summaryrefslogtreecommitdiff
Commit message (Expand)AuthorAgeFilesLines
...
| | | * | | | | | | | | Alias GitHub and BitBucket OAuth2 callback URLsStan Hu2019-01-228-8/+43
| | * | | | | | | | | | Merge branch 'security-fix-protected-branches-creation-access-rights-ce' into...Yorick Peterse2019-01-252-23/+8
| | |\ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | [master] Check access rights when creating/updating ProtectedRefsFrancisco Javier López2019-01-252-23/+8
| | |/ / / / / / / / / /
| | * | | | | | | | | | Merge branch 'security-2780-disable-git-v2-protocol' into 'master'Yorick Peterse2019-01-253-1/+13
| | |\ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | Disable git v2 protocol temporarilyNick Thomas2019-01-243-1/+13
| | * | | | | | | | | | | Merge branch 'security-55320-stored-xss-in-user-status' into 'master'Tim Zallmann2019-01-253-7/+12
| | |\ \ \ \ \ \ \ \ \ \ \ | | | |_|_|_|_|_|_|_|_|/ / | | |/| | | | | | | | | |
| | | * | | | | | | | | | Use sanitized user status message for user popoverDennis Tang2019-01-233-7/+12
| | | | |/ / / / / / / / | | | |/| | | | | | | |
| | * | | | | | | | | | Merge branch 'security-2767-verify-lfs-finalize-from-workhorse' into 'master'Yorick Peterse2019-01-244-7/+25
| | |\ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | Verify that LFS upload requests are genuineNick Thomas2019-01-224-7/+25
| | | |/ / / / / / / / /
| | * | | | | | | | | | Merge branch 'security-project-move-users' into 'master'Yorick Peterse2019-01-246-7/+59
| | |\ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | Sent notification only to authorized usersJan Provaznik2019-01-236-7/+59
| | | |/ / / / / / / / /
| | * | | | | | | | | | Merge branch 'security-fix-user-email-tag-push-leak' into 'master'Yorick Peterse2019-01-243-3/+8
| | |\ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | Fix private user email being visible in tag webhooksLuke Duncalfe2019-01-183-3/+8
| | | * | | | | | | | | | Prefer build() rather than create()Luke Duncalfe2019-01-151-1/+1
| | | | |_|/ / / / / / / | | | |/| | | | | | | |
| | * | | | | | | | | | Merge branch 'security-stored-xss-via-katex' into 'master'Yorick Peterse2019-01-242-1/+22
| | |\ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | [master] Resolve "[Security] Stored XSS via KaTeX"Constance Okoghenun2019-01-242-1/+22
| | |/ / / / / / / / / /
| | * | | | | | | | | | Merge branch 'extract-pages-with-rubyzip' into 'master'Yorick Peterse2019-01-2417-25/+594
| | |\ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | Extract GitLab Pages using RubyZipKamil Trzciński2019-01-2217-25/+594
| | * | | | | | | | | | | Merge branch 'security-commit-status-shown-for-guest-user' into 'master'Yorick Peterse2019-01-243-1/+27
| | |\ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | Stop showing ci for guest usersSteve Azzopardi2019-01-233-1/+27
| | * | | | | | | | | | | | Merge branch 'security-fix-lfs-import-project-ssrf-forgery' into 'master'Yorick Peterse2019-01-2413-103/+359
| | |\ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | Added validations to prevent LFS object forgeryFrancisco Javier López2019-01-2113-103/+359
| | | | |_|_|_|_|_|/ / / / / | | | |/| | | | | | | | | |
| | * | | | | | | | | | | | Merge branch 'security-pipeline-trigger-tokens-exposure' into 'master'Yorick Peterse2019-01-2411-17/+130
| | |\ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | Add changelog for trigger token exposure fixGrzegorz Bizon2019-01-151-0/+5
| | | * | | | | | | | | | | | Fix subject in trigger presenter testsGrzegorz Bizon2019-01-151-1/+1
| | | * | | | | | | | | | | | Add some specs for trigger presenterGrzegorz Bizon2019-01-151-0/+51
| | | * | | | | | | | | | | | Present all pipeline triggers using trigger presenterGrzegorz Bizon2019-01-153-4/+6
| | | * | | | | | | | | | | | Do not expose trigger token when user should not see itGrzegorz Bizon2019-01-158-13/+68
| | | | |_|_|/ / / / / / / / | | | |/| | | | | | | | | |
| | * | | | | | | | | | | | Merge branch 'security-fix-regex-dos' into 'master'Yorick Peterse2019-01-244-1/+14
| | |\ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | Fix slow project reference pattern regexHeinrich Lee Yu2019-01-114-1/+14
| | | | |_|_|_|_|_|/ / / / / | | | |/| | | | | | | | | |
| | * | | | | | | | | | | | Merge branch 'security-fix-wiki-access-rights-with-external-wiki-enabled' int...Yorick Peterse2019-01-2414-51/+131
| | |\ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | Fixed bug when external wiki is enabledFrancisco Javier López2019-01-1814-51/+131
| | | | |_|/ / / / / / / / / | | | |/| | | | | | | | | |
| | * | | | | | | | | | | | Merge branch 'security-2769-idn-homograph-attack' into 'master'Yorick Peterse2019-01-249-13/+228
| | |\ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | Bump the CACHE_COMMONMARK_VERSIONBrett Walker2019-01-211-1/+1
| | | * | | | | | | | | | | | Show tooltip for malicious looking linksBrett Walker2019-01-218-12/+227
| | | | |_|_|_|_|_|_|_|/ / / | | | |/| | | | | | | | | |
| | * | | | | | | | | | | | Merge branch 'security-fix-new-issues-login-message' into 'master'Yorick Peterse2019-01-243-10/+7
| | |\ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | Use common error for unauthenticated usersHeinrich Lee Yu2019-01-143-10/+7
| | | | |_|_|/ / / / / / / / | | | |/| | | | | | | | | |
| | * | | | | | | | | | | | Merge branch 'security-2776-fix-add-reaction-permissions' into 'master'Yorick Peterse2019-01-243-0/+8
| | |\ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | Prevent award_emoji to notes not visible to userHeinrich Lee Yu2019-01-153-0/+8
| | | |/ / / / / / / / / / /
| | * | | | | | | | | | | | Merge branch 'security-2779-fix-email-comment-permissions-check' into 'master'Yorick Peterse2019-01-2412-37/+94
| | |\ \ \ \ \ \ \ \ \ \ \ \ | | | |_|_|_|_|_|_|_|/ / / / | | |/| | | | | | | | | | |
| | | * | | | | | | | | | | Prevent comments by email when issue is lockedHeinrich Lee Yu2019-01-2212-37/+94
| | | | |_|_|_|_|/ / / / / | | | |/| | | | | | | | |
* | | | | | | | | | | | | Merge branch 'winh-note_app_spec-vue-test-utils' into 'master'sh-bump-supported-ruby-versionsFatih Acet2019-02-061-81/+86
|\ \ \ \ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | | | | Convert note_app_spec.js to Vue test utilsWinnie Hellmann2019-02-041-81/+86
* | | | | | | | | | | | | | Merge branch 'gt-externalize-app-views-email_rejection_mailer' into 'master'Filipa Lacerda2019-02-054-2/+10
|\ \ \ \ \ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | | | | | Externalize strings from `/app/views/email_rejection_mailer`George Tsiolis2019-02-054-2/+10
* | | | | | | | | | | | | | | Merge branch '54544-update-project-topics-styling-to-use-badges-design' into ...Fatih Acet2019-02-054-4/+25
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | | | | | | Resolve "Update project topics styling to use badges design"Brandon Labuschagne2019-02-054-4/+25
|/ / / / / / / / / / / / / / /
* | | | | | | | | | | | | | | Merge branch 'patch-29' into 'master'Evan Read2019-02-051-3/+3
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | | | | | | docs: improve OpenSSH installation on Windows optionsBen Bodenmiller2019-02-051-3/+3
|/ / / / / / / / / / / / / / /
* | | | | | | | | | | | | | | Merge branch 'rd-update-last_activity_on-on-logins-and-browsing-activity-5494...Stan Hu2019-02-0511-0/+154
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \
View Lorry Controller Status