Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-04-28 | Add latest changes from gitlab-org/security/gitlab@12-9-stable-ee | GitLab Bot | |
2020-04-13 | Add latest changes from gitlab-org/security/gitlab@12-9-stable-ee | GitLab Bot | |
2020-03-31 | Add latest changes from gitlab-org/gitlab@12-9-stable-ee | GitLab Bot | |
2020-03-26 | Add latest changes from gitlab-org/security/gitlab@12-9-stable-ee | GitLab Bot | |
2020-03-25 | Add latest changes from gitlab-org/security/gitlab@12-9-stable-ee | GitLab Bot | |
2020-03-24 | Add latest changes from gitlab-org/security/gitlab@12-9-stable-ee | GitLab Bot | |
2020-03-24 | Add latest changes from gitlab-org/security/gitlab@12-9-stable-ee | GitLab Bot | |
2020-03-19 | Add latest changes from gitlab-org/gitlab@12-9-stable-ee | GitLab Bot | |
2020-03-16 | Add latest changes from gitlab-org/gitlab@12-8-stable-ee | GitLab Bot | |
2020-03-05 | Add latest changes from gitlab-org/gitlab@12-8-stable-ee | GitLab Bot | |
2020-02-28 | Add latest changes from gitlab-org/security/gitlab@12-8-stable-ee | GitLab Bot | |
2020-02-28 | Add latest changes from gitlab-org/security/gitlab@12-8-stable-ee | GitLab Bot | |
2020-02-24 | Add latest changes from gitlab-org/gitlab@12-8-stable-ee | GitLab Bot | |
2020-02-20 | Add latest changes from gitlab-org/gitlab@12-8-stable-ee | GitLab Bot | |
2020-02-13 | Add latest changes from gitlab-org/security/gitlab@12-7-stable-ee | GitLab Bot | |
2020-02-01 | Add latest changes from gitlab-org/gitlab@12-7-stable-ee | GitLab Bot | |
2020-01-28 | Add latest changes from gitlab-org/security/gitlab@12-7-stable-ee | GitLab Bot | |
2020-01-28 | Add latest changes from gitlab-org/security/gitlab@12-7-stable-ee | GitLab Bot | |
2020-01-28 | Add latest changes from gitlab-org/security/gitlab@12-7-stable-ee | GitLab Bot | |
2020-01-28 | Add latest changes from gitlab-org/security/gitlab@12-7-stable-ee | GitLab Bot | |
2020-01-24 | Add latest changes from gitlab-org/gitlab@12-7-stable-ee | GitLab Bot | |
2020-01-21 | Add latest changes from gitlab-org/gitlab@12-7-stable-ee | GitLab Bot | |
2020-01-10 | Add latest changes from gitlab-org/security/gitlab@12-6-stable-ee | GitLab Bot | |
2020-01-09 | Add latest changes from gitlab-org/gitlab@12-6-stable-ee | GitLab Bot | |
2020-01-04 | Add latest changes from gitlab-org/gitlab@12-6-stable-ee | GitLab Bot | |
2019-12-31 | Add latest changes from gitlab-org/security/gitlab@12-6-stable-ee | GitLab Bot | |
2019-12-27 | Add latest changes from gitlab-org/gitlab@12-6-stable-ee | GitLab Bot | |
2019-12-20 | Add latest changes from gitlab-org/gitlab@12-6-stable-ee | GitLab Bot | |
2019-12-03 | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | |
2019-11-26 | Merge branch 'security-dos-issue-and-commit-comments-12-5' into '12-5-stable' | GitLab Release Tools Bot | |
Fix invalid byte sequence See merge request gitlab/gitlabhq!3547 | |||
2019-11-26 | Merge branch 'security-ag-cycle-analytics-guest-permissions-12-5' into ↵ | GitLab Release Tools Bot | |
'12-5-stable' Prevent guests from seeing commits for cycle analytics See merge request gitlab/gitlabhq!3534 | |||
2019-11-26 | Merge branch 'security-dns-rebind-ssrf-in-slack-notifications-12-5-ce' into ↵ | GitLab Release Tools Bot | |
'12-5-stable' Use Gitlab::HTTP for all chat notifications See merge request gitlab/gitlabhq!3544 | |||
2019-11-26 | Merge branch 'security-fix-xss-in-label-namespace-12-5' into '12-5-stable' | GitLab Release Tools Bot | |
Escape namespace in label references See merge request gitlab/gitlabhq!3550 | |||
2019-11-26 | Merge branch 'security-28802-respect-fork-parent-visibility-12-5' into ↵ | GitLab Release Tools Bot | |
'12-5-stable' Check permissions before showing a forked project's source See merge request gitlab/gitlabhq!3555 | |||
2019-11-26 | Ensure attributes that end in `_ids` are cleaned | DJ Mountney | |
This prevents an issue where you can steal other projects objects by asking for ids that don't belong to you in import. | |||
2019-11-25 | Check permissions before showing a forked project's source | Nick Thomas | |
2019-11-25 | Escape namespace in label references | Heinrich Lee Yu | |
When referencing cross-namespace labels, we append the namespace name to the rendered label. This MR escapes the name to prevent XSS attacks. | |||
2019-11-22 | Fix invalid byte sequence | Patrick Derichs | |
2019-11-21 | Use Gitlab::HTTP for all chat notifications | Hordur Freyr Yngvason | |
2019-11-20 | Prevent guests from seeing commits for cycle analytics | Aakriti Gupta | |
- if the user has access level lower than REPORTER, don't include commit count in summary | |||
2019-11-20 | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | |
2019-11-04 | Add latest changes from gitlab-org/gitlab@12-4-stable-ee | GitLab Bot | |
2019-10-24 | Merge branch 'security-wiki-rdoc-content-12-4-ce' into '12-4-stable' | GitLab Release Tools Bot | |
Pass all wiki markup formats through our Banzai pipeline filters See merge request gitlab/gitlabhq!3485 | |||
2019-10-24 | Merge branch ↵ | GitLab Release Tools Bot | |
'security-2914-labels-visible-despite-no-access-to-issues-repositories-12-4' into '12-4-stable' Labels visible despite no access to issues & repositories See merge request gitlab/gitlabhq!3489 | |||
2019-10-23 | Allow tests to ignore recursion | charlieablett | |
2019-10-23 | Check for recursion and fail if too recursive | charlieablett | |
- List all overly-recursive fields - Reduce recursion threshold to 2 - Add test for not-recursive-enough query - Use reusable methods in tests - Add changelog - Set changeable acceptable recursion level - Add error check test helpers | |||
2019-10-23 | Pass all wiki markup formats through pipelines | Luke Duncalfe | |
Previously, when the wiki page format was anything other than `markdown` or `asciidoc` the formatted content would be returned though a Gitaly call. Gitaly in turn would delegate formatting to the gitlab-gollum-lib gem, which in turn would delegate that to various gems (like RDoc for `rdoc`) and then apply some very liberal sanitization. It was too liberal! This change brings our wiki content formatting in line with how we format other markdown at GitLab, so we have a SSOT for sanitization. https://gitlab.com/gitlab-org/gitlab/issues/30540 | |||
2019-10-22 | Fix labels finder to filter issuables | Eugenia Grieff | |
Use project scopes to filter project labels that are visible for user | |||
2019-10-22 | Add latest changes from gitlab-org/gitlab@12-4-stable-ee | GitLab Bot | |
2019-09-26 | Merge branch 'security-sarcila-verify-saml-request-origin-12-3' into ↵ | GitLab Release Tools Bot | |
'12-3-stable' Check that SAML identity linking validates the origin of the request See merge request gitlab/gitlabhq!3396 |