Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-02-18 | Add latest changes from gitlab-org/gitlab@14-8-stable-eev14.8.0-rc42 | GitLab Bot | |
2022-01-20 | Add latest changes from gitlab-org/gitlab@14-7-stable-eev14.7.0-rc42 | GitLab Bot | |
2021-08-19 | Add latest changes from gitlab-org/gitlab@14-2-stable-eev14.2.0-rc42 | GitLab Bot | |
2021-06-30 | Add latest changes from gitlab-org/security/gitlab@14-0-stable-ee | GitLab Bot | |
2020-09-19 | Add latest changes from gitlab-org/gitlab@13-4-stable-ee | GitLab Bot | |
2020-08-20 | Add latest changes from gitlab-org/gitlab@13-3-stable-ee | GitLab Bot | |
2020-07-20 | Add latest changes from gitlab-org/gitlab@13-2-stable-ee | GitLab Bot | |
2020-03-23 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-11-08 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-08-02 | Add outbound requests setting for system hooks | George Koltsov | |
This MR adds new application setting to network section `allow_local_requests_from_system_hooks`. Prior to this change system hooks were allowed to do local network requests by default and we are adding an ability for admins to control it. | |||
2019-05-30 | Protect Gitlab::HTTP against DNS rebinding attack | Douwe Maan | |
Gitlab::HTTP now resolves the hostname only once, verifies the IP is not blocked, and then uses the same IP to perform the actual request, while passing the original hostname in the `Host` header and SSL SNI field. | |||
2018-10-19 | Catch `RedirectionTooDeep` Exception in webhooks | Heinrich Lee Yu | |
2018-04-02 | Raise more descriptive errors when URLs are blocked | Douwe Maan | |
2018-03-21 | Merge branch 'fj-15329-services-callbacks-ssrf' into 'security-10-6' | Douwe Maan | |
Server Side Request Forgery in Services and Web Hooks See merge request gitlab/gitlabhq!2337 |