooks | George Koltsov | |
This MR adds new application setting to network section `allow_local_requests_from_system_hooks`. Prior to this change system hooks were allowed to do local network requests by default and we are adding an ability for admins to control it. | |||
2019-07-31 | Allow blank but not nil in validations | Reuben Pereira | |
- The most common use case for qualified_domain_validator currently is to allow blank ([]) but not allow nil. Modify the qualified_domain_validator to support this use case. | |||
2019-07-23 | Add validator for qualidied domain array | Reuben Pereira | |
- Validate that the entries contain no unicode, html tags and are not larger than 255 characters. | |||
2019-07-09 | Lesser Namespace#name validations | Bob Van Landuyt | |
Since we use `Namespace#path` to build routes and URLs we can lessen the restrictions on `Namespace#name` so it can accomodate a user's name. | |||
2019-06-25 | Fix color validation regex | Heinrich Lee Yu | |
Also prevents ReDoS vulnerability | |||
2019-04-11 | Align UrlValidator to validate_url gem implementation. | Thong Kuah | |
Renamed UrlValidator to AddressableUrlValidator to avoid 'url:' naming collision with ActiveModel::Validations::UrlValidator in 'validates' statement. Make use of the options attribute of the parent class ActiveModel::EachValidator. Add more options: allow_nil, allow_blank, message. Renamed 'protocols' option to 'schemes' to match the option naming from UrlValidator. | |||
2019-04-09 | Move Contribution Analytics related spec in ↵ | Imre Farkas | |
spec/features/groups/group_page_with_external_authorization_service_spec to EE | |||
2019-04-05 | Revert "Merge branch 'if-57131-external_auth_to_ce' into 'master'" | Andreas Brandl | |
This reverts merge request !26823 | |||
2019-04-05 | Move Contribution Analytics related spec in ↵ | Imre Farkas | |
spec/features/groups/group_page_with_external_authorization_service_spec to EE | |||
2019-03-29 | Renames Cluster#managed? to provided_by_user? | Mayra Cabrera | |
This will allow to user the term managed? on https://gitlab.com/gitlab-org/gitlab-ce/issues/56557. Managed? will be used to distinct clusters that are automatically managed by GitLab | |||
2019-03-14 | Fix Bitbucket import | Francisco Javier López | |
In https://gitlab.com/gitlab-org/gitlab-ce/commit/ebf16ada856efb85424a98848c141f21e609886a we introduced a SHA validator, to ensure that the data provided in merge request diffs, was legit. Nevertheless, the validator assumed that the SHA should be 40 chars long. When we import a project from BitBucket, the retrieved SHA is shorter (12 chars long). Therefore, this validator prevented to create a valid MergeRequestDiff for ever MergeRequest (triggering an exception). | |||
2019-03-09 | Merge branch 'fix/email_validator' into 'master' | Stan Hu | |
Align EmailValidator to validate_email gem implementation. Closes #57352 See merge request gitlab-org/gitlab-ce!24971 | |||
2019-03-05 | Align EmailValidator to validate_email gem implementation. | Horatiu Eugen Vlad | |
Renamed EmailValidator to DeviseEmailValidator to avoid 'email:' naming collision with ActiveModel::Validations::EmailValidator in 'validates' statement. Make use of the options attribute of the parent class ActiveModel::EachValidator. Add more options: regex. | |||
2019-03-04 | Arbitrary file read via MergeRequestDiff | Francisco Javier López | |
2019-02-20 | Comment why we can't use Gitlab::CurrentSettings | Thong Kuah | |
See https://gitlab.com/gitlab-org/gitlab-ee/issues/9833 | |||
2019-02-19 | Revert "Merge branch 'use_gitlab_current_settings' into 'master'" | Bob Van Landuyt | |
This reverts merge request !25370 | |||
2019-02-19 | Use Gitlab::CurrentSettings in UrlValidator | Thong Kuah | |
Gitlab::CurrentSettings will create ApplicationSetting.current if not present which means we don't have to use `&.`. We can also more easily use stub_application_setting in specs | |||
2019-01-07 | Add table and model for error tracking settings | Reuben Pereira | |
2018-12-08 | Merge branch 'ce-jej/group-saml-sso-button-link-description' into 'master' | Clement Ho | |
[CE] Backport SAML unlink changes: UrlBlocker#ascii_only See merge request gitlab-org/gitlab-ce!23627 | |||
2018-12-06 | Allow URLs to be validated as ascii_only | James Edwards-Jones | |
Restricts unicode characters and IDNA deviations which could be used in a phishing attack | |||
2018-12-05 | Add custom validation message for chronic duration attribute | Grzegorz Bizon | |
2018-09-17 | Allow UrlValidator to work with attr_encrypted | Nick Thomas | |
2018-09-13 | Merge branch 'rubocop-code-reuse' into 'master' | Robert Speicher | |
Add RuboCop cops to enforce code reusing rules See merge request gitlab-org/gitlab-ce!21391 | |||
2018-09-11 | Disable existing offenses for the CodeReuse cops | Yorick Peterse | |
This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. | |||
2018-09-11 | Enable frozen string in vestigial files | gfyoung | |
Partially addresses #47424. | |||
2018-09-05 | Merge branch 'filter-web-hooks-by-branch' into 'master' | Dmitriy Zaporozhets | |
Filter web hooks by branch See merge request gitlab-org/gitlab-ce!19513 | |||
2018-09-05 | Refactor: move active hook filter to TriggerableHooks | Duana Saskia | |
2018-08-30 | Allow whitelisting for "external collaborator by default" setting | Roger Rüttimann | |
2018-08-13 | Filter project hooks by branch | Duana Saskia | |
Allow specificying a branch filter for a project hook and only trigger a project hook if either the branch filter is blank or the branch matches. Only supported for push_events for now. | |||
2018-06-27 | Enable frozen string in apps/validators/*.rb | gfyoung | |
Partially addresses #47424. | |||
2018-06-11 | Avoid checking the user format in every url validation | Francisco Javier López | |
2018-06-01 | Add validation to webhook and service URLs to ensure they are not blocked ↵ | Francisco Javier López | |
because of SSRF | |||
2018-04-02 | Rename allow_private_networks to allow_local_network | Douwe Maan | |