Age | Commit message (Collapse) | Author |
|
[ci skip]
|
|
This reverts commit 7128e69c5c5beaa7a2c361cc6d5b35d73daa8dc7.
|
|
[ci skip]
|
|
This reverts commit a8ff8ca405e16fb11c6334097cbb44fa64235311.
|
|
[ci skip]
|
|
Fix PDF.js vulnerability
See merge request gitlab/gitlabhq!3025
|
|
'11-8-stable'
Disallow changing namespace of a project in update method
See merge request gitlab/gitlabhq!3032
|
|
Rake task for removing exif from uploads
See merge request gitlab/gitlabhq!3011
|
|
Use UntrustedRegexp for CI refs matching
See merge request gitlab/gitlabhq!3007
|
|
'11-8-stable'
Fix XSS in resolve conflicts form
See merge request gitlab/gitlabhq!2987
|
|
Fix related branches visible in issues for guests
See merge request gitlab/gitlabhq!3019
|
|
As they do not have a permission to read git tag
|
|
Adds a rake task which can be used for removing EXIF
data from existing uploads.
|
|
|
|
|
|
fix: changed PDFJS prop to GlobalWorkerOptions
Fixed pdf tests
Added changelog entry
|
|
Guest user of a project should not see branches
|
|
[ci skip]
|
|
When executing quick actions, this limits the `commands_changes`
response to only those used by the frontend
|
|
This makes ref validation to use always `UntrustedRegexp`.
This also splits the existing RubySyntax into separate
class.
|
|
The issue arose when the branch name contained Vue template
JavaScript. The fix is to use `v-pre` which disables Vue
compilation in a template.
|
|
[ci skip]
|
|
Update group policy to reflect all the requirements
See merge request gitlab-org/gitlab-ce!25854
|
|
|
|
Fix method to mark a project repository as writable
See merge request gitlab-org/gitlab-ce!25546
(cherry picked from commit a8a02387a7ea5c5a4a6f733a043adf2b1f907e3c)
df044542 Fix project set_repository_writable!
|
|
Allow `:read_list` when `:read_group` is allowed
Closes #58149
See merge request gitlab-org/gitlab-ce!25524
(cherry picked from commit 61c1509cc992959ac5021d10825d5dbf9dd2c091)
b81e7c52 Enable `:read_list` when `:read_group` is enabled
|
|
Properly handle multiple X-Forwarded-For addresses in runner IP
Closes #58103
See merge request gitlab-org/gitlab-ce!25511
(cherry picked from commit dbf0a92292dd054843d28ec27d52222418400ca5)
d03b7bb1 Properly handle multiple X-Forwarded-For addresses in runner IP
|
|
'57579-gitlab-project-import-fails-sidekiq-undefined-method-import_jid' into 'master'
Resolve "Gitlab Project import fails: sidekiq undefined method import_jid"
Closes #57579
See merge request gitlab-org/gitlab-ce!25239
(cherry picked from commit c06ebe511700f25a61b4dfaa518fbed7667c6876)
401a3bca Fix import_jid error on project import
|
|
[ci skip]
|
|
Display only labels and assignees of issues
visible by the currently logged user
Display only issues visible to user in the burndown chart
|
|
|
|
'11-8-stable'
Filter impersonated sessions from active sessions and remove ability to revoke session
See merge request gitlab/gitlabhq!2981
|
|
'11-8-stable'
Forbid creating discussions for users with restricted access
See merge request gitlab/gitlabhq!2890
|
|
Check issue milestone availability
See merge request gitlab/gitlabhq!2904
|
|
Prevent Releases links API to leak tag existence
See merge request gitlab/gitlabhq!2908
|
|
Disable issue board policies when issues are disabled
See merge request gitlab/gitlabhq!2910
|
|
Show only MRs visible to user on milestone detail
See merge request gitlab/gitlabhq!2923
|
|
Don't allow non-members to see private related MRs
See merge request gitlab/gitlabhq!2930
|
|
Validate session key when authorizing with GCP to create a cluster
See merge request gitlab/gitlabhq!2934
|
|
Fix git clone revealing private repo's presence
See merge request gitlab/gitlabhq!2938
|
|
Check snippet attached file to be moved is within designated directory
See merge request gitlab/gitlabhq!2941
|
|
Check validity before querying so that if the dns entry for the api_url
has been changed to something invalid after the model was saved and
checked for validity, it will not query. This is to solve a toctou
(time of check to time of use) issue.
|
|
Fix leaking private repository information in API
See merge request gitlab/gitlabhq!2948
|
|
|
|
Remove link after issue move when no permissions
See merge request gitlab/gitlabhq!2955
|
|
Block local URLs for Kubernetes integration
See merge request gitlab/gitlabhq!2959
|
|
'security-add-public-internal-groups-as-members-to-your-project-idor-11-8' into '11-8-stable'
Add public/internal groups as members to your Project(IDOR)
See merge request gitlab/gitlabhq!2962
|
|
Stop linking to unrecognized package sources
See merge request gitlab/gitlabhq!2969
|
|
[11.8] Prevent disclosing project milestone titles
See merge request gitlab/gitlabhq!2973
|
|
Limit number of characters allowed in mermaidjs
See merge request gitlab/gitlabhq!2978
|