summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Bump Helm version in Auto-DevOps.gitlab-ci.ymlbump-auto-devops-helm-2-14-0Thong Kuah2019-06-042-2/+7
| | | | | See https://github.com/helm/helm/releases/tag/v2.14.0 for upstream changelog
* Merge branch 'winh-boardsStore.moving' into 'master'Mike Greiling2019-06-033-2/+21
|\ | | | | | | | | Move boardsStore.moving to BoardList component See merge request gitlab-org/gitlab-ce!29076
| * Move boardsStore.moving to BoardList componentWinnie Hellmann2019-06-033-2/+21
|/
* Merge branch 'selfmanaged-gitlabcom-import-update-docs' into 'master'Drew Blessing2019-06-031-2/+3
|\ | | | | | | | | Clarify "support" to mean GitLab.com integration See merge request gitlab-org/gitlab-ce!29091
| * Clarify "support" to mean GitLab.com integrationGreg Myers2019-06-031-2/+3
|/
* Merge branch 'qa-log-out-in-after-all-hook' into 'master'Dan Davison2019-06-031-0/+2
|\ | | | | | | | | Log out in after all hook See merge request gitlab-org/gitlab-ce!28969
| * Log out in after all hookqa-log-out-in-after-all-hookMark Lapierre2019-05-311-0/+2
| | | | | | | | So subsequent tests can successfully log in
* | Merge branch 'tc-db-explain-analyze' into 'master'Kamil Trzciński2019-06-033-0/+34
|\ \ | | | | | | | | | | | | Add activerecord-explain-analyze gem See merge request gitlab-org/gitlab-ce!29051
| * | Add activerecord-explain-analyze gemToon Claes2019-06-033-0/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This gem allows you to get the `EXPLAIN ANALYZE` query plan, directly from the Rails console. The gem is installed with `require: false`, but if it was loaded on launch, this would be it's memory load: ``` TOP: 145.3086 MiB rails/all: 22.4844 MiB ... activerecord-explain-analyze: 2.9648 MiB active_record/connection_adapters/postgresql_adapter: 2.9648 MiB pg: 2.9648 MiB pg_ext: 2.9648 MiB ... ```
* | | Merge branch 'qa-tentative-to-de-quarantine-e2e-test' into 'master'Dan Davison2019-06-031-1/+1
|\ \ \ | |/ / |/| | | | | | | | Backport EE MR See merge request gitlab-org/gitlab-ce!29066
| * | Backport EE MRqa-tentative-to-de-quarantine-e2e-testWalmyr Lima2019-06-031-1/+1
| | | | | | | | | | | | https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/13913
* | | Merge branch 'lm-update-mermaid-arch' into 'master'Achilleas Pipinellis2019-06-031-1/+1
|\ \ \ | | | | | | | | | | | | | | | | Update architecture.md to fix typo in GitLabMonito -> GitLabMonitor See merge request gitlab-org/gitlab-ce!28955
| * | | Update architecture.md to fix typo in GitLabMonito -> GitLabMonitorLee Matos2019-06-031-1/+1
|/ / /
* | | Merge branch 'sh-resolve-member-presenter-conflicts' into 'master'Robert Speicher2019-06-032-1/+17
|\ \ \ | | | | | | | | | | | | | | | | Reconcile CE and EE differences in members/_member.html.haml See merge request gitlab-org/gitlab-ce!29021
| * | | Reconcile CE and EE differences in members/_member.html.hamlsh-resolve-member-presenter-conflictsStan Hu2019-06-012-1/+17
| | | | | | | | | | | | | | | | This file conflicts quite frequently with any changes in the file.
* | | | Merge branch 'zj-bump-gitaly-master' into 'master'Mayra Cabrera2019-06-034-7/+7
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Stop two-step rebase from hanging when errors occur Closes #62353 See merge request gitlab-org/gitlab-ce!29068
| * | | | Bump Gitaly version to 1.44.0Douwe Maan2019-06-034-7/+7
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | This change makes sure Gitaly includes a fix to make rebase work again properly. Part of: https://gitlab.com/gitlab-org/gitlab-ce/issues/62353
* | | | Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhqRobert Speicher2019-06-039-3/+96
|\ \ \ \
| * \ \ \ Merge branch 'security-60143-address-xss-issue-master' into 'master'Robert Speicher2019-06-033-0/+55
| |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Reject slug+uri concat if slug is deemed unsafe See merge request gitlab/gitlabhq!3108
| | * | | | Reject slug+uri concat if slug is deemed unsafeKerri Miller2019-05-243-0/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | First reported: https://gitlab.com/gitlab-org/gitlab-ce/issues/60143 When the page slug is "javascript:" and we attempt to link to a relative path (using `.` or `..`) the code will concatenate the slug and the uri. This MR adds a guard to that concat step that will return `nil` if the incoming slug matches against any of the "unsafe" slug regexes; currently this is only for the slug "javascript:" but can be extended if needed. Manually tested against a non-exhaustive list from OWASP of common javascript XSS exploits that have to to with mangling the "javascript:" method, and all are caught by this change or by existing code that ingests the user-specified slug.
| * | | | | Merge branch 'security-58856-persistent-xss-in-note-objects' into 'master'Robert Speicher2019-06-036-3/+41
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Persistent XSS in note objects CE See merge request gitlab/gitlabhq!3075
| | * | | | | Remove unused fixture linesTiger2019-05-281-2/+0
| | | | | | |
| | * | | | | Change `prohibited_key` to use regexescharlieablett2019-05-011-4/+2
| | | | | | |
| | * | | | | Add `html` to sensitive wordscharlieablett2019-05-013-3/+4
| | | | | | |
| | * | | | | Remove accidental regressionscharlieablett2019-04-301-5/+6
| | | | | | |
| | * | | | | Ensure Issue & MR note_html cannot be importedAsh McKenzie2019-04-302-16/+16
| | | | | | |
| | * | | | | Refactor `attribute_cleaner` for readabilitycharlieablett2019-04-301-1/+3
| | | | | | |
| | * | | | | Further clarify `attribute_cleaner`charlieablett2019-04-291-10/+4
| | | | | | |
| | * | | | | Tighten up prohibited_key methodcharlieablett2019-04-261-3/+2
| | | | | | |
| | * | | | | Use English instead of LatinCharlie Ablett2019-04-251-2/+2
| | | | | | |
| | * | | | | Add disallowed fields to AttributeCleanercharlieablett2019-04-244-14/+21
| | | | | | |
| | * | | | | Re-stub stubbed method callscharlieablett2019-04-231-3/+9
| | | | | | |
| | * | | | | Add changelog entrycharlieablett2019-04-231-0/+5
| | | | | | |
| | * | | | | Exclude fields from note importcharlieablett2019-04-233-2/+29
| | | | | | |
* | | | | | | Merge branch 'osw-sync-merge-ref-upon-mergeability-check' into 'master'Douwe Maan2019-06-0314-222/+380
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatically update MR merge-ref along merge status Closes #58495 See merge request gitlab-org/gitlab-ce!28513
| * | | | | | | Add payload to the service responseOswaldo Ferreira2019-05-316-16/+152
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This introduces payload to the ServiceResponse with the merge ref HEAD commit data
| * | | | | | | Simplify merge_ref_head methodsOswaldo Ferreira2019-05-313-9/+7
| | | | | | | |
| * | | | | | | Automatically update MR merge-ref along merge statusOswaldo Ferreira2019-05-3112-215/+239
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This couples the code that transitions the `MergeRequest#merge_status` and refs/merge-requests/:iid/merge ref update. In general, instead of directly telling `MergeToRefService` to update the merge ref, we should rely on `MergeabilityCheckService` to keep both the merge status and merge ref synced. Now, if the merge_status is `can_be_merged` it means the merge-ref is also updated to the latest. We've also updated the logic to be more systematic and less user-based.
* | | | | | | | Merge branch '58269-separate-update-patch' into 'master'Mike Greiling2019-06-0310-235/+413
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not display Update app button when saving Knative domain name Closes #58269 See merge request gitlab-org/gitlab-ce!28904
| * | | | | | | | Add new externalized strings58269-separate-update-patchEnrique Alcantara2019-05-301-3/+6
| | | | | | | | |
| * | | | | | | | Add changelog entryEnrique Alcantara2019-05-301-0/+5
| | | | | | | | |
| * | | | | | | | Add updateSuccessful/Failed props to knative appEnrique Alcantara2019-05-303-27/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | They are used to indicate when knative domain name has changed
| * | | | | | | | Extract knative domain editor into a componentEnrique Alcantara2019-05-305-205/+365
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The new component also implements several improvements in the knative domain editor workflow: - Display a loading spinner when saving changes in the domain name - Display success toast message indicating changes were saved successfully. - Display error message in the contraty occurs
* | | | | | | | | Merge branch 'fp-update-invalid-anchor-link' into 'master'Marcia Ramos2019-06-031-4/+3
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update invalid anchor link See merge request gitlab-org/gitlab-ce!28822
| * | | | | | | | | Update invalid anchor linkFabio Pitino2019-06-031-4/+3
|/ / / / / / / / /
* | | | | | | | | Merge branch 'patch-64' into 'master'Marcia Ramos2019-06-031-1/+5
|\ \ \ \ \ \ \ \ \ | |_|_|_|_|_|_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | Docs: Fix badly rendered code blocks in JavaScript styleguide See merge request gitlab-org/gitlab-ce!29017
| * | | | | | | | Fix badly rendered code blocks in JavaScript styleguideOndřej Budai2019-06-011-1/+5
| | |_|_|_|_|/ / | |/| | | | | |
* | | | | | | | Merge branch 'tc-db-docs' into 'master'Marcia Ramos2019-06-031-2/+9
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add some more database docs See merge request gitlab-org/gitlab-ce!28784
| * | | | | | | | Add some more database docsToon Claes2019-06-031-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a few useful links for those who want to learn more about databases and database performance.
* | | | | | | | | Merge branch 'update-gitlab-runner-helm-chart-to-0-5-2' into 'master'Kamil Trzciński2019-06-032-1/+6
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update GitLab Runner Helm Chart to 0.5.2/11.11.2 See merge request gitlab-org/gitlab-ce!29050
View Lorry Controller Status