summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
| | * | | | | | | | Delete confidential issue todos for guestsFelipe Artur2018-12-1414-16/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix leaking information of confidential issues on TODOs when user is downgraded to guest access.
* | | | | | | | | | Merge branch ↵Kushal Pandya2019-01-024-4/+58
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | '54206-show-the-activity-filter-dropdown-in-discussion-tab-only' into 'master' Resolve "Show the activity filter dropdown in discussion tab only, show all discussions always in changes tab" Closes #54206 See merge request gitlab-org/gitlab-ce!24082
| * | | | | | | | | | Made discussion filters only visible in merge request discussions tabConstance Okoghenun2019-01-024-4/+58
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Discussion filters will be hidden on Commits, Pipelines, and Changes tabs on merge requests page. This does not affect its behavior on issues page
* | | | | | | | | | | Merge branch '55369-update-milestone-sort-to-say-say-milestone-due-date' ↵Sean McGivern2019-01-023-2/+7
|\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into 'master' Resolve "Update `Milestone` sort to say say `Milestone due date`" Closes #55369 See merge request gitlab-org/gitlab-ce!24080
| * | | | | | | | | | | Renames Milestone sort into Milestone due dateJacopo2018-12-313-2/+7
| | | | | | | | | | | |
* | | | | | | | | | | | Merge branch 's3-directories-get' into 'master'Kamil Trzciński2019-01-023-2/+8
|\ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use directories.new when getting S3 directory Closes gitlab-com/gl-infra/infrastructure#5807 See merge request gitlab-org/gitlab-ce!23981
| * | | | | | | | | | | | Use directories.new when getting S3 directoryJan Provaznik2018-12-273-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Calling `Fog::Storage::AWS::Directories#get` requires the ListAllMyBuckets permission, but we can avoid that extra query and permission by initializing the directory with a specific bucket: https://stackoverflow.com/a/12288581/1992201
* | | | | | | | | | | | | Merge branch '55755-user-activity-is-stuck-loading-when-there-is-none' into ↵Kushal Pandya2019-01-025-7/+24
|\ \ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'master' Resolve "User activity is stuck loading when there is none" Closes #55755 See merge request gitlab-org/gitlab-ce!24063
| * | | | | | | | | | | | | Resolve "User activity is stuck loading when there is none"Martin Wortschack2019-01-025-7/+24
|/ / / / / / / / / / / / /
* | | | | | | | | | | | | Merge branch 'sh-bump-qa-image-ruby-2.5' into 'master'Grzegorz Bizon2019-01-021-1/+1
|\ \ \ \ \ \ \ \ \ \ \ \ \ | |_|_|_|/ / / / / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade GitLab QA image to Ruby 2.5 See merge request gitlab-org/gitlab-ce!24091
| * | | | | | | | | | | | Upgrade GitLab QA image to Ruby 2.5Stan Hu2018-12-311-1/+1
| | |_|_|_|_|_|_|_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | GitLab is now shipping with Ruby 2.5.3, so we should make the version consistent for the QA image as well.
* | | | | | | | | | | | Merge branch ↵Sean McGivern2019-01-0212-13/+8
|\ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | '55838-remove-gem-install-bundler-from-docker-based-ruby-environments' into 'master' Remove gem install bundler from Docker-based Ruby environments Closes #55838 See merge request gitlab-org/gitlab-ce!24093
| * | | | | | | | | | | | Remove gem install bundler from Docker-based Ruby environmentsTakuya Noguchi2019-01-0112-13/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | bundler gem has been included in the Docker official Ruby image since 2.1. Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
* | | | | | | | | | | | | Merge branch 'qa-fix-logging-find-element' into 'master'Ramya Authappan2019-01-022-2/+14
|\ \ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | log text_filter arg of find_element Closes gitlab-org/quality/nightly#52 See merge request gitlab-org/gitlab-ce!24064
| * | | | | | | | | | | | | Log text_filter arg of find_elementMark Lapierre2018-12-282-2/+14
| | | | | | | | | | | | | |
* | | | | | | | | | | | | | Merge branch 'patch-37' into 'master'Evan Read2019-01-021-1/+1
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Updating link to correctly point to environment scope docs See merge request gitlab-org/gitlab-ce!24023
| * | | | | | | | | | | | | | Updating link to correctly point to environment scope docsGareth Davies2018-12-251-1/+1
| | | | | | | | | | | | | | |
* | | | | | | | | | | | | | | Merge branch 'patch-37' into 'master'Evan Read2019-01-021-2/+2
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update mysql.md - broken link See merge request gitlab-org/gitlab-ce!23988
| * | | | | | | | | | | | | | | Update mysql.mdsofiane belaribi2018-12-211-2/+2
| | | | | | | | | | | | | | | |
* | | | | | | | | | | | | | | | Merge branch '53656-explain-how-to-add-custom-kaniko-certificate' into 'master'Evan Read2019-01-011-0/+23
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Explain how to use kaniko with a registry with a custom certificate Closes #53656 See merge request gitlab-org/gitlab-ce!23875
| * | | | | | | | | | | | | | | | Explain how to use kaniko with a registry with a custom certificateRaphael Nestler2018-12-211-0/+23
| | | | | | | | | | | | | | | | |
* | | | | | | | | | | | | | | | | Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhqJohn Jarvis2019-01-0141-78/+620
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | |_|_|_|_|/ / / / / / / / / / / / |/| | | | | | | | | | | | | | | |
| * | | | | | | | | | | | | | | | Merge branch ↵John Jarvis2019-01-016-3/+77
| |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'security-53543-user-keeps-access-to-mr-issue-when-removed-from-team' into 'master' [master] Adds validation to check if user can read project See merge request gitlab/gitlabhq!2645
| | * | | | | | | | | | | | | | | | Adds validation to check if user can read projectTiago Botelho2018-12-196-3/+77
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | An issuable should not be available to a user if the project is not visible to that specific user
| * | | | | | | | | | | | | | | | | Merge branch 'security-bvl-fix-cross-project-mr-exposure' into 'master'John Jarvis2019-01-014-10/+111
| |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [master] Validate projects in MR build service See merge request gitlab/gitlabhq!2678
| | * | | | | | | | | | | | | | | | | Validate projects in MR build serviceBob Van Landuyt2018-12-144-10/+111
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This validates the correct abilities for both projects. Only `read_project` isn't enough: For the `source_project` we validate `create_merge_request_from` this also validates that the user has developer access to the project. For the `target_project` we validate `create_merge_reqeust_in` this also validates that the user has access to the project's repository. To avoid generating diffs for unrelated projects we also validate that the projects are in the same fork network now.
| * | | | | | | | | | | | | | | | | | Merge branch 'security-refs-available-to-project-guest' into 'master'John Jarvis2019-01-013-4/+26
| |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [master] Project guests no longer are able to see refs page See merge request gitlab/gitlabhq!2685
| | * | | | | | | | | | | | | | | | | | Project guests no longer are able to see refs pageTiago Botelho2018-12-193-4/+26
| | | |/ / / / / / / / / / / / / / / / | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds download_code authorization check to ProjectsController#refs action, to prevent a project guest from seeing branch, tags and commits information
| * | | | | | | | | | | | | | | | | | Merge branch 'security-fix-ssrf-import-url-remote-mirror' into 'master'John Jarvis2019-01-015-5/+30
| |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [master] SSRF - Scan Internal Ports and GCP/AWS endpoints See merge request gitlab/gitlabhq!2689
| | * | | | | | | | | | | | | | | | | | Replaced UrlValidator with PublicUrlValidator for import_url and remote ↵Francisco Javier López2018-12-135-5/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | mirror urls
| * | | | | | | | | | | | | | | | | | | Merge branch 'security-48259-private-snippet' into 'master'John Jarvis2019-01-019-11/+123
| |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [master] Prevent private snippet from being embeddable See merge request gitlab/gitlabhq!2692
| | * | | | | | | | | | | | | | | | | | | Block private snippets from being embeddableMark Chao2018-12-206-7/+82
| | | | | | | | | | | | | | | | | | | | |
| | * | | | | | | | | | | | | | | | | | | Move embeddable? to model to be used outside viewMark Chao2018-12-204-9/+46
| | | | | | | | | | | | | | | | | | | | |
| * | | | | | | | | | | | | | | | | | | | Merge branch 'security-54377-label-milestone-name-xss' into 'master'John Jarvis2019-01-013-7/+59
| |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [master] Escape label and milestone titles to prevent XSS in GFM autocomplete See merge request gitlab/gitlabhq!2693
| | * | | | | | | | | | | | | | | | | | | | Add changelog entryKushal Pandya2018-12-201-0/+5
| | | | | | | | | | | | | | | | | | | | | |
| | * | | | | | | | | | | | | | | | | | | | Escape label and milestone titles to prevent XSSKushal Pandya2018-12-202-7/+54
| | |/ / / / / / / / / / / / / / / / / / /
| * | | | | | | | | | | | | | | | | | | | Merge branch 'security-master-guests-jobs-api' into 'master'John Jarvis2019-01-013-6/+36
| |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [master] Guest users have access to all Job information via the API See merge request gitlab/gitlabhq!2717
| | * | | | | | | | | | | | | | | | | | | | Add CHANGELOG entryMatija Čupić2018-12-221-0/+5
| | | | | | | | | | | | | | | | | | | | | |
| | * | | | | | | | | | | | | | | | | | | | Move pipeline auth above pipeline assignmentMatija Čupić2018-12-201-1/+1
| | | | | | | | | | | | | | | | | | | | | |
| | * | | | | | | | | | | | | | | | | | | | Authorize read_pipeline before read_buildMatija Čupić2018-12-191-0/+1
| | | | | | | | | | | | | | | | | | | | | |
| | * | | | | | | | | | | | | | | | | | | | Authorize read_build when listing pipeline jobsMatija Čupić2018-12-192-3/+15
| | | | | | | | | | | | | | | | | | | | | |
| | * | | | | | | | | | | | | | | | | | | | Authorize read_build action when listing jobsMatija Čupić2018-12-192-3/+15
| | | | | | | | | | | | | | | | | | | | | |
| * | | | | | | | | | | | | | | | | | | | | Merge branch 'security-fix-ssrf-lfs-project-import' into 'master'John Jarvis2019-01-012-17/+77
| |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [master] SSRF in project imports with LFS See merge request gitlab/gitlabhq!2720
| | * | | | | | | | | | | | | | | | | | | | | Fixed SSRF in project imports with LFSFrancisco Javier López2018-12-182-17/+77
| | | | | | | | | | | | | | | | | | | | | | |
| * | | | | | | | | | | | | | | | | | | | | | Merge branch 'security-master-group-cicd-settings-accessible-to-maintainer' ↵John Jarvis2019-01-015-15/+56
| |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into 'master' [master] Group Ex-Maintainer Could maintain Access to Project's Source Code/Jobs/Pipelines/Artifacts if it had Shared Group Runner Configured See merge request gitlab/gitlabhq!2721
| | * | | | | | | | | | | | | | | | | | | | | | Add CHANGELOG entryMatija Čupić2018-12-241-0/+5
| | | | | | | | | | | | | | | | | | | | | | | |
| | * | | | | | | | | | | | | | | | | | | | | | Check for group admin permissionsMatija Čupić2018-12-204-15/+51
| | | | | | | | | | | | | | | | | | | | | | | |
| * | | | | | | | | | | | | | | | | | | | | | | Update CHANGELOG.md for 11.6.1GitLab Release Tools Bot2018-12-281-0/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [ci skip]
* | | | | | | | | | | | | | | | | | | | | | | | Merge branch 'patch-37' into 'master'Sean McGivern2019-01-0138-38/+38
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix #55740: Use the '--no-document' option instead of the 'gem' tool's deprecated options Closes #55740 See merge request gitlab-org/gitlab-ce!24049
| * | | | | | | | | | | | | | | | | | | | | | | | Stop using deprecated argument to `gem`Sean McGivern2019-01-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `--no-rdoc` and `--no-ri` have been deprecated since RubyGems 2.0: https://github.com/rubygems/rubygems/blob/v2.0.0/History.txt#L43 They were finally removed in a recent release: https://github.com/rubygems/rubygems/pull/2354
View Lorry Controller Status