| Age | Commit message (Collapse) | Author |
|---|
|
Fix import handling errors in Bitbucket Server importer
See merge request gitlab-org/gitlab-ce!24499
(cherry picked from commit de3af288ce4e478acf8ad7a89690e7215a2bf6a0)
100b050b Fix import handling errors in Bitbucket Server importer
|
|
'security-11-7'
[11.7] Markdown of release notes leaks confidential issue titles and MR titles to any users
See merge request gitlab/gitlabhq!2871
(cherry picked from commit f7d842f0521f6d209e1b390c9fb733c8bfe7918f)
f2e331c1 Fix Markdown of release notes
|
|
pages:deploy step was failing with the following error:
```
unitialized constant SafeZip::Extract::Zip
```
Since license_finder already pulls in rubyzip, we can make it
a required gem. We also use the scope operator to make the reference to
Zip::File explicit.
|
|
[11.7] Security fix user email tag push leak
See merge request gitlab/gitlabhq!2809
(cherry picked from commit f59786036d65a881370073d55f8ab531405d3093)
cbfa6282 Prefer build() rather than create()
d34ea609 Fix private user email being visible in tag webhooks
|
|
[11.7] Fix error disclosure on Project Import
See merge request gitlab/gitlabhq!2763
(cherry picked from commit 290faddb699a81b4d6fea415d712081a021f050b)
c76d91ea Fix path disclosure on Project Import
|
|
[11.7] Fix Imported Project Retains Prior Visibility Setting
See merge request gitlab/gitlabhq!2854
(cherry picked from commit b1463fb9d098d8064111a0dc896d52f9217c217b)
4ff58136 Fix tree restorer visibility level
|
|
[11.7] GitLab vulnerable to IDN homograph attacks and RTLO attacks
See merge request gitlab/gitlabhq!2821
|
|
'security-11-7'
[11.7] Do not expose trigger token when user should not see it
See merge request gitlab/gitlabhq!2855
(cherry picked from commit 17ce10bc58a06e202d2194dc64ec132a1f6305bc)
74b4bb38 Do not expose trigger token when user should not see it
|
|
[11.7] Fix DoS in reference extraction regexes
See merge request gitlab/gitlabhq!2777
(cherry picked from commit f6d9535085c5d155545865e3443dd96b5d6ecc5a)
cfa6bf24 Fix slow project reference pattern regex
|
|
[11.7] Pipelines section is available to unauthorized users
See merge request gitlab/gitlabhq!2804
(cherry picked from commit 2bf899ed3a5306bb934507dc0584fd3d26f490bc)
627c00da Backport security fix
4c369519 Add CHANGELOG entry
|
|
'security-11-7'
[11.7] LFS object forgery in project import
See merge request gitlab/gitlabhq!2817
(cherry picked from commit d618b5b493d9c8d5e50a4e98f0f3f9bd590db9dc)
5aeac80a Added validations to prevent LFS object forgery
|
|
'security-11-7'
[11.7] Fix discussion replies permissions check
See merge request gitlab/gitlabhq!2824
(cherry picked from commit 9b4e7708495abe1fc3d8dc7f8ab41cc86206fff4)
d845ca7d Prevent comments by email when issue is locked
|
|
[11.7] Security extract pages with rubyzip
See merge request gitlab/gitlabhq!2833
(cherry picked from commit 043aa20e5c2e6bd51fea2184ed91d3aea950dc1a)
1aaec24c Extract GitLab Pages using RubyZip
|
|
Such as those with IDN homographs or embedded
right-to-left (RTLO) characters.
Autolinked hrefs should be escaped
|
|
|
|
Pick "Sentry MVC" in 11.7
See merge request gitlab-org/gitlab-ce!24342
|
|
|
|
'security-11-7'
[11.7] Validate bundle files before unpacking them
See merge request gitlab/gitlabhq!2773
(cherry picked from commit 3f631ca5d24533e2d90617e1fa0a510268c35b1c)
74f447d1 Validate bundle files before unpacking them
|
|
Fix no avatar not showing in user selection box
Closes #56268
See merge request gitlab-org/gitlab-ce!24346
(cherry picked from commit 8285205815ccdb25238fcae1c1e91063a46f19b0)
2265ce34 Fix no avatar not showing in user selection box
|
|
Remove `releases_page` feature flag
Closes #56072
See merge request gitlab-org/gitlab-ce!24215
(cherry picked from commit b682a6f8981d303e7ee7ecc4273768ee6ed66864)
9b823af4 Remove releases_page feature flag
|
|
Service for calling Sentry issues api
See merge request gitlab-org/gitlab-ce!24126
|
|
Revert "Merge branch '3062-improve-project-cache' into 'master'"
Closes #56103
See merge request gitlab-org/gitlab-ce!24244
(cherry picked from commit a0aca3ac3a4ef56429104c27cd03ce00dcaeafce)
e884795e Revert "Merge branch '3062-improve-project-cache' into 'master'"
|
|
Import issues from CSV
Closes #49231
See merge request gitlab-org/gitlab-ce!23532
|
|
|
|
Fix Bitbucket Server import only including first 25 pull requests
Closes #55914
See merge request gitlab-org/gitlab-ce!24178
|
|
Allow to include another project files
Closes #53903
See merge request gitlab-org/gitlab-ce!24101
|
|
This adds `project:, file:, ref:` specification support.
|
|
The change to paginate repos in
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22825 caused the
paginator to stop after 25 pull requests because the limit was set to 25
if none was defined. To fix this, we should only stop if the limit has
actually been set and use the limit parameter to determine the maximum
number of items to process per page.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/55914
|
|
Add tests for the API and add a couple of tests
Add
revert
revert
|
|
Authorize against release not project
|
|
Load whole file in memory to simplify code
|
|
Also changes old calls to the service
|
|
Use BuildMetadata to store build configuration in JSONB form
See merge request gitlab-org/gitlab-ce!21499
|
|
Fix multipart attachments not uploading
Closes gitlab-ee#9035
See merge request gitlab-org/gitlab-ce!24170
|
|
Add API Support for Kubernetes integration
Closes #40473
See merge request gitlab-org/gitlab-ce!23922
|
|
Mixing and matching the use of Rack::Request and ActionDispatch::Request
in Rails 5 is bad, particularly if you have middleware that
manipulates or accesses environment variables.
`Gitlab::Middleware::Multipart` attempts to rewrite request parameters
to the proper values (e.g. replacing `data_file` with
`UploadedFile`). It does this by calling `Rack::Request#update_params`,
which essentially updates `env['rack.request.form_hash']`.
By changing to `ActionDispatch::Request`, the Go middleware was causing
the request parameters to be stored inside
`env['action_dispatch.request.request_parameters']`. Later calls to
`Rack::Request#update_params` would not have any effect because it would
attempt to update `env['rack.request.form_has']` instead of
`env['action_dispatch.request.request_parameters']`. As a result, the
controller still saw the old parameters.
Since the Go middleware appears to be using `ActionDispatch::Request`
for authorization methods, we can switch the multipart middleware to
use it too.
Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/9035
|
|
'4553-geo-hashed-storage-migration-failure-does-not-log-to-sentry-or-geo-log-well-ee' into 'master'
Backport of https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/8926
See merge request gitlab-org/gitlab-ce!24129
|
|
Adds the following initial CRUD endpoints for Clusters API:
- GET list of clusters
- GET specific cluster
- POST add existing cluster (mimic of "Add cluster")
- PUT update cluser
- DELETE destroy cluster
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/40473
|
|
Backport of https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/8926
|
|
Don't ignore conflicts in db/schema.rb
See merge request gitlab-org/gitlab-ce!24152
|
|
Expose `CI_API_V4_URL` CI/CD variable
Closes #54621
See merge request gitlab-org/gitlab-ce!23936
|
|
Include templates
Closes #53445
See merge request gitlab-org/gitlab-ce!23495
|
|
These are data columns that store runtime configuration
of build needed to execute it on runner and within pipeline.
The definition of this data is that once used, and when no longer
needed (due to retry capability) they can be freely removed.
They use `jsonb` on PostgreSQL, and `text` on MySQL (due to lacking
support for json datatype on old enough version).
|
|
It's not entirely clear to me why we were ignoring db/schema.rb in the
first place, but this should not be done now that we merge CE into EE
automatically. Doing so can lead to changes being thrown away in the
event of a conflict, which can then lead to EE pipelines failing.
|
|
Don't ingore the `gitlab.pot` in ee_compat_check
See merge request gitlab-org/gitlab-ce!24151
|
|
|
|
If there are new strings in CE, they need to be added to EE
manually. As the `locale/gitlab.pot` file can't be merged
automatically during the upstream merge.
|
|
This rewrites a syntax to allow include of templates.
This also normalises the syntax used by include: feature
|
|
Fix coding style
Improve coding style
Decouple UPDATE and DELETE operations of asset links
Rename links_attributes to assets:links
Rename exposed param and updated spec
|
|
- Add Releases::Links model
- Expose it in release API
- Add integration tests
|
