Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec
AgeCommit message (Collapse)Author
2019-03-26Merge branch 'security-use-untrusted-regexp-11-8' into '11-8-stable'GitLab Release Tools Bot
Use UntrustedRegexp for CI refs matching See merge request gitlab/gitlabhq!3007
2019-03-26Merge branch 'security-milestone-labels-11-8' into '11-8-stable'GitLab Release Tools Bot
Check label_ids parent when updating issue board See merge request gitlab/gitlabhq!3036
2019-03-26Merge branch 'security-2819-xss-resolve-conflicts-branch-name-11-8' into ↵GitLab Release Tools Bot
'11-8-stable' Fix XSS in resolve conflicts form See merge request gitlab/gitlabhq!2987
2019-03-26Merge branch 'security-56224-11-8' into '11-8-stable'GitLab Release Tools Bot
Fix related branches visible in issues for guests See merge request gitlab/gitlabhq!3019
2019-03-26Disallow guest users from accessing ReleasesShinya Maeda
As they do not have a permission to read git tag
2019-03-25Check if labels are available for target issuableJarka Košanová
- labels have to be in the same project/group as an issuable
2019-03-20Hide related branches when user does not have permissionMark Chao
Guest user of a project should not see branches
2019-03-18Only return `commands_changes` used in frontendHeinrich Lee Yu
When executing quick actions, this limits the `commands_changes` response to only those used by the frontend
2019-03-15Make CI refs matching to to use UntrustedRegexpKamil Trzciński
This makes ref validation to use always `UntrustedRegexp`. This also splits the existing RubySyntax into separate class.
2019-03-15Fix XSS in resolve conflicts formPaul Slaughter
The issue arose when the branch name contained Vue template JavaScript. The fix is to use `v-pre` which disables Vue compilation in a template.
2019-03-13Merge branch 'modify_group_policy' into 'master'Rémy Coutable
Update group policy to reflect all the requirements See merge request gitlab-org/gitlab-ce!25854
2019-03-12Secure vulerability and add specsMałgorzata Ksionek
2019-03-12Merge branch 'rs-fix-time-based-broken-master' into 'master'Fatih Acet
Freeze date in merge request status view spec See merge request gitlab-org/gitlab-ce!25671 (cherry picked from commit c994484d17d6a6da929f6a52f1b64dc15c38835c) a05aba61 Freeze date in merge request status view spec
2019-03-11Merge branch 'jc-fix-set-project-writable' into 'master'Douglas Barbosa Alexandre
Fix method to mark a project repository as writable See merge request gitlab-org/gitlab-ce!25546 (cherry picked from commit a8a02387a7ea5c5a4a6f733a043adf2b1f907e3c) df044542 Fix project set_repository_writable!
2019-03-11Merge branch '58149-fix-read-list-board-policy' into 'master'Nick Thomas
Allow `:read_list` when `:read_group` is allowed Closes #58149 See merge request gitlab-org/gitlab-ce!25524 (cherry picked from commit 61c1509cc992959ac5021d10825d5dbf9dd2c091) b81e7c52 Enable `:read_list` when `:read_group` is enabled
2019-03-11Merge branch 'sh-fix-issue-58103' into 'master'Grzegorz Bizon
Properly handle multiple X-Forwarded-For addresses in runner IP Closes #58103 See merge request gitlab-org/gitlab-ce!25511 (cherry picked from commit dbf0a92292dd054843d28ec27d52222418400ca5) d03b7bb1 Properly handle multiple X-Forwarded-For addresses in runner IP
2019-03-11Merge branch ↵Stan Hu
'57579-gitlab-project-import-fails-sidekiq-undefined-method-import_jid' into 'master' Resolve "Gitlab Project import fails: sidekiq undefined method import_jid" Closes #57579 See merge request gitlab-org/gitlab-ce!25239 (cherry picked from commit c06ebe511700f25a61b4dfaa518fbed7667c6876) 401a3bca Fix import_jid error on project import
2019-02-27Display only informaton visible to current userJarka Košanová
Display only labels and assignees of issues visible by the currently logged user Display only issues visible to user in the burndown chart
2019-02-27Display the correct number of MRs a user has access toIgor Drozdov
2019-02-27Merge branch 'security-2818_filter_impersonated_sessions-11-8' into ↵Yorick Peterse
'11-8-stable' Filter impersonated sessions from active sessions and remove ability to revoke session See merge request gitlab/gitlabhq!2981
2019-02-27Merge branch 'security-id-restricted-access-to-private-repo-11-8' into ↵Yorick Peterse
'11-8-stable' Forbid creating discussions for users with restricted access See merge request gitlab/gitlabhq!2890
2019-02-27Merge branch '11-8-security-2773-milestones-fix' into '11-8-stable'Yorick Peterse
Check issue milestone availability See merge request gitlab/gitlabhq!2904
2019-02-27Merge branch 'security-tags-oracle-11-8' into '11-8-stable'Yorick Peterse
Prevent Releases links API to leak tag existence See merge request gitlab/gitlabhq!2908
2019-02-27Merge branch 'security-2798-fix-boards-policy-11-8' into '11-8-stable'Yorick Peterse
Disable issue board policies when issues are disabled See merge request gitlab/gitlabhq!2910
2019-02-27Merge branch '11-8-security-2797-milestone-mrs' into '11-8-stable'Yorick Peterse
Show only MRs visible to user on milestone detail See merge request gitlab/gitlabhq!2923
2019-02-27Merge branch 'security-commit-private-related-mr-11-8' into '11-8-stable'Yorick Peterse
Don't allow non-members to see private related MRs See merge request gitlab/gitlabhq!2930
2019-02-27Merge branch 'security-kubernetes-google-login-csrf-11-8' into '11-8-stable'Yorick Peterse
Validate session key when authorizing with GCP to create a cluster See merge request gitlab/gitlabhq!2934
2019-02-27Merge branch 'security-50334-11-8' into '11-8-stable'Yorick Peterse
Fix git clone revealing private repo's presence See merge request gitlab/gitlabhq!2938
2019-02-27Merge branch 'security-56348-11-8' into '11-8-stable'Yorick Peterse
Check snippet attached file to be moved is within designated directory See merge request gitlab/gitlabhq!2941
2019-02-27Check validity of prometheus_service before queryReuben Pereira
Check validity before querying so that if the dns entry for the api_url has been changed to something invalid after the model was saved and checked for validity, it will not query. This is to solve a toctou (time of check to time of use) issue.
2019-02-27Merge branch 'security-protect-private-repo-information-11-8' into '11-8-stable'Yorick Peterse
Fix leaking private repository information in API See merge request gitlab/gitlabhq!2948
2019-02-27Arbitrary file read via MergeRequestDiffFrancisco Javier López
2019-02-27Merge branch '11-8-security-2799-emails' into '11-8-stable'Yorick Peterse
Remove link after issue move when no permissions See merge request gitlab/gitlabhq!2955
2019-02-27Merge branch 'security-kubernetes-local-ssrf-11-8' into '11-8-stable'Yorick Peterse
Block local URLs for Kubernetes integration See merge request gitlab/gitlabhq!2959
2019-02-27Merge branch ↵Yorick Peterse
'security-add-public-internal-groups-as-members-to-your-project-idor-11-8' into '11-8-stable' Add public/internal groups as members to your Project(IDOR) See merge request gitlab/gitlabhq!2962
2019-02-27Merge branch 'security-osw-stop-linking-to-packages-11-8' into '11-8-stable'Yorick Peterse
Stop linking to unrecognized package sources See merge request gitlab/gitlabhq!2969
2019-02-27Remove ability to revoke active sessionImre Farkas
Session ID is used as a parameter for the revoke session endpoint but it should never be included in the HTML as an attacker could obtain it via XSS.
2019-02-27Filter active sessions belonging to an admin impersonating the userImre Farkas
2019-02-25Prevent disclosing project milestone titlesFelipe Artur
Prevent unauthorized users having access to milestone titles through autocomplete endpoint.
2019-02-24Stop linking to unrecognized package sourcesOswaldo Ferreira
2019-02-22Remove link after issue move when no permissionsJarka Košanová
Don't show new issue link after move when a user does not have permissions to display the new issue
2019-02-21Do not allow local urls in Kubernetes formThong Kuah
Use existing `public_url` validation to block various local urls. Note that this validation will allow local urls if the "Allow requests to the local network from hooks and services" admin setting is enabled. Block KubeClient from using local addresses It will also respect `allow_local_requests_from_hooks_and_services` so if that is enabled KubeClinet will allow local addresses
2019-02-21Check snippet attached file to be moved is within designated directoryMark Chao
Previously one could move any temp/ sub folder around. Align spec with actual usage, as currently we pass temp file path to FileMover.
2019-02-20Change policy regarding group visibilityMałgorzata Ksionek
2019-02-20Prevent leaking of private repo data through APILuke Duncalfe
default_branch, statistics and config_ci_path are now only exposed if the user has permissions to the repository.
2019-02-19Validate session key when authorizing with GCP to create a clusterTiger
It was previously possible to link a GCP account to another user's GitLab account by having them visit the callback URL, as there was no check that they were the initiator of the request. We now reject the callback unless the state parameter matches the one added to the initiating user's session.
2019-02-19Fix git clone revealing private repo's presenceMark Chao
Ensure redirection to path with .git suffix regardless whether project exists or not.
2019-02-18Merge branch 'sh-fix-issue-9787-ce' into 'master'Douwe Maan
Backport commit author changes from CE See merge request gitlab-org/gitlab-ce!25294 (cherry picked from commit 8f209ed5eac176fde0272ced69e36467e37fe79a) 886f00bc Backport commit author changes from CE
2019-02-18Merge branch '57650-remove-tld-validation-from-cluster' into 'master'Nick Thomas
Remove TLD validation from cluster domain Closes #57650 See merge request gitlab-org/gitlab-ce!25262 (cherry picked from commit d02ca097312245e13ba9e1301964342a4327859a) 3016a2a3 Remove TLD validation from Cluster#domain
2019-02-15Merge branch '56332-exclude-public-group-milestones-from-count' into 'master'Stan Hu
Exclude public group milestones from counts in milestones dashboard Closes #56332 See merge request gitlab-org/gitlab-ce!25230 (cherry picked from commit bd488bc29afbfdfeca5c22ab2caa926525dd666b) 0f0bf2a2 Exclude public group milestones from counts
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-09 10:02:40 +0300