Commit message (Expand) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
| | | * | | | | | | | | | | | | | | | | Verify that LFS upload requests are genuine | Nick Thomas | 2019-01-22 | 4 | -7/+25 | |
| | | |/ / / / / / / / / / / / / / / | ||||||
| | * | | | | | | | | | | | | | | | | Merge branch 'security-project-move-users' into 'master' | Yorick Peterse | 2019-01-24 | 6 | -7/+59 | |
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | ||||||
| | | * | | | | | | | | | | | | | | | | Sent notification only to authorized users | Jan Provaznik | 2019-01-23 | 6 | -7/+59 | |
| | | |/ / / / / / / / / / / / / / / | ||||||
| | * | | | | | | | | | | | | | | | | Merge branch 'security-fix-user-email-tag-push-leak' into 'master' | Yorick Peterse | 2019-01-24 | 3 | -3/+8 | |
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | ||||||
| | | * | | | | | | | | | | | | | | | | Fix private user email being visible in tag webhooks | Luke Duncalfe | 2019-01-18 | 3 | -3/+8 | |
| | | * | | | | | | | | | | | | | | | | Prefer build() rather than create() | Luke Duncalfe | 2019-01-15 | 1 | -1/+1 | |
| | | | |_|/ / / / / / / / / / / / / | | | |/| | | | | | | | | | | | | | | ||||||
| | * | | | | | | | | | | | | | | | | Merge branch 'security-stored-xss-via-katex' into 'master' | Yorick Peterse | 2019-01-24 | 2 | -1/+22 | |
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | ||||||
| | | * | | | | | | | | | | | | | | | | [master] Resolve "[Security] Stored XSS via KaTeX" | Constance Okoghenun | 2019-01-24 | 2 | -1/+22 | |
| | |/ / / / / / / / / / / / / / / / | ||||||
| | * | | | | | | | | | | | | | | | | Merge branch 'extract-pages-with-rubyzip' into 'master' | Yorick Peterse | 2019-01-24 | 17 | -25/+594 | |
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | ||||||
| | | * | | | | | | | | | | | | | | | | Extract GitLab Pages using RubyZip | Kamil Trzciński | 2019-01-22 | 17 | -25/+594 | |
| | * | | | | | | | | | | | | | | | | | Merge branch 'security-commit-status-shown-for-guest-user' into 'master' | Yorick Peterse | 2019-01-24 | 3 | -1/+27 | |
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | ||||||
| | | * | | | | | | | | | | | | | | | | | Stop showing ci for guest users | Steve Azzopardi | 2019-01-23 | 3 | -1/+27 | |
| | * | | | | | | | | | | | | | | | | | | Merge branch 'security-fix-lfs-import-project-ssrf-forgery' into 'master' | Yorick Peterse | 2019-01-24 | 13 | -103/+359 | |
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | ||||||
| | | * | | | | | | | | | | | | | | | | | | Added validations to prevent LFS object forgery | Francisco Javier López | 2019-01-21 | 13 | -103/+359 | |
| | | | |_|_|_|_|_|/ / / / / / / / / / / | | | |/| | | | | | | | | | | | | | | | | ||||||
| | * | | | | | | | | | | | | | | | | | | Merge branch 'security-pipeline-trigger-tokens-exposure' into 'master' | Yorick Peterse | 2019-01-24 | 11 | -17/+130 | |
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | ||||||
| | | * | | | | | | | | | | | | | | | | | | Add changelog for trigger token exposure fix | Grzegorz Bizon | 2019-01-15 | 1 | -0/+5 | |
| | | * | | | | | | | | | | | | | | | | | | Fix subject in trigger presenter tests | Grzegorz Bizon | 2019-01-15 | 1 | -1/+1 | |
| | | * | | | | | | | | | | | | | | | | | | Add some specs for trigger presenter | Grzegorz Bizon | 2019-01-15 | 1 | -0/+51 | |
| | | * | | | | | | | | | | | | | | | | | | Present all pipeline triggers using trigger presenter | Grzegorz Bizon | 2019-01-15 | 3 | -4/+6 | |
| | | * | | | | | | | | | | | | | | | | | | Do not expose trigger token when user should not see it | Grzegorz Bizon | 2019-01-15 | 8 | -13/+68 | |
| | | | |_|_|/ / / / / / / / / / / / / / | | | |/| | | | | | | | | | | | | | | | | ||||||
| | * | | | | | | | | | | | | | | | | | | Merge branch 'security-fix-regex-dos' into 'master' | Yorick Peterse | 2019-01-24 | 4 | -1/+14 | |
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | ||||||
| | | * | | | | | | | | | | | | | | | | | | Fix slow project reference pattern regex | Heinrich Lee Yu | 2019-01-11 | 4 | -1/+14 | |
| | | | |_|_|_|_|_|/ / / / / / / / / / / | | | |/| | | | | | | | | | | | | | | | | ||||||
| | * | | | | | | | | | | | | | | | | | | Merge branch 'security-fix-wiki-access-rights-with-external-wiki-enabled' int... | Yorick Peterse | 2019-01-24 | 14 | -51/+131 | |
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | ||||||
| | | * | | | | | | | | | | | | | | | | | | Fixed bug when external wiki is enabled | Francisco Javier López | 2019-01-18 | 14 | -51/+131 | |
| | | | |_|/ / / / / / / / / / / / / / / | | | |/| | | | | | | | | | | | | | | | | ||||||
| | * | | | | | | | | | | | | | | | | | | Merge branch 'security-2769-idn-homograph-attack' into 'master' | Yorick Peterse | 2019-01-24 | 9 | -13/+228 | |
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | ||||||
| | | * | | | | | | | | | | | | | | | | | | Bump the CACHE_COMMONMARK_VERSION | Brett Walker | 2019-01-21 | 1 | -1/+1 | |
| | | * | | | | | | | | | | | | | | | | | | Show tooltip for malicious looking links | Brett Walker | 2019-01-21 | 8 | -12/+227 | |
| | | | |_|_|_|_|_|_|_|/ / / / / / / / / | | | |/| | | | | | | | | | | | | | | | | ||||||
| | * | | | | | | | | | | | | | | | | | | Merge branch 'security-fix-new-issues-login-message' into 'master' | Yorick Peterse | 2019-01-24 | 3 | -10/+7 | |
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | ||||||
| | | * | | | | | | | | | | | | | | | | | | Use common error for unauthenticated users | Heinrich Lee Yu | 2019-01-14 | 3 | -10/+7 | |
| | | | |_|_|/ / / / / / / / / / / / / / | | | |/| | | | | | | | | | | | | | | | | ||||||
| | * | | | | | | | | | | | | | | | | | | Merge branch 'security-2776-fix-add-reaction-permissions' into 'master' | Yorick Peterse | 2019-01-24 | 3 | -0/+8 | |
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | ||||||
| | | * | | | | | | | | | | | | | | | | | | Prevent award_emoji to notes not visible to user | Heinrich Lee Yu | 2019-01-15 | 3 | -0/+8 | |
| | | |/ / / / / / / / / / / / / / / / / | ||||||
| | * | | | | | | | | | | | | | | | | | | Merge branch 'security-2779-fix-email-comment-permissions-check' into 'master' | Yorick Peterse | 2019-01-24 | 12 | -37/+94 | |
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | | | |_|_|_|_|_|_|_|/ / / / / / / / / / | | |/| | | | | | | | | | | | | | | | | | ||||||
| | | * | | | | | | | | | | | | | | | | | Prevent comments by email when issue is locked | Heinrich Lee Yu | 2019-01-22 | 12 | -37/+94 | |
| | | | |_|_|_|_|/ / / / / / / / / / / | | | |/| | | | | | | | | | | | | | | | ||||||
* | | | | | | | | | | | | | | | | | | | Merge branch 'winh-note_app_spec-vue-test-utils' into 'master'sh-bump-supported-ruby-versions | Fatih Acet | 2019-02-06 | 1 | -81/+86 | |
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | ||||||
| * | | | | | | | | | | | | | | | | | | | Convert note_app_spec.js to Vue test utils | Winnie Hellmann | 2019-02-04 | 1 | -81/+86 | |
* | | | | | | | | | | | | | | | | | | | | Merge branch 'gt-externalize-app-views-email_rejection_mailer' into 'master' | Filipa Lacerda | 2019-02-05 | 4 | -2/+10 | |
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | ||||||
| * | | | | | | | | | | | | | | | | | | | | Externalize strings from `/app/views/email_rejection_mailer` | George Tsiolis | 2019-02-05 | 4 | -2/+10 | |
* | | | | | | | | | | | | | | | | | | | | | Merge branch '54544-update-project-topics-styling-to-use-badges-design' into ... | Fatih Acet | 2019-02-05 | 4 | -4/+25 | |
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | ||||||
| * | | | | | | | | | | | | | | | | | | | | | Resolve "Update project topics styling to use badges design" | Brandon Labuschagne | 2019-02-05 | 4 | -4/+25 | |
|/ / / / / / / / / / / / / / / / / / / / / | ||||||
* | | | | | | | | | | | | | | | | | | | | | Merge branch 'patch-29' into 'master' | Evan Read | 2019-02-05 | 1 | -3/+3 | |
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | ||||||
| * | | | | | | | | | | | | | | | | | | | | | docs: improve OpenSSH installation on Windows options | Ben Bodenmiller | 2019-02-05 | 1 | -3/+3 | |
|/ / / / / / / / / / / / / / / / / / / / / | ||||||
* | | | | | | | | | | | | | | | | | | | | | Merge branch 'rd-update-last_activity_on-on-logins-and-browsing-activity-5494... | Stan Hu | 2019-02-05 | 11 | -0/+154 | |
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | ||||||
| * | | | | | | | | | | | | | | | | | | | | | Remove comment about needing cookie support | Stan Hu | 2019-02-05 | 1 | -2/+1 | |
| * | | | | | | | | | | | | | | | | | | | | | Update last_activity_on for Users on some main GET endpoints | Rubén Dávila | 2019-02-05 | 11 | -0/+155 | |
* | | | | | | | | | | | | | | | | | | | | | | Merge branch 'use-deployment-relation-to-fetch-environment-ce' into 'master' | Stan Hu | 2019-02-05 | 3 | -2/+37 | |
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | |_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|/ / / / |/| | | | | | | | | | | | | | | | | | | | | | ||||||
| * | | | | | | | | | | | | | | | | | | | | | Backport: Optimize slow pipelines.js response | Shinya Maeda | 2019-02-05 | 3 | -2/+37 | |
* | | | | | | | | | | | | | | | | | | | | | | Merge branch 'adriel-use-svg-icon-for-deployment-series' into 'master' | Phil Hughes | 2019-02-05 | 3 | -0/+99 | |
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | ||||||
| * | | | | | | | | | | | | | | | | | | | | | | Use svg icon for deployment series | Adriel Santiago | 2019-02-05 | 3 | -0/+99 | |
* | | | | | | | | | | | | | | | | | | | | | | | Merge branch 'jej/avoid-csrf-check-on-saml-failure' into 'master' | Rémy Coutable | 2019-02-05 | 3 | -1/+29 | |
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | ||||||
| * | | | | | | | | | | | | | | | | | | | | | | | Avoid CSRF check on SAML failure endpoint | James Edwards-Jones | 2019-02-04 | 3 | -1/+29 |