Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2019-01-24Merge branch 'security-fix-user-email-tag-push-leak-11-6' into 'security-11-6'Yorick Peterse
[11.6] Security fix user email tag push leak See merge request gitlab/gitlabhq!2808 (cherry picked from commit 7260e6e0c2ad3df7dea2c0bd5c0d91c4bc5b15ae) 589c57c7 Prefer build() rather than create() 63d13410 Fix private user email being visible in tag webhooks
2019-01-24Merge branch 'security-import-path-logging-11-6' into 'security-11-6'Yorick Peterse
[11.6] Fix error disclosure on Project Import See merge request gitlab/gitlabhq!2733 (cherry picked from commit b4797537a586bce6a96580a0257f59f9c6a92c14) f470ad2f Fix path disclosure on Project Import
2019-01-24Merge branch 'security-import-project-visibility-11-6' into 'security-11-6'Yorick Peterse
[11.6] Fix Imported Project Retains Prior Visibility Setting See merge request gitlab/gitlabhq!2853 (cherry picked from commit 348a5dbc905cac1d61158e9fb83b82185a27cb04) aaca3d2b Fix tree restorer visibility level 1d942ad1 Update schema file
2019-01-24Merge branch 'security-11-6-2769-idn-homograph-attack' into '11-6-stable'Yorick Peterse
[11.6] GitLab vulnerable to IDN homograph attacks and RTLO attacks See merge request gitlab/gitlabhq!2822
2019-01-24Merge branch 'security-pipeline-trigger-tokens-exposure-11-6' into ↵Yorick Peterse
'security-11-6' [11.6] Do not expose trigger token when user should not see it See merge request gitlab/gitlabhq!2759 (cherry picked from commit 33fbd62b9b4a73679a9f3cd1d9020e5dc6e9072d) 64a328be Do not expose trigger token when user should not see it
2019-01-24Merge branch 'security-fix-regex-dos-11-6' into 'security-11-6'Yorick Peterse
[11.6] Fix DoS in reference extraction regexes See merge request gitlab/gitlabhq!2778 (cherry picked from commit 06f1ea1f540b62aefbaa4f69901de2d29df11e7c) e73f2f1d Fix slow project reference pattern regex
2019-01-24Merge branch 'security-11-6-test-permissions' into 'security-11-6'Yorick Peterse
[11.6] Pipelines section is available to unauthorized users See merge request gitlab/gitlabhq!2805 (cherry picked from commit 6f6e0e2ba7e8e2afe38e2d57883a8dfda0685d86) e5c0b597 Backport security fix 181c74a1 Add CHANGELONG entry
2019-01-24Merge branch 'security-fix-lfs-import-project-ssrf-forgery-11-6' into ↵Yorick Peterse
'security-11-6' [11.6] LFS object forgery in project import See merge request gitlab/gitlabhq!2818 (cherry picked from commit 6402c62822692b924ee95234cbcc2578501236f9) bb635c64 Added validations to prevent LFS object forgery
2019-01-24Merge branch 'security-2779-fix-email-comment-permissions-check-11-6' into ↵Yorick Peterse
'security-11-6' [11.6] Fix discussion replies permissions check See merge request gitlab/gitlabhq!2825 (cherry picked from commit 367767766d9727101908a1f195120732d72201b1) 313a9f2e Prevent comments by email when issue is locked
2019-01-24Merge branch 'security-extract-pages-with-rubyzip-dev-11-6' into 'security-11-6'Yorick Peterse
[11.6] Security extract pages with rubyzip See merge request gitlab/gitlabhq!2834 (cherry picked from commit a55b637dea3b526ad48bd9a27352c5d7ca2d54db) 57be1a57 Extract GitLab Pages using RubyZip eeeafb9b Fix Gemfile.rails4.lock
2019-01-21Show tooltip for malicious looking linksBrett Walker
Such as those with IDN homographs or embedded right-to-left (RTLO) characters. Autolinked hrefs should be escaped
2019-01-16Merge branch 'sh-fix-gon-helper-avatar' into 'master'Rémy Coutable
Fix no avatar not showing in user selection box Closes #56268 See merge request gitlab-org/gitlab-ce!24346 (cherry picked from commit 8285205815ccdb25238fcae1c1e91063a46f19b0) 2265ce34 Fix no avatar not showing in user selection box
2019-01-15Merge branch 'security-2770-verify-bundle-import-files-11-6' into ↵Yorick Peterse
'security-11-6' [11.6] Validate bundle files before unpacking them See merge request gitlab/gitlabhq!2774 (cherry picked from commit ad73bf817253ec4fc3fae8c7fb60898f11922218) 5f2fe991 Validate bundle files before unpacking them
2019-01-02Merge branch 'fj-55781-fix-api-blob-content-disposition' into 'master'Sean McGivern
Fixed content-disposition in blob and files API endpoint Closes #55781 See merge request gitlab-org/gitlab-ce!24078 (cherry picked from commit ca14b70d5201852751d79d6a0827b81689fff5be) 2cd47bba Fixed api content-disposition in blob and files endpoint
2019-01-02Merge branch ↵Stan Hu
'54953-fix-commit_email_hostname-accessor-in-fake_application_settings' into 'master' Add FakeApplicationSettings#commit_email_hostname Closes #54953 See merge request gitlab-org/gitlab-ce!23939 (cherry picked from commit 2a9ba34dde0058c94caa696b2be1e53687faf0d0) ecb847fd Add FakeApplicationSettings#commit_email_hostname
2019-01-02Merge branch 'osw-revert-suggestions-ff' into 'master'Douwe Maan
Remove feature flag for suggest changes feature See merge request gitlab-org/gitlab-ce!23892 (cherry picked from commit 58ee1746a867ea939dd64a993963f14fc34c338d) ee425c9c Remove feature flag for suggest changes feature
2018-12-27Merge branch 'security-11-6' of dev.gitlab.org:gitlab/gitlabhq into 11-6-stableJohn Jarvis
2018-12-27Merge branch 'security-11-6-secret-ci-variables-exposed' into 'security-11-6'John Jarvis
[11.6] Secret CI variables can exposed by creating a tag with the same name as an existing protected branch See merge request gitlab/gitlabhq!2684
2018-12-27Merge branch 'security-11-6-guests-jobs-api' into 'security-11-6'John Jarvis
[11.6] Guest users have access to all Job information via the API See merge request gitlab/gitlabhq!2744
2018-12-27Merge branch 'security-label-xss-11-6' into 'security-11-6'John Jarvis
[11.6] Escape html entities when no label found See merge request gitlab/gitlabhq!2747
2018-12-27Merge branch 'ensure-that-build-token-is-always-running' into 'security-11-6'John Jarvis
[11.6] Ensure that build token is always running See merge request gitlab/gitlabhq!2563
2018-12-22Escape html entities when no label foundJarka Košanová
2018-12-22Move pipeline auth above pipeline assignmentMatija Čupić
2018-12-22Authorize read_pipeline before read_buildMatija Čupić
2018-12-22Authorize read_build when listing pipeline jobsMatija Čupić
2018-12-22Authorize read_build action when listing jobsMatija Čupić
2018-12-19Fix persistent symlink in project importJames Lopez
- Fix permissions after untar is done - Refactor command line util
2018-12-18Merge branch ↵Yorick Peterse
'55433-un-revert-https-gitlab-com-gitlab-org-gitlab-ce-commit-00acef434031b5dc0bf39576a9e83802c7806842-revert' into 'master' Resolve "Un-revert https://gitlab.com/gitlab-org/gitlab-ce/commit/00acef434031b5dc0bf39576a9e83802c7806842 revert" Closes #55433 See merge request gitlab-org/gitlab-ce!23861 (cherry picked from commit e8374cb6f493880042bf21d70c275bfdeed65fbe) 8ce86bf9 Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default""
2018-12-18Merge branch 'revert-1cccfca1' into 'master'Grzegorz Bizon
Revert "Merge branch 'auto_devops_kubernetes_active' into 'master'" See merge request gitlab-org/gitlab-ce!23826 (cherry picked from commit 73d4b1f625af4cb9e10c4e862ed63a54904f746f) c75c38f8 Revert "Merge branch 'auto_devops_kubernetes_active' into 'master'"
2018-12-18Merge branch '55230-remove-project-cleanup-feature-flag' into 'master'Douwe Maan
Remove the project_cleanup feature flag Closes #55230 See merge request gitlab-org/gitlab-ce!23814 (cherry picked from commit 0ab50681da1f0c8d1ee1569d61c2ac509a9e3581) 0b74b863 Fix repository cleanup with object storage on e8a675d3 Remove the project_cleanup feature flag
2018-12-18Merge branch 'remove-issue-suggestions-flag' into 'master'Douwe Maan
Remove issue_suggestions feature flag Closes #55166 See merge request gitlab-org/gitlab-ce!23723 (cherry picked from commit a0fd68288d3f8f57d1c65423f08fc6a99824de1d) 2bb468d6 Remove issue_suggestions feature flag 744f6ed1 Enable GraphQL API endpoint 2e8d0153 Pass on arguments passed to the FeatureConstrainer
2018-12-18Ensure that build token is only used when runningKamil Trzciński
1. We provide an updated interface to ensure that, 2. We authenticate build dependendencies by build that is being run,
2018-12-17Merge branch 'sh-remove-gitlab-shell-include' into 'master'Rémy Coutable
Remove unnecessary includes of ShellAdapter See merge request gitlab-org/gitlab-ce!23607
2018-12-17Merge branch ↵Grzegorz Bizon
'54626-able-to-download-a-single-archive-file-with-api-by-ref-name' into 'master' Add endpoint to download single artifact by ref Closes #54626 See merge request gitlab-org/gitlab-ce!23538
2018-12-17Merge branch 'osw-update-mr-metrics-with-events-data' into 'master'Douwe Maan
Populate MR metrics with events table information (migration) Closes #41587 See merge request gitlab-org/gitlab-ce!23564
2018-12-17Merge branch '50157-extended-user-centric-tooltips' into 'master'Clement Ho
Resolve "Extended user centric tooltips" Closes #50157 See merge request gitlab-org/gitlab-ce!23231
2018-12-17Merge branch 'ce-jej/group-saml-sso-button-link-description' into 'master'Clement Ho
[CE] Backport SAML unlink changes: UrlBlocker#ascii_only See merge request gitlab-org/gitlab-ce!23627
2018-12-17Merge branch ↵Stan Hu
'55054-correlation-ids-being-passed-through-grpc-metadata-are-incorrect' into 'master' Fix for incorrect Correlation-ID key being passed through GRPC metadata Closes #55054 See merge request gitlab-org/gitlab-ce!23666
2018-12-17Merge remote-tracking branch 'origin/master' into ↵jhampton
20422-hide-ui-variables-by-default
2018-12-17Merge branch 'fix/gb/encrypt-ci-build-token' into 'master'Kamil Trzciński
Add CI/CD build encrypted tokens (after revert) Closes #52342 See merge request gitlab-org/gitlab-ce!23649
2018-12-17Merge branch 'rs-revert-1e8f1de034aa9b6a60b640b2b091f60c4d3ba365' into 'master'Robert Speicher
Revert "Merge branch 'fix/gb/encrypt-ci-build-token' into 'master'" See merge request gitlab-org/gitlab-ce!23644
2018-12-14Merge branch 'osw-suggest-diff-line-change' into 'master'Phil Hughes
Allow suggesting single line changes in diffs See merge request gitlab-org/gitlab-ce!23147
2018-12-14Merge branch 're-define-default-only-except-policy' into 'master'Grzegorz Bizon
Re-define default only except policy Closes #55099 See merge request gitlab-org/gitlab-ce!23765 (cherry picked from commit 42f45ed2d93baa5b2b2f2c51f5bd8527acf1df95) 7381f6a8 Revert "Define the default value for only/except policies" 74443274 Re-define a way how we define default only/except policy
2018-12-14Merge branch 'fix-mr-pipelines-run-on-regex' into 'master'Grzegorz Bizon
Fix MR pipelines run on only: regexp Closes #55026 See merge request gitlab-org/gitlab-ce!23657 (cherry picked from commit 7e4fcfb04c70604a8d9c2fade167bb04fc8f1d28) eb1956c5 Fix MR pipelines run on only: refex
2018-12-13Set URL rel attribute for broken URLsJan Provaznik
It's possible that URI fails to parse a link, but browsers still recognize given URL as a link, we should make sure that 'rel' attribute is set also in this case.
2018-12-12Merge branch 'auto-devops-use-new-reports-syntax-for-sast' into 'master'Kamil Trzciński
Use new reports syntax for SAST in Auto DevOps See merge request gitlab-org/gitlab-ce!23163 (cherry picked from commit 853ba4b68a78e8cf39ae987d5e24af88b3d8a454) e6bce6a4 Use new reports syntax for SAST in Auto DevOps 35b0be8c Add changelog 2835ed9f Fix extension
2018-12-12Merge branch 'sh-fix-diff-check-issue-55137-ce' into 'master'Stan Hu
[CE] Fix DiffCheck failing due to invalid string argument See merge request gitlab-org/gitlab-ce!23741
2018-12-11Merge branch '55116-runtimeerror-can-t-modify-frozen-string' into 'master'Douwe Maan
Fix a frozen string error in lib/gitlab/utils.rb Closes #55116 See merge request gitlab-org/gitlab-ce!23690 (cherry picked from commit e1064f16a8230396f16b175108ac54cdfefe212f) f233c3bc Fix a frozen string error in lib/gitlab/utils.rb
2018-12-11Merge branch 'sh-ignore-arrays-url-sanitizer' into 'master'Rémy Coutable
Only allow strings in URL::Sanitizer.valid? Closes #55079 See merge request gitlab-org/gitlab-ce!23675 (cherry picked from commit 5c5a5992c0602f14c7f4f43b5fc2756662fafb3c) 401be1d1 Only allow strings in URL::Sanitizer.valid?
2018-12-10Merge branch 'code-freeze-20181207' into 11-6-stable-prepare-rc5Alex Hanselka
* code-freeze-20181207: (85 commits) Changed frontmatter filtering to support YAML, JSON, TOML, and arbitrary languages Disable docs lint internal_links check Documentation cleanup Allow public forks to be deduplicated Prettifies [CE] - Add milestones autocomplete for epics Fixes linting errors Reorganize Jobs Variables feature spec CE Port of "Web Terminal FE" Extract context in JobsController spec Add specs for TriggerVariableEntity Extract context in JobsController spec Allows user to override default issuer email for cert manager Add specs for TriggerVariableEntity Adds toggle behavior - Adds coverage for hide/reveal toggle button behavior Backports changes made to One notification per code review Further design iteration on project overview Fix transaction pollution in Shard.by_name Show primary button when all labels are prioritized Consistent feature name in all docs ...
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-09 12:03:51 +0300