Age | Commit message (Collapse) | Author |
|
Fix a JS race in a spec
Closes #56860
See merge request gitlab-org/gitlab-ce!24684
(cherry picked from commit b5e10cd3ac4e15e7421ebc9acc5d4f9ca9e8e3ea)
|
|
[11.6] Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs
See merge request gitlab/gitlabhq!2829
(cherry picked from commit 7dd747b8ce1f59672c530af25237bdf661cb480a)
61fc453c Add `sanitize_name` helper to sanitize URLs in user full name
e5cd214e Use `sanitize_name` to sanitize URL in user full name
1b000d5a Add changelog entry
|
|
[11.6] Sent notification only to authorized users
See merge request gitlab/gitlabhq!2857
(cherry picked from commit 4152329ce44bbc7567a1c7b03d5bf9e84bb1efc7)
fb0fd18c Sent notification only to authorized users
|
|
[11.6] Resolve "[Security] Stored XSS via KaTeX"
See merge request gitlab/gitlabhq!2755
(cherry picked from commit f79ff59ee1e21a5dbff19b86c5d5af16b62ac894)
024098db 11.6 backport of fix for XSS in KaTex Links
37b798d7 Merge branch 'security-11-6' of https://dev.gitlab.org/gitlab/gitlabhq into...
|
|
[11.6] Disable git v2 protocol temporarily
See merge request gitlab/gitlabhq!2860
(cherry picked from commit 5c80952f99aea931d53ac58b6068e1eabd8b6295)
d7d7bc0d Allow Gitaly to be built from a custom URL
c478d134 Disable git v2 protocol temporarily
|
|
[11.6] Alias GitHub and BitBucket OAuth2 callback URLs
See merge request gitlab/gitlabhq!2846
(cherry picked from commit f8a23d89e6f94a74b2779b3b215c475a39ba8de3)
f652a9e0 Alias GitHub and BitBucket OAuth2 callback URLs
|
|
[11.6] Security fix user email tag push leak
See merge request gitlab/gitlabhq!2808
(cherry picked from commit 7260e6e0c2ad3df7dea2c0bd5c0d91c4bc5b15ae)
589c57c7 Prefer build() rather than create()
63d13410 Fix private user email being visible in tag webhooks
|
|
[11.6] Fix error disclosure on Project Import
See merge request gitlab/gitlabhq!2733
(cherry picked from commit b4797537a586bce6a96580a0257f59f9c6a92c14)
f470ad2f Fix path disclosure on Project Import
|
|
[11.6] Contributed projects info is still visible even user enable private profile
See merge request gitlab/gitlabhq!2765
(cherry picked from commit dfc0edd52628ba86578f1b6645575049b9db1058)
7502af85 Fix contributed projects finder shown private info
06aadabb Use old spec syntax
|
|
[11.6] Fix Imported Project Retains Prior Visibility Setting
See merge request gitlab/gitlabhq!2853
(cherry picked from commit 348a5dbc905cac1d61158e9fb83b82185a27cb04)
aaca3d2b Fix tree restorer visibility level
1d942ad1 Update schema file
|
|
[11.6] GitLab vulnerable to IDN homograph attacks and RTLO attacks
See merge request gitlab/gitlabhq!2822
|
|
'security-11-6'
[11.6] Do not expose trigger token when user should not see it
See merge request gitlab/gitlabhq!2759
(cherry picked from commit 33fbd62b9b4a73679a9f3cd1d9020e5dc6e9072d)
64a328be Do not expose trigger token when user should not see it
|
|
[11.6] Fix DoS in reference extraction regexes
See merge request gitlab/gitlabhq!2778
(cherry picked from commit 06f1ea1f540b62aefbaa4f69901de2d29df11e7c)
e73f2f1d Fix slow project reference pattern regex
|
|
'security-11-6'
[11.6] Don't process MR refs for guests in the notes
See merge request gitlab/gitlabhq!2782
(cherry picked from commit ee0f107791921dec7a6e3d43fe45ebef43d864be)
6e10237d Don't process MR refs for guests in the notes
|
|
[11.6] Bump Rails version to 5.0.7.1
See merge request gitlab/gitlabhq!2797
(cherry picked from commit 3a5dd09effda664888b25c935142b5c8fc23c304)
f705c816 Bump Ruby on Rails version to 5.0.7.1
|
|
'security-fix-wiki-access-rights-with-external-wiki-enabled-11-6' into 'security-11-6'
[11.6] Fix access to internal wiki when external wiki is enabled
See merge request gitlab/gitlabhq!2801
(cherry picked from commit 1edd23f18210a03ab3e1f6925aa4e434f68cee79)
24a48893 Fixed bug when external wiki is enabled
|
|
[11.6] Pipelines section is available to unauthorized users
See merge request gitlab/gitlabhq!2805
(cherry picked from commit 6f6e0e2ba7e8e2afe38e2d57883a8dfda0685d86)
e5c0b597 Backport security fix
181c74a1 Add CHANGELONG entry
|
|
[11.6] Use common error for not logged in users when creating issues
See merge request gitlab/gitlabhq!2812
(cherry picked from commit fe692173d2da5df4646050725359bc7fd1c99f4e)
a2dba33c Use common error for unauthenticated users
|
|
'security-11-6'
[11.6] Group Guests are no longer able to see merge requests
See merge request gitlab/gitlabhq!2815
(cherry picked from commit a662cfdb80a9d7fe6eacbc1a40fb24b5a7b9272e)
f7a2dabd Group Guests are no longer able to see merge requests
|
|
'security-11-6'
[11.6] LFS object forgery in project import
See merge request gitlab/gitlabhq!2818
(cherry picked from commit 6402c62822692b924ee95234cbcc2578501236f9)
bb635c64 Added validations to prevent LFS object forgery
|
|
'security-11-6'
[11.6] Fix discussion replies permissions check
See merge request gitlab/gitlabhq!2825
(cherry picked from commit 367767766d9727101908a1f195120732d72201b1)
313a9f2e Prevent comments by email when issue is locked
|
|
[11.6] Security extract pages with rubyzip
See merge request gitlab/gitlabhq!2834
(cherry picked from commit a55b637dea3b526ad48bd9a27352c5d7ca2d54db)
57be1a57 Extract GitLab Pages using RubyZip
eeeafb9b Fix Gemfile.rails4.lock
|
|
'security-11-6'
[11.6] Stop showing ci for guest users
See merge request gitlab/gitlabhq!2836
(cherry picked from commit 6390008e01ddfbbcff3b0f16f88bdd38bfcaf0ed)
75ec9ba8 Stop showing ci for guest users
|
|
'security-11-6'
[11.6] Revoke award_emoji permissions for confidential issues
See merge request gitlab/gitlabhq!2850
(cherry picked from commit f645472619fe1e1ec4fdaa02010408d548287efb)
47d86827 Prevent award_emoji to notes not visible to user
|
|
'security-11-6'
[11.6] Verify that LFS upload requests are genuine
See merge request gitlab/gitlabhq!2863
(cherry picked from commit 6154e199fee175685e24a5b0b0d57f5971b1ed08)
edb61807 Verify that LFS upload requests are genuine
|
|
Such as those with IDN homographs or embedded
right-to-left (RTLO) characters.
Autolinked hrefs should be escaped
|
|
The `params` keyword argument only works in Rails 5. Removing it will
cause a Rails 4 deprecation warning, but that's better than not working
at all.
|
|
Resolve a transient failure in MWPS feature spec
Closes gitlab-ee#6770
See merge request gitlab-org/gitlab-ce!23838
|
|
Fix no avatar not showing in user selection box
Closes #56268
See merge request gitlab-org/gitlab-ce!24346
(cherry picked from commit 8285205815ccdb25238fcae1c1e91063a46f19b0)
2265ce34 Fix no avatar not showing in user selection box
|
|
Fix requests profiler in admin page not rendering HTML properly
Closes #56152
See merge request gitlab-org/gitlab-ce!24291
(cherry picked from commit 59c0c173b471d50007442c95464df0cac0030fc6)
4ac4ba26 Fix requests profiler in admin page not rendering HTML properly
|
|
Fix broken templated "Too many changes to show" text
Closes #56138
See merge request gitlab-org/gitlab-ce!24282
(cherry picked from commit 819de8e8084e1b0cc102664abb8bbc836ff99ede)
488d7d1f Fix broken templated "Too many changes to show" text
|
|
Add syntax highlighting to suggestion diff
Closes #55945
See merge request gitlab-org/gitlab-ce!24156
(cherry picked from commit da3b20f7a4cbcbf1698b995f6dc69fa388bc5b2f)
2635f2c6 Add syntax highlighting to suggestion diff
e3919efd Add unit test for syntax highlighting
95f2d284 Add changelog entry
|
|
Fixes diff sugestions removing dashes from diff
Closes #55634
See merge request gitlab-org/gitlab-ce!23994
(cherry picked from commit 32f80629bdbd4d2fcd43b6220da373394ffd95b6)
e6f1209e Fixes diff sugestions removing dashes from diff
|
|
'security-11-6'
[11.6] Validate bundle files before unpacking them
See merge request gitlab/gitlabhq!2774
(cherry picked from commit ad73bf817253ec4fc3fae8c7fb60898f11922218)
5f2fe991 Validate bundle files before unpacking them
|
|
Fix clone URL not showing if protocol is HTTPS
Closes #55896
See merge request gitlab-org/gitlab-ce!24131
(cherry picked from commit 64c582d1841a35193c684a707b9688feb2d21772)
913084e6 Fix clone URL not showing if protocol is HTTPS
|
|
Fixed content-disposition in blob and files API endpoint
Closes #55781
See merge request gitlab-org/gitlab-ce!24078
(cherry picked from commit ca14b70d5201852751d79d6a0827b81689fff5be)
2cd47bba Fixed api content-disposition in blob and files endpoint
|
|
Fix missing Git clone button when protocol restriction setting enabled
Closes #55676
See merge request gitlab-org/gitlab-ce!24015
(cherry picked from commit f044679c96251c82de310219a48cb7814dfe5143)
4a8b4d8a Fix missing Git clone button when protocol restriction setting enabled
f50ee65b Add spec for HTTP/SSH clone panel
91b0754d Fix HTTP/SSH clone panel for mobile
29adade5 Fix and move specs into admin_disables_git_access_protocol_spec.rb
|
|
Fixes the markdown toolbar buttons
Closes #55618
See merge request gitlab-org/gitlab-ce!23979
(cherry picked from commit 82772caf727e3ea59513ffff6693bab1ee37b53f)
3019a567 Fixes the markdown toolbar buttons
|
|
Resolve "Hide cluster features that don't work yet with Group Clusters"
Closes #55103
See merge request gitlab-org/gitlab-ce!23935
(cherry picked from commit a91138baaba93b72c3b487d38e11299e99d2071e)
4ed4a640 Expose environment's cluster type
55bfea0a Disable terminal button for group clusters
bfbea9b8 Use constants for cluster_type
b1fb15f8 Fix formatting
e9c4f190 Add CHANGELOG.md entry for gitlab-ce!23935
0d608a7b Add test for environment_terminal_button
e18fb5b3 Memoize call for EnvironmentEntity#cluster_type
a45fb5d6 Moves memoization to Environment
|
|
'master'
Handle nil terminals in Clusters::Platforms::Kubernetes
Closes #55551
See merge request gitlab-org/gitlab-ce!23925
(cherry picked from commit 6b02f502c84450d5e23866fef0d3da600d7c78ae)
6d4c2529 Handle nil terminals in Clusters::Platforms::Kubernetes
|
|
Remove feature flag for suggest changes feature
See merge request gitlab-org/gitlab-ce!23892
(cherry picked from commit 58ee1746a867ea939dd64a993963f14fc34c338d)
ee425c9c Remove feature flag for suggest changes feature
|
|
|
|
'security-11-6'
[11.6] Resolve "Removing a user from a private group doesn't remove them from group's project, if their project's role was changed"
See merge request gitlab/gitlabhq!2716
|
|
[11.6] Persistent Symlink in Project Import
See merge request gitlab/gitlabhq!2728
|
|
into security-11-6
|
|
'security-fix/security-group-user-removal-11-6'
# Conflicts:
# app/services/members/destroy_service.rb
|
|
|
|
[11.6] Secret CI variables can exposed by creating a tag with the same name as an existing protected branch
See merge request gitlab/gitlabhq!2684
|
|
'security-11-6-user-keeps-access-to-mr-issue-when-removed-from-team' into 'security-11-6'
[11.6] Adds validation to check if user can read project
See merge request gitlab/gitlabhq!2753
|
|
into 'security-11-6'
[11.6] Group Ex-Maintainer Could maintain Access to Project's Source Code/Jobs/Pipelines/Artifacts if it had Shared Group Runner Configured
See merge request gitlab/gitlabhq!2750
|