summaryrefslogtreecommitdiff
Commit message (Expand)AuthorAgeFilesLines
* Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhqSteve Azzopardi2018-11-291-0/+92
|\
| * Merge branch 'security-email-change-notification' into 'master'Cindy Pallares2018-11-285-0/+32
| |\
| | * Provide email notification on email updatesJames Lopez2018-11-125-0/+32
| * | Merge branch 'security-fix-uri-xss-applications' into 'master'Cindy Pallares2018-11-287-2/+121
| |\ \
| | * \ Merge branch 'master' into 'security-fix-uri-xss-applications'James Lopez2018-11-021091-8369/+16763
| | |\ \
| | * | | Resolve reflected XSS in Ouath authorize windowJames Lopez2018-10-298-3/+122
| * | | | Merge branch 'security-fj-crlf-injection' into 'master'Cindy Pallares2018-11-285-54/+128
| |\ \ \ \
| | * | | | [master] Fix CRLF issue in UrlValidatorFrancisco Javier López2018-11-285-54/+128
| |/ / / /
| * | | | Merge branch 'security-fix-pat-web-access' into 'master'Cindy Pallares2018-11-2828-281/+538
| |\ \ \ \
| | * | | | Update code to use API scope on PAT authJames Lopez2018-11-2328-281/+538
| * | | | | Merge branch 'security-guest-comments' into 'master'Cindy Pallares2018-11-2813-34/+187
| |\ \ \ \ \
| | * | | | | [master]Fixed ability to comment on and edit/delete comments on locked or con...Chantal Rollison2018-11-2813-34/+187
| |/ / / / /
| * | | | | Merge branch 'security-pages-toctou-race' into 'master'Cindy Pallares2018-11-282-1/+7
| |\ \ \ \ \
| | * | | | | Upgrade GitLab Pages to v1.3.1Alessio Caiazza2018-11-212-1/+7
| * | | | | | Merge branch 'security-xss-in-markdown-following-unrecognized-html-element' i...Cindy Pallares2018-11-285-2/+25
| |\ \ \ \ \ \
| | * | | | | | Sanitize output of SpacedLinkFilterBrett Walker2018-11-165-2/+25
| * | | | | | | Merge branch 'security-mermaid-xss' into 'master'Cindy Pallares2018-11-284-1/+21
| |\ \ \ \ \ \ \
| | * | | | | | | [master] Fix XSS in mermaid diagramsWinnie Hellmann2018-11-284-1/+21
| |/ / / / / / /
| * | | | | | | Merge branch 'security-bvl-exposure-in-commits-list' into 'master'Cindy Pallares2018-11-283-55/+67
| |\ \ \ \ \ \ \
| | * | | | | | | Don't use fragment cache on commit pageBob Van Landuyt2018-11-193-55/+67
| * | | | | | | | Merge branch 'security-issue_51301' into 'master'Cindy Pallares2018-11-286-12/+96
| |\ \ \ \ \ \ \ \
| | * | | | | | | | Fix milestone promotion authorizationFelipe Artur2018-11-146-12/+96
| * | | | | | | | | Merge branch 'security-2736-prometheus-ssrf' into 'master'Cindy Pallares2018-11-284-3/+25
| |\ \ \ \ \ \ \ \ \
| | * | | | | | | | | Changelog entry for prometheus ssrf fixrpereira22018-11-131-0/+5
| | * | | | | | | | | Fix rubocop missing whitespace warningsrpereira22018-11-131-2/+2
| | * | | | | | | | | No redirects in prometheus servicerpereira22018-11-133-3/+20
| * | | | | | | | | | Merge branch 'security-stored-xss-for-environments' into 'master'Cindy Pallares2018-11-286-5/+66
| |\ \ \ \ \ \ \ \ \ \
| | * | | | | | | | | | Cleanup stored XSS from environments tableAlessio Caiazza2018-11-212-0/+46
| | * | | | | | | | | | Validate URI scheme also for internal URIAlessio Caiazza2018-11-214-5/+20
| | | |_|_|_|/ / / / / | | |/| | | | | | | |
| * | | | | | | | | | Merge branch 'security-private-group' into 'master'Cindy Pallares2018-11-283-0/+26
| |\ \ \ \ \ \ \ \ \ \
| | * | | | | | | | | | Fixed read private group namesChantal Rollison2018-11-123-0/+26
| * | | | | | | | | | | Merge branch 'security-182-update-workhorse' into 'master'Cindy Pallares2018-11-283-1/+9
| |\ \ \ \ \ \ \ \ \ \ \
| | * | | | | | | | | | | Redact sensitive information on workhorse logMark Chao2018-11-233-1/+9
| * | | | | | | | | | | | Update CHANGELOG.md for 11.4.8GitLab Release Tools Bot2018-11-271-0/+30
| * | | | | | | | | | | | Update CHANGELOG.md for 11.3.11GitLab Release Tools Bot2018-11-261-0/+39
| * | | | | | | | | | | | Update CHANGELOG.md for 11.5.1GitLab Release Tools Bot2018-11-261-0/+23
* | | | | | | | | | | | | Merge branch 'restore-ssh-host-keys' into 'master'Evan Read2018-11-291-0/+2
|\ \ \ \ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | | | | Add clarification on Host KeysDavin Walker2018-11-281-0/+2
* | | | | | | | | | | | | | Merge branch 'sh-bump-gitlab-shell-8.4.3' into 'master'Stan Hu2018-11-291-1/+1
|\ \ \ \ \ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | | | | | Bump gitlab-shell to 8.4.3Stan Hu2018-11-281-1/+1
* | | | | | | | | | | | | | | Merge branch 'doc-for-knative-ip-address' into 'master'Evan Read2018-11-291-8/+5
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | | | | | | Update Knative IP address docsDylan Griffith2018-11-281-8/+5
* | | | | | | | | | | | | | | | Merge branch 'security-11-5-fix-webhook-ssrf-ipv6' into 'security-11-5'Steve Azzopardi2018-11-283-13/+112
* | | | | | | | | | | | | | | | Merge branch 'security-email-change-notification' into 'master'Cindy Pallares2018-11-285-0/+32
* | | | | | | | | | | | | | | | Merge branch 'security-fix-uri-xss-applications' into 'master'Cindy Pallares2018-11-287-2/+121
* | | | | | | | | | | | | | | | Merge branch 'security-fj-crlf-injection' into 'master'Cindy Pallares2018-11-285-54/+128
* | | | | | | | | | | | | | | | Merge branch 'security-fix-pat-web-access' into 'master'Cindy Pallares2018-11-2828-281/+538
* | | | | | | | | | | | | | | | Merge branch 'security-guest-comments' into 'master'Cindy Pallares2018-11-2813-34/+187
* | | | | | | | | | | | | | | | Merge branch 'security-pages-toctou-race' into 'master'Cindy Pallares2018-11-282-1/+7
* | | | | | | | | | | | | | | | Merge branch 'security-xss-in-markdown-following-unrecognized-html-element' i...Cindy Pallares2018-11-285-2/+25
View Lorry Controller Status