summaryrefslogtreecommitdiff
Commit message (Expand)AuthorAgeFilesLines
* Update VERSION to 12.2.3v12.2.312-2-stable-patch-2GitLab Release Tools Bot2019-08-281-1/+1
* Update CHANGELOG.md for 12.2.3GitLab Release Tools Bot2019-08-2823-110/+28
* Merge branch '66641-broken-master-real-http-connections-are-disabled-unregist...Jan Provaznik2019-08-283-16/+24
* Revert "Update CHANGELOG.md for 12.2.2"John Jarvis2019-08-2823-25/+111
* Merge branch 'security-fix-something-went-wrong-on-when-not-logged-in-ce-12-2...GitLab Release Tools Bot2019-08-281-0/+2
|\
| * Return NO_ACCESS if user is nilPatrick Derichs2019-08-281-0/+2
|/
* Update VERSION to 12.2.2v12.2.2GitLab Release Tools Bot2019-08-271-1/+1
* Update CHANGELOG.md for 12.2.2GitLab Release Tools Bot2019-08-2723-110/+28
* Merge branch 'security-exposed-default-branch-12-2' into '12-2-stable'GitLab Release Tools Bot2019-08-264-2/+97
|\
| * Avoid exposing unaccessible repo data upon GFM processingOswaldo Ferreira2019-08-264-2/+97
|/
* Merge branch 'security-2853-prevent-comments-on-private-mrs-12-2' into '12-2-...GitLab Release Tools Bot2019-08-266-75/+371
|\
| * Prevent unauthorised comments on merge requestsAlex Kalderimis2019-08-266-75/+371
|/
* Merge branch 'security-hide_merge_request_ids_on_emails-12-2' into '12-2-stable'GitLab Release Tools Bot2019-08-265-18/+89
|\
| * Prevent disclosure of merge request id via emailFelipe Artur2019-08-215-18/+89
* | Merge branch 'security-64711-fix-commit-todos-12-2' into '12-2-stable'GitLab Release Tools Bot2019-08-263-20/+112
|\ \
| * | Send TODOs for comments on commits correctlyNick Thomas2019-08-233-20/+112
* | | Merge branch 'security-12-2-stable-gitaly-1.59.2' into '12-2-stable'GitLab Release Tools Bot2019-08-262-1/+6
|\ \ \
| * | | Use Gitaly 1.59.2Jacob Vosmaer2019-08-262-1/+6
* | | | Merge branch 'security-project-import-bypass-12-2' into '12-2-stable'GitLab Release Tools Bot2019-08-265-26/+244
|\ \ \ \ | |/ / / |/| | |
| * | | Fix project import restricted visibility bypassGeorge Koltsov2019-08-265-26/+244
|/ / /
* | | Merge branch 'security-ssrf-kubernetes-dns' into '12-2-stable'GitLab Release Tools Bot2019-08-265-18/+269
|\ \ \
| * | | Column was renamed in 12.2Thong Kuah2019-08-212-2/+2
| * | | Override hostname when connecting via KubeclientThong Kuah2019-08-215-18/+269
* | | | Merge branch 'security-epic-notes-api-reveals-historical-info-ce-12-2' into '...GitLab Release Tools Bot2019-08-267-7/+16
|\ \ \ \
| * | | | Filter out old system notes for epicsPatrick Derichs2019-08-197-7/+16
* | | | | Merge branch 'security-fix-html-injection-for-label-description-ce-12-2' into...GitLab Release Tools Bot2019-08-265-3/+29
|\ \ \ \ \
| * | | | | Fix html injection for label descriptionPatrick Derichs2019-08-195-3/+29
| |/ / / /
* | | | | Merge branch 'security-mr-head-pipeline-leak-12-2' into '12-2-stable'GitLab Release Tools Bot2019-08-263-5/+39
|\ \ \ \ \
| * | | | | Permission fix for MergeRequestsController#pipeline_statusdrew cimino2019-08-203-5/+39
| |/ / / /
* | | | | Merge branch 'security-61974-limit-issue-comment-size-12-2' into '12-2-stable'GitLab Release Tools Bot2019-08-2614-19/+78
|\ \ \ \ \
| * | | | | Limit the size of issuable description and commentsAlexandru Croitor2019-08-2214-19/+78
| | |_|_|/ | |/| | |
* | | | | Merge branch 'security-id-filter-timeline-activities-for-guests-12-2' into '1...GitLab Release Tools Bot2019-08-262-1/+6
|\ \ \ \ \
| * | | | | Add merge note type as cross referenceIgor Drozdov2019-08-212-1/+6
| |/ / / /
* | | | | Merge branch 'security-12-2-enable-image-proxy' into '12-2-stable'GitLab Release Tools Bot2019-08-2634-19/+594
|\ \ \ \ \
| * | | | | Fix failing spec due to changes UpdateServiceBrett Walker2019-08-201-1/+1
| * | | | | Add support for using a Camo proxy serverBrett Walker2019-08-2033-18/+593
| | |/ / / | |/| | |
* | | | | Merge branch 'security-fix_jira_ssrf_vulnerability-12-2' into '12-2-stable'GitLab Release Tools Bot2019-08-264-1/+82
|\ \ \ \ \
| * | | | | Fix DNS rebind vulnerability for JIRA integrationFelipe Artur2019-08-194-1/+82
| |/ / / /
* | | | | Merge branch 'security-add-job-activity-limit-ce-12-2' into '12-2-stable'GitLab Release Tools Bot2019-08-265-2/+43
|\ \ \ \ \
| * | | | | Add active_jobs_limit to plans tableFabio Pitino2019-08-205-2/+43
| | |_|/ / | |/| | |
* | | | | Merge branch 'security-sarcila-fix-weak-session-management-12-2' into '12-2-s...GitLab Release Tools Bot2019-08-264-0/+71
|\ \ \ \ \
| * | | | | Add User#will_save_change_to_login? to clear reset_password_tokensSebastian Arcila Valenzuela2019-08-214-0/+71
| | |_|/ / | |/| | |
* | | | | Merge branch 'security-59549-add-capcha-for-failed-logins-12-2' into '12-2-st...GitLab Release Tools Bot2019-08-2620-32/+307
|\ \ \ \ \
| * | | | | Add captcha if there are multiple failed login attemptsMaƂgorzata Ksionek2019-08-2120-32/+307
| |/ / / /
* | | | | Merge branch 'security-katex-dos-12-2' into '12-2-stable'GitLab Release Tools Bot2019-08-264-23/+143
|\ \ \ \ \
| * | | | | Enforce max chars and max render time in markdown mathMartin Hanzel2019-08-214-23/+143
| |/ / / /
* | | | | Merge branch 'security-ci-metrics-permissions-12-2' into '12-2-stable'GitLab Release Tools Bot2019-08-263-8/+64
|\ \ \ \ \
| * | | | | Restrict MergeRequests#test_reports to authenticated users with read-access o...drew cimino2019-08-223-8/+64
| | |_|_|/ | |/| | |
* | | | | Merge branch 'security-personal-snippets-12-2' into '12-2-stable'GitLab Release Tools Bot2019-08-2612-10/+77
|\ \ \ \ \
| * | | | | Add direct upload support for personal snippetsJan Provaznik2019-08-2312-10/+77
| |/ / / /