| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|\
| |
| |
| |
| |
| |
| | |
Merge dev.gitlab.org master into GitLab.com master
Closes #54721, #56663, #2779, #2776, #2772, #2783, #2766, #2784, #2760, #2775, #2777, #2767, #2786, #2780, and #56860
See merge request gitlab-org/gitlab-ce!24935
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
GitLab.com master now points at Gitaly v1.17.0. Dev master pointed at
1.14.1 due to a recent security release. That fix is present in 1.17.0
so it is safe to take the .com side here.
|
| |\ |
|
| | |
| | |
| | | |
[ci skip]
|
| | |
| | |
| | | |
[ci skip]
|
| | |\
| | | |
| | | |
| | | |
| | | | |
[master] Fix requiring the rubyzip Gem
See merge request gitlab/gitlabhq!2876
|
| | |/
| | |
| | |
| | |
| | |
| | |
| | | |
In commit 6fa5fd8515e0f2d5a6341134560021f353d84362 the `require: false`
was removed to ensure the Gem was loaded at run time. Unfortunately, the
`require` necessary for the rubyzip Gem is "zip" and not "rubyzip". As a
result, Bundler would not require the Gem. This meant that we would
still run into constant errors when referring to `Zip::File`.
|
| | |\
| | | |
| | | |
| | | |
| | | | |
[master] Fix uninitialized constant with GitLab Pages deploy
See merge request gitlab/gitlabhq!2875
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
pages:deploy step was failing with the following error:
```
unitialized constant SafeZip::Extract::Zip
```
Since license_finder already pulls in rubyzip, we can make it
a required gem. We also use the scope operator to make the reference to
Zip::File explicit.
|
| | |/
| | |
| | | |
[ci skip]
|
| | |
| | |
| | | |
[ci skip]
|
| | |
| | |
| | | |
[ci skip]
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix a JS race in a spec
Closes #56860
See merge request gitlab-org/gitlab-ce!24684
|
| | |\
| | | |
| | | |
| | | |
| | | | |
[master] Pipelines section is available to unauthorized users
See merge request gitlab/gitlabhq!2480
|
| | |/ |
|
| | |\
| | | |
| | | |
| | | |
| | | | |
[master] Resolve "Removing a user from a private group doesn't remove them from group's project, if their project's role was changed"
See merge request gitlab/gitlabhq!2629
|
| | | | |
|
| | |\ \
| | | | |
| | | | |
| | | | |
| | | | | |
[master] Fix error disclosure on Project Import
See merge request gitlab/gitlabhq!2675
|
| | | | | |
|
| | |\ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
[master] Group Guests are no longer able to see merge requests
See merge request gitlab/gitlabhq!2694
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Group guests will only be displayed merge requests to
projects they have a access level to, higher than Reporter.
Visible projects will still display the merge requests to Guests
|
| | |\ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
[master] Fix Imported Project Retains Prior Visibility Setting
See merge request gitlab/gitlabhq!2734
|
| | | | | | | |
|
| | |\ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
[master] Fix contributed projects info is still visible even user enable private profile
See merge request gitlab/gitlabhq!2743
|
| | | | | | | | |
|
| | |\ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
[master] Don't process MR refs for guests in the notes
See merge request gitlab/gitlabhq!2771
|
| | | | | | | | | |
|
| | |\ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
[master] Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs
See merge request gitlab/gitlabhq!2793
|
| | | | | | | | | | |
|
| | | | | | | | | | |
|
| | | | | | | | | | |
|
| | |\ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
[master] Alias GitHub and Bitbucket OAuth2 callback URLs
See merge request gitlab/gitlabhq!2840
|
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
To prevent an OAuth2 covert redirect vulnerability, this commit adds and
uses an alias for the GitHub and BitBucket OAuth2 callback URLs to the
following paths:
GitHub: /users/auth/-/import/github
Bitbucket: /users/auth/-/import/bitbucket
This allows admins to put a more restrictive callback URL in the OAuth2
configuration settings. Instead of https://example.com, admins can now use:
https://example.com/users/auth
It's possible but not trivial to change Devise and OmniAuth to use a
different prefix for callback URLs instead of /users/auth. For now,
aliasing the import URLs under the /users/auth namespace should suffice.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56663
|
| | |\ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
into 'master'
[master] Check access rights when creating/updating ProtectedRefs
See merge request gitlab/gitlabhq!2799
|
| | |/ / / / / / / / / |
|
| | |\ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
[master] Disable git v2 protocol temporarily
Closes #2780
See merge request gitlab/gitlabhq!2827
|
| | | | | | | | | | | | |
|
| | |\ \ \ \ \ \ \ \ \ \
| | | |_|_|_|_|_|_|_|_|/
| | |/| | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
[master] Use sanitized user status message in user popover
Closes #2786
See merge request gitlab/gitlabhq!2848
|
| | | | |/ / / / / / /
| | | |/| | | | | | | |
|
| | |\ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
[master] Verify that LFS upload requests are genuine
Closes #2767
See merge request gitlab/gitlabhq!2767
|