Age | Commit message (Collapse) | Author | |
---|---|---|---|
2019-10-31 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-30 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-30 | Merge dev.gitlab.org@master into GitLab.com@master | Yorick Peterse | |
2019-10-30 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-30 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-30 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-29 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-29 | Merge branch ↵ | GitLab Release Tools Bot | |
'security-ag-hide-private-members-in-project-member-autocomplete' into 'master' Hide private members in project member autocomplete See merge request gitlab/gitlabhq!3212 | |||
2019-10-29 | Merge branch ↵ | GitLab Release Tools Bot | |
'security-64519-nested-graphql-query-can-cause-denial-of-service' into 'master' Nested GraphQL query with circular relationship can cause Denial of Service See merge request gitlab/gitlabhq!3360 | |||
2019-10-29 | Improper access control allows the attacker to comment in internal commit ↵ | Charlie Ablett | |
after they are no longer admin | |||
2019-10-29 | Merge branch ↵ | GitLab Release Tools Bot | |
'security-2914-labels-visible-despite-no-access-to-issues-repositories' into 'master' Labels visible despite no access to issues & repositories See merge request gitlab/gitlabhq!3409 | |||
2019-10-29 | Merge branch 'security-2920-fix-notes-with-label-cross-reference' into 'master' | GitLab Release Tools Bot | |
Project path reveals labels from Private project if the issue is moved to public project See merge request gitlab/gitlabhq!3419 | |||
2019-10-29 | Merge branch 'security-developer-transfer-project' into 'master' | GitLab Release Tools Bot | |
Require Maintainer permission on group where project is transferred to See merge request gitlab/gitlabhq!3420 | |||
2019-10-29 | Merge branch 'security-stored-xss-using-find-file' into 'master' | GitLab Release Tools Bot | |
Sanitize search text to prevent XSS See merge request gitlab/gitlabhq!3453 | |||
2019-10-29 | Merge branch 'security-remove-leaky-401-responses-master' into 'master' | GitLab Release Tools Bot | |
Private/internal repository enumeration via bruteforce on a vulnerable URL See merge request gitlab/gitlabhq!3454 | |||
2019-10-29 | Merge branch 'security-bvl-validate-force-remove-branch-on-mrs-ce' into 'master' | GitLab Release Tools Bot | |
Only assign merge params when allowed See merge request gitlab/gitlabhq!3458 | |||
2019-10-29 | Merge branch 'security-wiki-rdoc-content-ce' into 'master' | GitLab Release Tools Bot | |
Pass all wiki markup formats through our Banzai pipeline filters See merge request gitlab/gitlabhq!3461 | |||
2019-10-29 | Merge branch 'security-mask-sentry-token-ce' into 'master' | GitLab Release Tools Bot | |
Mask sentry auth token See merge request gitlab/gitlabhq!3462 | |||
2019-10-29 | Merge branch 'security-open-redirect-internalredirect' into 'master' | GitLab Release Tools Bot | |
Use the '\A' and '\z' regex anchors in `InternalRedirect` to mitigate an Open Redirect issue. Closes #2934 See merge request gitlab/gitlabhq!3466 | |||
2019-10-29 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-29 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-29 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-29 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-29 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-28 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-28 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-28 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-28 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-28 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-26 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-26 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-26 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-26 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-25 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-25 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-25 | Return 404 on LFS request if project doesn't exist | Igor Drozdov | |
2019-10-25 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-25 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-25 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-25 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-24 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-24 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-24 | Only assign merge params when allowed | Bob Van Landuyt | |
When a user updates a merge request coming from a fork, they should not be able to set `force_remove_source_branch` if they cannot push code to the source project. Otherwise developers of the target project could remove the source branch of the source project by setting this flag through the API. | |||
2019-10-24 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-24 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-24 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-24 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-23 | Add milestone and label note types to cross refs | Eugenia Grieff | |
- Include new types in SystemNoteMetadata - Add Label and Milestone reference_pattern to Mentionable::ReferenceRegexes to be checked for cross references | |||
2019-10-23 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-23 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |