Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/changelogs
AgeCommit message (Collapse)Author
2019-01-31Verify that LFS upload requests are genuineNick Thomas
LFS uploads are handled in concert by workhorse and rails. In normal use, workhorse: * Authorizes the request with rails (upload_authorize) * Handles the upload of the file to a tempfile - disk or object storage * Validates the file size and contents * Hands off to rails to complete the upload (upload_finalize) In `upload_finalize`, the LFS object is linked to the project. As LFS objects are deduplicated across all projects, it may already exist. If not, the temporary file is copied to the correct place, and will be used by all future LFS objects with the same OID. Workhorse uses the Content-Type of the request to decide to follow this routine, as the URLs are ambiguous. If the Content-Type is anything but "application/octet-stream", the request is proxied directly to rails, on the assumption that this is a normal file edit request. If it's an actual LFS request with a different content-type, however, it is routed to the Rails `upload_finalize` action, which treats it as an LFS upload just as it would a workhorse-modified request. The outcome is that users can upload LFS objects that don't match the declared size or OID. They can also create links to LFS objects they don't really own, allowing them to read the contents of files if they know just the size or OID. We can close this hole by requiring requests to `upload_finalize` to be sourced from Workhorse. The mechanism to do this already exists.
2019-01-31Extract GitLab Pages using RubyZipKamil Trzciński
RubyZip allows us to perform strong validation of expanded paths where we do extract file. We introduce the following additional checks to extract routines: 1. None of path components can be symlinked, 2. We drop privileges support for directories, 3. Symlink source needs to point within the target directory, like `public/`, 4. The symlink source needs to exist ahead of time.
2019-01-31Add changelog entryKushal Pandya
2019-01-31Prevent comments by email when issue is lockedHeinrich Lee Yu
This changes the permission check so it uses the policy on Noteable instead of Project. This prevents bypassing of rules defined in Noteable for locked discussions and confidential issues. Also rechecks permissions when reply_to_discussion_id is provided since the discussion_id may be from a different noteable.
2019-01-31Show tooltip for malicious looking linksBrett Walker
Such as those with IDN homographs or embedded right-to-left (RTLO) characters. Autolinked hrefs should be escaped
2019-01-31Added validations to prevent LFS object forgeryFrancisco Javier López
2019-01-31Group Guests are no longer able to see merge requestsTiago Botelho
Group guests will only be displayed merge requests to projects they have a access level to, higher than Reporter. Visible projects will still display the merge requests to Guests
2019-01-31Fixed bug when external wiki is enabledFrancisco Javier López
When the external wiki is enabled, the internal wiki link is replaced by the external wiki url. But the internal wiki is still accessible. In this change the external wiki will have its own tab in the sidebar and only if the services are disabled the tab (and access rights) will not be displayed.
2019-01-31Fix private user email being visible in tag webhooksLuke Duncalfe
Fixes #54721
2019-01-31Add changelog for trigger token exposure fixGrzegorz Bizon
2019-01-31Prevent award_emoji to notes not visible to userHeinrich Lee Yu
When the parent noteable is not visible to the user (e.g. confidential) we prevent the user from adding emoji reactions to notes
2019-01-31Use common error for unauthenticated usersHeinrich Lee Yu
Removes special error message when creating new issues
2019-01-31Fix slow project reference pattern regexHeinrich Lee Yu
2019-01-31Don't process MR refs for guests in the notesOswaldo Ferreira
2019-01-31Fix contributed projects finder shown private infoJames Lopez
2019-01-31Fix path disclosure on Project ImportJames Lopez
2019-01-31Merge branch '45791-number-of-repositories-usage-ping' into 'master'Rémy Coutable
Add number of repositories to usage ping data Closes #45791 See merge request gitlab-org/gitlab-ce!24823
2019-01-31Add number of repositories to usage ping dataBalasankar "Balu" C
2019-01-31Merge branch '24875-label' into 'master'Kushal Pandya
Append prioritized label before pagination Closes #24875 See merge request gitlab-org/gitlab-ce!24815
2019-01-31Append prioritized label before paginationRajat Jain
2019-01-31Merge branch 'hnk-master-patch-61932' into 'master'Filipa Lacerda
Update runner admin page to make description field larger Closes #54639 See merge request gitlab-org/gitlab-ce!23593
2019-01-31Merge branch 'fix/49388' into 'master'Grzegorz Bizon
Fix metrics graphs environments dropdown Closes #49388 See merge request gitlab-org/gitlab-ce!24441
2019-01-31Merge branch '56764-poor-ui-on-milestone-validation-error-page' into 'master'Clement Ho
Fix CSS grid on a new Project/Group Milestone Closes #56764 See merge request gitlab-org/gitlab-ce!24614
2019-01-31Update runner admin page to make description field largerSascha Reynolds
This changes the table with for the desciption and version fields to make the runner descriptions more readable. added changelog
2019-01-31Revert "Merge branch '56398-fix-cluster-installation-loading-state' into ↵Robert Speicher
'master'" This reverts merge request !24485
2019-01-31fix display comment avatars issue in IE 11Gokhan Apaydin
2019-01-30Fix cluster installation processing spinnerJacques Erasmus
2019-01-30Merge branch 'cluster_status_for_ugprading' into 'master'Grzegorz Bizon
Expose app version to frontend See merge request gitlab-org/gitlab-ce!24791
2019-01-30Merge branch 'fix/bamboo_api_polymorphism' into 'master'Grzegorz Bizon
Support bamboo api polymorphism See merge request gitlab-org/gitlab-ce!24680
2019-01-30Merge branch 'an-opentracing-render-tracing' into 'master'Douwe Maan
Add OpenTracing instrumentation for Action View Render events See merge request gitlab-org/gitlab-ce!24728
2019-01-30Expose app version to frontendThong Kuah
2019-01-30Add OpenTracing instrumentation for Action View Render eventsAndrew Newdigate
This change adds three new instrumentations, driven through rails notifications: render_template.action_view, render_collection.action_view and render_partial.action_view. These can help developers understand why renders are taking a long time which may in turn help them to improve their performance.
2019-01-30Merge branch 'sh-issue-53419-fix' into 'master'Rémy Coutable
Fix Bitbucket Server import not allowing personal projects Closes #53419 See merge request gitlab-org/gitlab-ce!23601
2019-01-30Support polymorphism of Bamboo REST API resultsAlex Lossent
It may return single result or an array of results
2019-01-30Merge branch 'sh-disable-nil-user-id-identity-validation' into 'master'Douwe Maan
Fix failed LDAP logins when nil user_id present Closes #56734 See merge request gitlab-org/gitlab-ce!24749
2019-01-30Merge branch '56379-pipeline-stages-job-action-button-icon-is-not-aligned' ↵Filipa Lacerda
into 'master' Resolve "Pipeline stages job action button icon is not aligned" Closes #56379 See merge request gitlab-org/gitlab-ce!24577
2019-01-30Merge branch '53104-redesign-group-overview-ui-mvc' into 'master'Kushal Pandya
Resolve "Redesign group overview UI: MVC" Closes #53104 See merge request gitlab-org/gitlab-ce!23866
2019-01-29Revert the "What's new" featureBrandon Labuschagne
2019-01-29Merge branch '55820-adds-common-name-chart-value' into 'master'Stan Hu
Overrides commonName Helm chart value Closes #55820 See merge request gitlab-org/gitlab-ce!24683
2019-01-29Fix failed LDAP logins when nil user_id presentStan Hu
When a LDAP user signs in the for the first time and if there is an `Identity` object with `user_id` of `nil`, new users will not be able to be register until that entry is cleared because of the way identities are created: 1. First, the User object is built but not saved, so it has no `id`. 2. Then, `user.identities.build(provider: 'ldapmain')` is called, but it does not have an associated `user_id` as a result. 3. `User#save` is called, but the `Identity` validation fails if an existing entry with `user_id` of `nil` already exists. The uniqueness validation for `nil` values doesn't make any sense in this case. We should be enforcing this at the database level with a foreign key constraint. To work around the issue we can validate against the user instead, which does the right thing even when the user isn't saved yet. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56734
2019-01-29Move CI action icons down 1pxmfluharty
2019-01-29Merge branch 'ab-54270-github-iid' into 'master'Yorick Peterse
Reduce amount of locks needed for GitHub importer Closes #54270 and #51817 See merge request gitlab-org/gitlab-ce!24102
2019-01-29Add GitLab Pages predefined variablesAdrian Moisey
2019-01-29Fix CSS grid on a new Project/Group MilestoneTakuya Noguchi
Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
2019-01-29Add changelog for performanceAndreas Brandl
2019-01-29Externalize strings from `/app/views/projects/milestones`George Tsiolis
2019-01-29Merge branch '50352-sort-save' into 'master'Sean McGivern
Save sorting preference for Issues/MRs in BE Closes #50352 See merge request gitlab-org/gitlab-ce!24198
2019-01-29Externalize strings from `/app/views/clusters`George Tsiolis
2019-01-29refactor(NoteableDiscussion): Extracted ResolveDiscussionButton fromMartin Hobert
2019-01-29Fix Bitbucket Server import not allowing personal projectsStan Hu
Bitbucket Server places personal projects in a namespace called `~username`. This change allows those projects and also strips them from the GitLab namespace. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/53419
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-20 06:03:59 +0300