Age | Commit message (Collapse) | Author |
|
[10.1] Prevent login with disabled OAuth providers
See merge request gitlab/gitlabhq!2249
(cherry picked from commit e4951cc45f29a9ec1e07408102ab339444ff43e8)
71d8d00c Prevents login with disabled OAuth providers
|
|
Port of [10.2] Sanitizes IPython notebook output
See merge request gitlab/gitlabhq!2284
(cherry picked from commit 72ce40bdebe73a06dc282d42f2c8a729730c9cee)
989d1187 Port of [10.2] Sanitizes IPython notebook output
|
|
'41293-fix-command-injection-vulnerability-on-system_hook_push-queue-through-web-hook-10-1' into 'security-10-1'
[10.1] Don't allow line breaks on HTTP headers
See merge request gitlab/gitlabhq!2286
(cherry picked from commit 271ef222fa964481379a14a9c07805621a7d52a6)
a30812d3 Don't allow line breaks on HTTP headers
|
|
[10.1] Fix RCE via project import mechanism
See merge request gitlab/gitlabhq!2292
(cherry picked from commit 9a399c554268f3ac9e9cd2340600c2df2f5dfa47)
fdbd8d03 Fix RCE via project import mechanism
|
|
'security-10-1'
[10.1] Migrate `can_push` column from `keys` to `deploy_keys_project`
See merge request gitlab/gitlabhq!2274
(cherry picked from commit b8ed2ac5bf4a75d0787315e741d4c9aacd36e07e)
5f214517 Backport to 10.1
|
|
[10.1] backport - check project access on MR create
See merge request gitlab/gitlabhq!2280
(cherry picked from commit 6ca3de3c1e97590f62677227c7eef2f000db766c)
285551b9 check project access on MR create
|
|
[10.1] Fix path traversal in gitlab-ci.yml cache:key
See merge request gitlab/gitlabhq!2272
(cherry picked from commit 991ae1d593e78e7c2484d5fe5b12dfce44a94bc8)
754c83ea Fix path traversal in gitlab-ci.yml cache:key
|
|
Validate project path in Gitlab import - 10.1 port
See merge request gitlab/gitlabhq!2266
(cherry picked from commit 14e7f46a07a45bf851178ae6c90c519460bf9736)
13ad8b50 Validate project path in Gitlab import
|
|
Remove order param from the MilestoneFinder - 10.1 port
See merge request gitlab/gitlabhq!2265
(cherry picked from commit 5f0bb7928b40029a2ced18063c36697e3f8e80c2)
85c6530e Remove order param from the MilestoneFinder
|
|
[10.1] Fix XSS in issue label dropdown
See merge request gitlab/gitlabhq!2252
(cherry picked from commit 447270c2603dc4962d6aed87baeaeb56c59788ba)
71c6cded Fix XSS in issue label dropdown
0cc81a51 Move xss_label to smaller test scope
|
|
[10.1] Fix XSS vulnerability in Pipeline job trace - back port 10.1
See merge request gitlab/gitlabhq!2261
(cherry picked from commit ddb49b9053a31db0dfb93e02be1975549f991695)
dc3d4676 Fix XSS vulnerability in Pipeline job trace
|
|
'security-10-1-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-1'
Filter out sensitive fields from the project services API
See merge request gitlab/gitlabhq!2283
(cherry picked from commit cde3ae62e8f602b8db4fbdd382fba1a90780be7f)
c958086d Filter out sensitive fields from the project services API
|
|
Don't try to create fork network memberships for forks of forks
Closes #40072
See merge request gitlab-org/gitlab-ce!15366
|
|
Prevent position update for image diff notes
Closes #40058
See merge request gitlab-org/gitlab-ce!15357
|
|
Formats bytes to human readable number in registry table
See merge request gitlab-org/gitlab-ce!15359
|
|
Prevent fast forward merge when rebase is required
Closes #39773
See merge request gitlab-org/gitlab-ce!15296
|
|
into 'master'
Make sure group and project creation is blocked for new users that are external by default
Closes #39664
See merge request gitlab-org/gitlab-ce!15212
|
|
Fix arguments error on Import/Export fetch_ref method
Closes #39541
See merge request gitlab-org/gitlab-ce!15241
|
|
10-1-stable-patch-2
* 10-1-jivl-fix-cancel-button-file-upload-new-issue:
Merge branch 'jivl-fix-cancel-button-file-upload-new-issue' into 'master'
|
|
* 10-1-stable:
Update VERSION to 10.1.2
Update CHANGELOG.md for 10.1.2
Merge branch 'fix-mysql-grant-check' into 'master'
Merge branch '36099-api-responses-missing-x-content-type-options-header' into '10-1-stable'
Merge branch 'ssrf-protections-round-2' into 'security-10-1'
|
|
Fix TRIGGER checks for MySQL
Closes #38372
See merge request gitlab-org/gitlab-ce!15226
(cherry picked from commit d45fef88f7f0aa249893f9f151185eac5b9bb870)
|
|
into '10-1-stable'
Include X-Content-Type-Options (XCTO) header into API responses
See merge request gitlab/gitlabhq!2211
(cherry picked from commit 6c818e77f2abeef2dd7b17a269611b018701fa79)
e087e075 Include X-Content-Type-Options (XCTO) header into API responses
|
|
Replace SSRF resolver with Addrinfo.getaddrinfo to include alternative localhost versions
See merge request gitlab/gitlabhq!2219
(cherry picked from commit 4a1e73783d5480aa514db7b53e10c075f95580b5)
1bffa0c3 Replace SSRF resolver with Addrinfo.getaddrinfo to include alternative localhost versions
|
|
Remove Filesystem check metrics that use too much CPU to handle requests
See merge request gitlab-org/gitlab-ce!15158
|
|
This fixes some bugs related to forked projects of which the source was deleted.
Closes #39667
See merge request gitlab-org/gitlab-ce!15150
|
|
Render 404 when polling commit notes without having permissions
Closes #39176
See merge request gitlab-org/gitlab-ce!15140
|
|
Avoid regenerating the ref path for the environment
Closes #39752
See merge request gitlab-org/gitlab-ce!15167
|
|
Fix diff parser so it tolerates to diff special markers in the content
Closes #34431
See merge request gitlab-org/gitlab-ce!14848
|
|
Fix the incorrect value being used to set GL_USERNAME on hooks
See merge request gitlab-org/gitlab-ce!15038
|
|
Fix cancel button not working when uploading a file on the new issue page
Closes #39512
See merge request gitlab-org/gitlab-ce!15137
|
|
Normalize LDAP DN when looking up identity
Closes #39559
See merge request gitlab-org/gitlab-ce!15103
|
|
Fix missing issue assignees
Closes #39170
See merge request gitlab-org/gitlab-ce!15109
|
|
Fix widget of locked merge requests not being presented
See merge request gitlab-org/gitlab-ce!15069
|
|
Circuitbreaker backoff and retries
Closes #37383 and #38231
See merge request gitlab-org/gitlab-ce!14933
|
|
Make the circuitbreaker configurable at runtime
See merge request gitlab-org/gitlab-ce!14842
|
|
Use the correct project visibility in system hooks
Closes #39496
See merge request gitlab-org/gitlab-ce!15065
|
|
Avoid using `Redis#keys`
See merge request gitlab-org/gitlab-ce!14889
|
|
grab the correct username when confirming secondary email
Closes #39366
See merge request gitlab-org/gitlab-ce!15010
|
|
Change default disabled merge request widget message to be more general
Closes #39188
See merge request gitlab-org/gitlab-ce!14960
(cherry picked from commit e9d352612371424592376b81d0a6c5ca234b9fb5)
b7835587 Change default disabled merge request widget message to "Merge is not allowed yet"
|
|
Sanitize k8s default_namespace
Closes #38692
See merge request gitlab-org/gitlab-ce!15053
(cherry picked from commit 172ebcb8bb9c0b4d3c565560880fc604cae02b5e)
a1b3cd40 namespace should be lowercased in kubernetes. This is also true for the scenario…
6798bab1 Remove duped tests
3aafcc16 Add KubernetesService#default_namespace tests
|
|
Add path attribute to WikiFile class
Closes #39420
See merge request gitlab-org/gitlab-ce!15019
(cherry picked from commit 98c57e9a9f73409a912189064a7adf0431768b3a)
76becfb5 Add path attribute to WikiFile class
|
|
Revert "Merge branch '36670-remove-edit-form' into 'master'"
Closes #39441
See merge request gitlab-org/gitlab-ce!15049
(cherry picked from commit fa3b4736604c8785ee5dba595f1f003751e15c59)
17b43670 Revert "Merge branch '36670-remove-edit-form' into 'master'"
|
|
Fix the writing of invalid environment refs
Closes #39182
See merge request gitlab-org/gitlab-ce!14993
(cherry picked from commit 3dcdd4a1e8533cac55805d2242446cb2e12b21e9)
3bff85a4 Fix the writing of invalid environment refs
|
|
Only cache the push event for the fork-source when it exists
Closes #39352
See merge request gitlab-org/gitlab-ce!14989
(cherry picked from commit 08a8a3f963ff4ca5392abc66eb6fdae5d6d1e118)
6f5ebc4b Only cache the event for the fork-source when it exists
|
|
Resolve "Online view of HTML artifacts is broken?"
Closes #39189
See merge request gitlab-org/gitlab-ce!14977
(cherry picked from commit cfd97f7ebedec56ccf979e21997dfa19e0807205)
3c0be3cd Fix the external URLs generated for online view of HTML artifacts
|
|
Prevent ApplicationSetting to cache nil value
Closes #39275
See merge request gitlab-org/gitlab-ce!14952
(cherry picked from commit 81175d2c37d7bb9768ee21b13207ef57d11ad3ea)
64fd9814 Prevent ApplicationSetting to cache nil value
beeed14f Fix failure in current_settings_spec.rb
|
|
Prepare 10.1 RC4 release
See merge request gitlab-org/gitlab-ce!14953
|
|
URI decode Page-Title header to preserve UTF-8 characters
Closes #39179
(cherry-picked from 85c201603ab856fbe5129aa231ab069ffd73d769)
See merge request gitlab-org/gitlab-ce!14929
|
|
Force non diff resolved discussion to display when collapse toggled
Closes #39187
See merge request gitlab-org/gitlab-ce!14946
(cherry picked from commit 9c3f094a2f7609386ed182e4d5f6f9e7f6938388)
9487cadf Force non diff resolved discussion to display when collapse toggled
1c4f42a4 Add spec
f6304f16 Add changelog
|
|
Avoind unnecesary `force_encoding` operations
Closes #39227
See merge request gitlab-org/gitlab-ce!12167
(cherry picked from commit 371eb62bc90a70f4a578303215e1d4dfc430ddbb)
520866a0 Avoind unnecesary `force_encoding` operations
|