Age | Commit message (Collapse) | Author |
|
[11.6] Security fix user email tag push leak
See merge request gitlab/gitlabhq!2808
(cherry picked from commit 7260e6e0c2ad3df7dea2c0bd5c0d91c4bc5b15ae)
589c57c7 Prefer build() rather than create()
63d13410 Fix private user email being visible in tag webhooks
|
|
[11.6] Fix error disclosure on Project Import
See merge request gitlab/gitlabhq!2733
(cherry picked from commit b4797537a586bce6a96580a0257f59f9c6a92c14)
f470ad2f Fix path disclosure on Project Import
|
|
[11.6] Fix Imported Project Retains Prior Visibility Setting
See merge request gitlab/gitlabhq!2853
(cherry picked from commit 348a5dbc905cac1d61158e9fb83b82185a27cb04)
aaca3d2b Fix tree restorer visibility level
1d942ad1 Update schema file
|
|
[11.6] GitLab vulnerable to IDN homograph attacks and RTLO attacks
See merge request gitlab/gitlabhq!2822
|
|
'security-11-6'
[11.6] Do not expose trigger token when user should not see it
See merge request gitlab/gitlabhq!2759
(cherry picked from commit 33fbd62b9b4a73679a9f3cd1d9020e5dc6e9072d)
64a328be Do not expose trigger token when user should not see it
|
|
[11.6] Fix DoS in reference extraction regexes
See merge request gitlab/gitlabhq!2778
(cherry picked from commit 06f1ea1f540b62aefbaa4f69901de2d29df11e7c)
e73f2f1d Fix slow project reference pattern regex
|
|
[11.6] Pipelines section is available to unauthorized users
See merge request gitlab/gitlabhq!2805
(cherry picked from commit 6f6e0e2ba7e8e2afe38e2d57883a8dfda0685d86)
e5c0b597 Backport security fix
181c74a1 Add CHANGELONG entry
|
|
'security-11-6'
[11.6] LFS object forgery in project import
See merge request gitlab/gitlabhq!2818
(cherry picked from commit 6402c62822692b924ee95234cbcc2578501236f9)
bb635c64 Added validations to prevent LFS object forgery
|
|
'security-11-6'
[11.6] Fix discussion replies permissions check
See merge request gitlab/gitlabhq!2825
(cherry picked from commit 367767766d9727101908a1f195120732d72201b1)
313a9f2e Prevent comments by email when issue is locked
|
|
[11.6] Security extract pages with rubyzip
See merge request gitlab/gitlabhq!2834
(cherry picked from commit a55b637dea3b526ad48bd9a27352c5d7ca2d54db)
57be1a57 Extract GitLab Pages using RubyZip
eeeafb9b Fix Gemfile.rails4.lock
|
|
Such as those with IDN homographs or embedded
right-to-left (RTLO) characters.
Autolinked hrefs should be escaped
|
|
Fix no avatar not showing in user selection box
Closes #56268
See merge request gitlab-org/gitlab-ce!24346
(cherry picked from commit 8285205815ccdb25238fcae1c1e91063a46f19b0)
2265ce34 Fix no avatar not showing in user selection box
|
|
'security-11-6'
[11.6] Validate bundle files before unpacking them
See merge request gitlab/gitlabhq!2774
(cherry picked from commit ad73bf817253ec4fc3fae8c7fb60898f11922218)
5f2fe991 Validate bundle files before unpacking them
|
|
Fixed content-disposition in blob and files API endpoint
Closes #55781
See merge request gitlab-org/gitlab-ce!24078
(cherry picked from commit ca14b70d5201852751d79d6a0827b81689fff5be)
2cd47bba Fixed api content-disposition in blob and files endpoint
|
|
'54953-fix-commit_email_hostname-accessor-in-fake_application_settings' into 'master'
Add FakeApplicationSettings#commit_email_hostname
Closes #54953
See merge request gitlab-org/gitlab-ce!23939
(cherry picked from commit 2a9ba34dde0058c94caa696b2be1e53687faf0d0)
ecb847fd Add FakeApplicationSettings#commit_email_hostname
|
|
Remove feature flag for suggest changes feature
See merge request gitlab-org/gitlab-ce!23892
(cherry picked from commit 58ee1746a867ea939dd64a993963f14fc34c338d)
ee425c9c Remove feature flag for suggest changes feature
|
|
|
|
[11.6] Secret CI variables can exposed by creating a tag with the same name as an existing protected branch
See merge request gitlab/gitlabhq!2684
|
|
[11.6] Guest users have access to all Job information via the API
See merge request gitlab/gitlabhq!2744
|
|
[11.6] Escape html entities when no label found
See merge request gitlab/gitlabhq!2747
|
|
[11.6] Ensure that build token is always running
See merge request gitlab/gitlabhq!2563
|
|
|
|
|
|
|
|
|
|
|
|
- Fix permissions after untar is done
- Refactor command line util
|
|
'55433-un-revert-https-gitlab-com-gitlab-org-gitlab-ce-commit-00acef434031b5dc0bf39576a9e83802c7806842-revert' into 'master'
Resolve "Un-revert https://gitlab.com/gitlab-org/gitlab-ce/commit/00acef434031b5dc0bf39576a9e83802c7806842 revert"
Closes #55433
See merge request gitlab-org/gitlab-ce!23861
(cherry picked from commit e8374cb6f493880042bf21d70c275bfdeed65fbe)
8ce86bf9 Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default""
|
|
Revert "Merge branch 'auto_devops_kubernetes_active' into 'master'"
See merge request gitlab-org/gitlab-ce!23826
(cherry picked from commit 73d4b1f625af4cb9e10c4e862ed63a54904f746f)
c75c38f8 Revert "Merge branch 'auto_devops_kubernetes_active' into 'master'"
|
|
Remove the project_cleanup feature flag
Closes #55230
See merge request gitlab-org/gitlab-ce!23814
(cherry picked from commit 0ab50681da1f0c8d1ee1569d61c2ac509a9e3581)
0b74b863 Fix repository cleanup with object storage on
e8a675d3 Remove the project_cleanup feature flag
|
|
Remove issue_suggestions feature flag
Closes #55166
See merge request gitlab-org/gitlab-ce!23723
(cherry picked from commit a0fd68288d3f8f57d1c65423f08fc6a99824de1d)
2bb468d6 Remove issue_suggestions feature flag
744f6ed1 Enable GraphQL API endpoint
2e8d0153 Pass on arguments passed to the FeatureConstrainer
|
|
1. We provide an updated interface to ensure that,
2. We authenticate build dependendencies by build that is being run,
|
|
Remove unnecessary includes of ShellAdapter
See merge request gitlab-org/gitlab-ce!23607
|
|
'54626-able-to-download-a-single-archive-file-with-api-by-ref-name' into 'master'
Add endpoint to download single artifact by ref
Closes #54626
See merge request gitlab-org/gitlab-ce!23538
|
|
Populate MR metrics with events table information (migration)
Closes #41587
See merge request gitlab-org/gitlab-ce!23564
|
|
Resolve "Extended user centric tooltips"
Closes #50157
See merge request gitlab-org/gitlab-ce!23231
|
|
[CE] Backport SAML unlink changes: UrlBlocker#ascii_only
See merge request gitlab-org/gitlab-ce!23627
|
|
'55054-correlation-ids-being-passed-through-grpc-metadata-are-incorrect' into 'master'
Fix for incorrect Correlation-ID key being passed through GRPC metadata
Closes #55054
See merge request gitlab-org/gitlab-ce!23666
|
|
20422-hide-ui-variables-by-default
|
|
Add CI/CD build encrypted tokens (after revert)
Closes #52342
See merge request gitlab-org/gitlab-ce!23649
|
|
Revert "Merge branch 'fix/gb/encrypt-ci-build-token' into 'master'"
See merge request gitlab-org/gitlab-ce!23644
|
|
Allow suggesting single line changes in diffs
See merge request gitlab-org/gitlab-ce!23147
|
|
Re-define default only except policy
Closes #55099
See merge request gitlab-org/gitlab-ce!23765
(cherry picked from commit 42f45ed2d93baa5b2b2f2c51f5bd8527acf1df95)
7381f6a8 Revert "Define the default value for only/except policies"
74443274 Re-define a way how we define default only/except policy
|
|
Fix MR pipelines run on only: regexp
Closes #55026
See merge request gitlab-org/gitlab-ce!23657
(cherry picked from commit 7e4fcfb04c70604a8d9c2fade167bb04fc8f1d28)
eb1956c5 Fix MR pipelines run on only: refex
|
|
It's possible that URI fails to parse a link, but browsers
still recognize given URL as a link, we should make sure
that 'rel' attribute is set also in this case.
|
|
Use new reports syntax for SAST in Auto DevOps
See merge request gitlab-org/gitlab-ce!23163
(cherry picked from commit 853ba4b68a78e8cf39ae987d5e24af88b3d8a454)
e6bce6a4 Use new reports syntax for SAST in Auto DevOps
35b0be8c Add changelog
2835ed9f Fix extension
|
|
[CE] Fix DiffCheck failing due to invalid string argument
See merge request gitlab-org/gitlab-ce!23741
|
|
Fix a frozen string error in lib/gitlab/utils.rb
Closes #55116
See merge request gitlab-org/gitlab-ce!23690
(cherry picked from commit e1064f16a8230396f16b175108ac54cdfefe212f)
f233c3bc Fix a frozen string error in lib/gitlab/utils.rb
|
|
Only allow strings in URL::Sanitizer.valid?
Closes #55079
See merge request gitlab-org/gitlab-ce!23675
(cherry picked from commit 5c5a5992c0602f14c7f4f43b5fc2756662fafb3c)
401be1d1 Only allow strings in URL::Sanitizer.valid?
|
|
* code-freeze-20181207: (85 commits)
Changed frontmatter filtering to support YAML, JSON, TOML, and arbitrary languages
Disable docs lint internal_links check
Documentation cleanup
Allow public forks to be deduplicated
Prettifies
[CE] - Add milestones autocomplete for epics
Fixes linting errors
Reorganize Jobs Variables feature spec
CE Port of "Web Terminal FE"
Extract context in JobsController spec
Add specs for TriggerVariableEntity
Extract context in JobsController spec
Allows user to override default issuer email for cert manager
Add specs for TriggerVariableEntity
Adds toggle behavior - Adds coverage for hide/reveal toggle button behavior
Backports changes made to One notification per code review
Further design iteration on project overview
Fix transaction pollution in Shard.by_name
Show primary button when all labels are prioritized
Consistent feature name in all docs
...
|