Commit message (Expand) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Update VERSION to 11.9.12v11.9.1211-9-stable | GitLab Release Tools Bot | 2019-05-30 | 1 | -1/+1 |
* | Update CHANGELOG.md for 11.9.12 | GitLab Release Tools Bot | 2019-05-30 | 13 | -60/+18 |
* | Merge branch 'osw-disable-dns-rebind-protection-settings-11-9' into '11-9-sta... | GitLab Release Tools Bot | 2019-05-30 | 13 | -13/+183 |
|\ | |||||
| * | Rename UrlBlocker argument: schemes -> protocols | Stan Hu | 2019-05-29 | 1 | -1/+1 |
| * | Use Rails migration v5.0 for GitLab 11.9 | Stan Hu | 2019-05-29 | 1 | -1/+1 |
| * | Add changelog | Oswaldo Ferreira | 2019-05-29 | 1 | -0/+5 |
| * | Add DNS rebinding protection settings | Oswaldo Ferreira | 2019-05-29 | 12 | -13/+178 |
|/ | |||||
* | Merge branch 'security-60143-address-xss-issue-11.09' into '11-9-stable' | GitLab Release Tools Bot | 2019-05-28 | 3 | -0/+55 |
|\ | |||||
| * | Reject slug+uri concat if slug is deemed unsafe | Kerri Miller | 2019-05-27 | 3 | -0/+55 |
* | | Merge branch 'security-http-hostname-override-11-9' into '11-9-stable' | GitLab Release Tools Bot | 2019-05-28 | 27 | -87/+410 |
|\ \ | |||||
| * | | Protect Gitlab::HTTP against DNS rebinding attack | Douwe Maan | 2019-05-22 | 27 | -87/+410 |
* | | | Merge branch 'security-58856-persistent-xss-11-9' into '11-9-stable' | GitLab Release Tools Bot | 2019-05-28 | 6 | -3/+41 |
|\ \ \ | |||||
| * | | | Change `prohibited_key` to use regexes | charlieablett | 2019-05-01 | 1 | -4/+2 |
| * | | | Add `html` to sensitive words | charlieablett | 2019-05-01 | 3 | -2/+4 |
| * | | | Add changelog entry | charlieablett | 2019-04-30 | 1 | -0/+5 |
| * | | | Ensure Issue & MR note_html cannot be imported | Ash McKenzie | 2019-04-30 | 2 | -14/+16 |
| * | | | Add newline to AttributeCleaner | charlieablett | 2019-04-30 | 1 | -1/+1 |
| * | | | Refactor AttributeCleaner` for readability | charlieablett | 2019-04-30 | 1 | -2/+3 |
| * | | | Refactor AttributeCleaner` for readability | charlieablett | 2019-04-30 | 1 | -7/+2 |
| * | | | Tighten up prohibited_key method | charlieablett | 2019-04-26 | 1 | -4/+3 |
| * | | | Add disallowed fields to AttributeCleaner | charlieablett | 2019-04-24 | 3 | -2/+38 |
* | | | | Merge branch 'security-fix-project-existence-disclosure-11-9' into '11-9-stable' | GitLab Release Tools Bot | 2019-05-28 | 3 | -16/+28 |
|\ \ \ \ | |||||
| * | | | | Fix url redaction for issue links | Patrick Derichs | 2019-05-03 | 3 | -16/+28 |
* | | | | | Merge branch 'security-60039-11-9' into '11-9-stable' | GitLab Release Tools Bot | 2019-05-28 | 8 | -33/+144 |
|\ \ \ \ \ | |||||
| * | | | | | Validate MR branch names | Mark Chao | 2019-05-06 | 8 | -33/+144 |
| | |_|/ / | |/| | | | |||||
* | | | | | Merge branch 'security-unsubscribing-from-issue-11-9' into '11-9-stable' | GitLab Release Tools Bot | 2019-05-28 | 4 | -11/+111 |
|\ \ \ \ \ | |||||
| * | | | | | Hide issue title on unsubscribe for anonymous users | Alexandru Croitor | 2019-05-20 | 4 | -11/+111 |
| |/ / / / | |||||
* | | | | | Merge branch 'security-fix-confidential-issue-label-visibility-11-9' into '11... | GitLab Release Tools Bot | 2019-05-28 | 3 | -1/+40 |
|\ \ \ \ \ | |||||
| * | | | | | Fix confidential issue label disclosure on milestone view | Patrick Derichs | 2019-05-19 | 3 | -1/+40 |
| |/ / / / | |||||
* | | | | | Merge branch 'security-fix_milestones_search_api_leak-11-9' into '11-9-stable' | GitLab Release Tools Bot | 2019-05-28 | 7 | -6/+130 |
|\ \ \ \ \ | |||||
| * | | | | | Resolve: Milestones leaked via search API | Felipe Artur | 2019-05-21 | 7 | -6/+130 |
| |/ / / / | |||||
* | | | | | Merge branch 'security-jej/prevent-web-sign-in-bypass-11-9' into '11-9-stable' | GitLab Release Tools Bot | 2019-05-28 | 3 | -1/+48 |
|\ \ \ \ \ | |||||
| * | | | | | Prevent password sign in restriction bypass | James Edwards-Jones | 2019-05-23 | 3 | -1/+48 |
| |/ / / / | |||||
* | | | | | Merge branch 'security-knative-0.5-11-9' into '11-9-stable' | GitLab Release Tools Bot | 2019-05-28 | 3 | -3/+8 |
|\ \ \ \ \ | |||||
| * | | | | | Update Knative version due to a security vulnerability | Tiger Watson | 2019-05-28 | 3 | -3/+8 |
|/ / / / / | |||||
* | | | | | Merge branch 'sh-fix-issue-59379-11-9' into '11-9-stable' | GitLab Release Tools Bot | 2019-05-28 | 3 | -2/+18 |
|\ \ \ \ \ | |_|_|_|/ |/| | | | | |||||
| * | | | | Fix project visibility level validation | Peter Marko | 2019-05-24 | 3 | -2/+18 |
|/ / / / | |||||
* | | | | Merge branch '62283-fix-job-app-spec' into 'master' | Filipa Lacerda | 2019-05-24 | 1 | -1/+4 |
|/ / / | |||||
* | | | Update VERSION to 11.9.11v11.9.11 | GitLab Release Tools Bot | 2019-04-30 | 1 | -1/+1 |
* | | | Update CHANGELOG.md for 11.9.11 | GitLab Release Tools Bot | 2019-04-30 | 2 | -5/+7 |
* | | | Merge branch 'security-disallow-read-user-scope-to-read-project-events-11-9' ... | GitLab Release Tools Bot | 2019-04-29 | 7 | -182/+224 |
|\ \ \ | |||||
| * | | | Add new api class for projects events | MaĆgorzata Ksionek | 2019-04-25 | 7 | -182/+224 |
| |/ / | |||||
* | | | Update VERSION to 11.9.10v11.9.10 | GitLab Release Tools Bot | 2019-04-26 | 1 | -1/+1 |
* | | | Update CHANGELOG.md for 11.9.10 | GitLab Release Tools Bot | 2019-04-26 | 6 | -25/+11 |
|/ / | |||||
* | | Merge branch 'security-approval-race-condition-11-9' into '11-9-stable' | GitLab Release Tools Bot | 2019-04-25 | 2 | -3/+33 |
|\ \ | |||||
| * | | Add ApplicationRecord#safe_ensure_unique method | Patrick Bajao | 2019-04-12 | 2 | -3/+33 |
* | | | Merge branch 'security-upgrade-to-rails-5-0-7-2-11-9' into '11-9-stable' | GitLab Release Tools Bot | 2019-04-25 | 3 | -36/+41 |
|\ \ \ | |||||
| * | | | Upgrade Rails to 5.0.7.2 | Heinrich Lee Yu | 2019-04-12 | 3 | -36/+41 |
| |/ / | |||||
* | | | Merge branch 'security-pb-email-watchers-no-access-11-9' into '11-9-stable' | GitLab Release Tools Bot | 2019-04-25 | 3 | -12/+53 |
|\ \ \ | |||||
| * | | | Stop sending emails to users who can't read commit | Patrick Bajao | 2019-04-16 | 3 | -12/+53 |
| |/ / |