summaryrefslogtreecommitdiff
Commit message (Expand)AuthorAgeFilesLines
* Merge branch 'security-2767-verify-lfs-finalize-from-workhorse' into 'master'Yorick Peterse2019-01-244-7/+25
|\
| * Verify that LFS upload requests are genuineNick Thomas2019-01-224-7/+25
* | Merge branch 'security-project-move-users' into 'master'Yorick Peterse2019-01-246-7/+59
|\ \
| * | Sent notification only to authorized usersJan Provaznik2019-01-236-7/+59
| |/
* | Merge branch 'security-fix-user-email-tag-push-leak' into 'master'Yorick Peterse2019-01-243-3/+8
|\ \
| * | Fix private user email being visible in tag webhooksLuke Duncalfe2019-01-183-3/+8
| * | Prefer build() rather than create()Luke Duncalfe2019-01-151-1/+1
* | | Merge branch 'security-stored-xss-via-katex' into 'master'Yorick Peterse2019-01-242-1/+22
|\ \ \
| * | | [master] Resolve "[Security] Stored XSS via KaTeX"Constance Okoghenun2019-01-242-1/+22
|/ / /
* | | Merge branch 'extract-pages-with-rubyzip' into 'master'Yorick Peterse2019-01-2417-25/+594
|\ \ \
| * | | Extract GitLab Pages using RubyZipKamil Trzciński2019-01-2217-25/+594
* | | | Merge branch 'security-commit-status-shown-for-guest-user' into 'master'Yorick Peterse2019-01-243-1/+27
|\ \ \ \
| * | | | Stop showing ci for guest usersSteve Azzopardi2019-01-233-1/+27
* | | | | Merge branch 'security-fix-lfs-import-project-ssrf-forgery' into 'master'Yorick Peterse2019-01-2413-103/+359
|\ \ \ \ \
| * | | | | Added validations to prevent LFS object forgeryFrancisco Javier López2019-01-2113-103/+359
* | | | | | Merge branch 'security-pipeline-trigger-tokens-exposure' into 'master'Yorick Peterse2019-01-2411-17/+130
|\ \ \ \ \ \
| * | | | | | Add changelog for trigger token exposure fixGrzegorz Bizon2019-01-151-0/+5
| * | | | | | Fix subject in trigger presenter testsGrzegorz Bizon2019-01-151-1/+1
| * | | | | | Add some specs for trigger presenterGrzegorz Bizon2019-01-151-0/+51
| * | | | | | Present all pipeline triggers using trigger presenterGrzegorz Bizon2019-01-153-4/+6
| * | | | | | Do not expose trigger token when user should not see itGrzegorz Bizon2019-01-158-13/+68
| | |_|_|/ / | |/| | | |
* | | | | | Merge branch 'security-fix-regex-dos' into 'master'Yorick Peterse2019-01-244-1/+14
|\ \ \ \ \ \
| * | | | | | Fix slow project reference pattern regexHeinrich Lee Yu2019-01-114-1/+14
* | | | | | | Merge branch 'security-fix-wiki-access-rights-with-external-wiki-enabled' int...Yorick Peterse2019-01-2414-51/+131
|\ \ \ \ \ \ \
| * | | | | | | Fixed bug when external wiki is enabledFrancisco Javier López2019-01-1814-51/+131
| | |_|/ / / / | |/| | | | |
* | | | | | | Merge branch 'security-2769-idn-homograph-attack' into 'master'Yorick Peterse2019-01-249-13/+228
|\ \ \ \ \ \ \
| * | | | | | | Bump the CACHE_COMMONMARK_VERSIONBrett Walker2019-01-211-1/+1
| * | | | | | | Show tooltip for malicious looking linksBrett Walker2019-01-218-12/+227
* | | | | | | | Merge branch 'security-fix-new-issues-login-message' into 'master'Yorick Peterse2019-01-243-10/+7
|\ \ \ \ \ \ \ \
| * | | | | | | | Use common error for unauthenticated usersHeinrich Lee Yu2019-01-143-10/+7
| | |_|_|/ / / / | |/| | | | | |
* | | | | | | | Merge branch 'security-2776-fix-add-reaction-permissions' into 'master'Yorick Peterse2019-01-243-0/+8
|\ \ \ \ \ \ \ \
| * | | | | | | | Prevent award_emoji to notes not visible to userHeinrich Lee Yu2019-01-153-0/+8
| |/ / / / / / /
* | | | | | | | Merge branch 'security-2779-fix-email-comment-permissions-check' into 'master'Yorick Peterse2019-01-2412-37/+94
|\ \ \ \ \ \ \ \
| * | | | | | | | Prevent comments by email when issue is lockedHeinrich Lee Yu2019-01-2212-37/+94
| | |_|_|_|_|/ / | |/| | | | | |
* | | | | | | | Merge branch 'qa/testing/cng/189' into 'master'Rémy Coutable2019-01-243-10/+9
|\ \ \ \ \ \ \ \
| * | | | | | | | Use $CI_COMMIT_REF_NAME for tags in trigger-buildRémy Coutable2019-01-242-5/+4
| * | | | | | | | Use $CI_COMMIT_REF_SLUG in review-apps.shRémy Coutable2019-01-241-5/+5
* | | | | | | | | Merge branch '54385-board-policy-ce' into 'master'Rémy Coutable2019-01-244-19/+22
|\ \ \ \ \ \ \ \ \
| * | | | | | | | | Backport of 54385-board-policyMario de la Ossa2019-01-184-19/+22
* | | | | | | | | | Merge branch '56556-fix-markdown-table-border' into 'master'Kushal Pandya2019-01-242-0/+6
|\ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | Fix markdown table borderJacques Erasmus2019-01-242-0/+6
|/ / / / / / / / / /
* | | | | | | | | | Merge branch '8621-new-feature-flag-vue-ce-backport' into 'master'Phil Hughes2019-01-241-1/+1
|\ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | Adds extra sizes in responsive tablesFilipa Lacerda2019-01-231-1/+1
| | |_|_|_|_|_|_|/ / | |/| | | | | | | |
* | | | | | | | | | Merge branch '56763-docs-lint-passes-if-a-relative-link-starts-with-doc-docs'...Rémy Coutable2019-01-241-1/+1
|\ \ \ \ \ \ \ \ \ \ | |_|_|/ / / / / / / |/| | | | | | | | |
| * | | | | | | | | Use the same path of the docs site as in productionAchilleas Pipinellis2019-01-231-1/+1
* | | | | | | | | | Merge branch 'qa-quarantine-auto-dev-ops-tests' into 'master'Rémy Coutable2019-01-241-1/+4
|\ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | Quarantine auto devops testsSanad Liaquat2019-01-241-1/+4
* | | | | | | | | | | Merge branch 'docs/document-built-in-templates' into 'master'Achilleas Pipinellis2019-01-245-47/+102
|\ \ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | | Restructure projects template topicsEvan Read2019-01-245-47/+102
|/ / / / / / / / / / /
* | | | | | | | | | | Merge branch 'docs/fix-bare-urls' into 'master'Achilleas Pipinellis2019-01-2467-152/+151
|\ \ \ \ \ \ \ \ \ \ \
View Lorry Controller Status