summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Update GITALY_SERVER_VERSION to 1.45.0pb-update-gitaly-1-45-0Patrick Bajao2019-06-042-1/+6
|
* Merge branch 'docs/admin_area_gitaly_servers' into 'master'Evan Read2019-06-041-1/+18
|\ | | | | | | | | Document the Admin Area's *Gitaly Servers* page See merge request gitlab-org/gitlab-ce!28987
| * Document the Admin Area's *Gitaly Servers* pageRussell Dickenson2019-06-041-1/+18
|/
* Merge branch 'sh-fix-version-12-0' into 'master'Robert Speicher2019-06-041-1/+1
|\ | | | | | | | | VERSION file should be 12.0, not 11.12 See merge request gitlab-org/gitlab-ce!29092
| * VERSION file should be 12.0, not 11.12Stan Hu2019-06-031-1/+1
| | | | | | | | | | This was apparently causing Gitlab.version_info to return the wrong values, causing the wrong images to be loaded via CI_SERVER_VERSION.
* | Merge branch 'docs/ssot_sign_up_restrictions' into 'master'Evan Read2019-06-041-0/+16
|\ \ | | | | | | | | | | | | Edited signup restrictions for SSOT guidelines See merge request gitlab-org/gitlab-ce!29049
| * | Edited signup restrictions for SSOT guidelinesRussell Dickenson2019-06-041-0/+16
|/ /
* | Merge branch 'docs/fix-doc-block' into 'master'Evan Read2019-06-031-3/+3
|\ \ | | | | | | | | | | | | Fix markdown parsing for doc page See merge request gitlab-org/gitlab-ce!29056
| * | Fix markdown parsing for doc pagedocs/fix-doc-blockSteve Azzopardi2019-06-031-3/+3
| | | | | | | | | | | | | | | The lack of indentatioin is causing the markdown parser to get confused and formating it wrong.
* | | Merge branch 'nik-api-snippets-fix' into 'master'Evan Read2019-06-031-5/+5
|\ \ \ | | | | | | | | | | | | | | | | Snippets API doc fixes: content->code; visibility is required See merge request gitlab-org/gitlab-ce!28571
| * | | Update description of Snippets API, create and update methodsNikolay Samokhvalov2019-06-031-5/+5
|/ / / | | | | | | | | | | | | Currently, the field used to fill the contents is called "code". Also "visibility" is now required.
* | | Merge branch 'sh-fix-import-url-update' into 'master'Thong Kuah2019-06-033-0/+19
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Fix project settings not being able to update Closes #62708 See merge request gitlab-org/gitlab-ce!29097
| * | | Fix project settings not being able to updateStan Hu2019-06-033-0/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously import_url would always be present in the update parameters, which would cause the validation to fail. We now only include this parameter only if there is URL given. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62708
* | | | Merge branch 'docs/instance_template_repository_ssot' into 'master'Evan Read2019-06-031-0/+16
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | Edit *Instance template repository* for SSOT epic See merge request gitlab-org/gitlab-ce!29032
| * | | | Edit *Instance template repository* for SSOT epicRussell Dickenson2019-06-031-0/+16
|/ / / /
* | | | Merge branch 'docs-herokuish-instead-of-bin-setup' into 'master'Evan Read2019-06-031-7/+8
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | Use /bin/herokuish in Auto DevOps docs examples See merge request gitlab-org/gitlab-ce!28974
| * | | | Use /bin/herokuish in Auto DevOps docs examplesdocs-herokuish-instead-of-bin-setupDylan Griffith2019-06-031-7/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous examples did work however they had a problem when the bin/setup script installed a different bundler version than the one in your Gemfile.lock. It is safer to use `/bin/herokuish procfile exec` to get access to all the environment already installed for your application instead of installing bundler again.
* | | | | Merge branch 'ce-nfriend-no-implicit-coercion-fixes' into 'master'Mike Greiling2019-06-0350-71/+76
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | CE Backport of !13803: "Fix all `no-implicit-coercion` ESLint violations See merge request gitlab-org/gitlab-ce!29007
| * | | | | Comply with `no-implicit-coercion` rule (CE)Nathan Friend2019-06-0350-71/+76
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit is the result of running `yarn eslint --fix` after enabling the `no-implicit-coercion` ESLint rule. This rule has been added to our ESLint config here: https://gitlab.com/gitlab-org/gitlab-eslint-config/merge_requests/14
* | | | | Merge branch '61264-dast-report-error' into 'master'Mayra Cabrera2019-06-031-36/+38
|\ \ \ \ \ | |_|/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | Backporting EE fix Closes #61264 See merge request gitlab-org/gitlab-ce!29004
| * | | | Backporting EE fixrossfuhrman2019-06-031-36/+38
|/ / / /
* | | | Merge branch 'winh-boardsStore.moving' into 'master'Mike Greiling2019-06-033-2/+21
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | Move boardsStore.moving to BoardList component See merge request gitlab-org/gitlab-ce!29076
| * | | | Move boardsStore.moving to BoardList componentWinnie Hellmann2019-06-033-2/+21
|/ / / /
* | | | Merge branch 'selfmanaged-gitlabcom-import-update-docs' into 'master'Drew Blessing2019-06-031-2/+3
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | Clarify "support" to mean GitLab.com integration See merge request gitlab-org/gitlab-ce!29091
| * | | | Clarify "support" to mean GitLab.com integrationGreg Myers2019-06-031-2/+3
|/ / / /
* | | | Merge branch 'qa-log-out-in-after-all-hook' into 'master'Dan Davison2019-06-031-0/+2
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | Log out in after all hook See merge request gitlab-org/gitlab-ce!28969
| * | | | Log out in after all hookqa-log-out-in-after-all-hookMark Lapierre2019-05-311-0/+2
| | | | | | | | | | | | | | | | | | | | So subsequent tests can successfully log in
* | | | | Merge branch 'tc-db-explain-analyze' into 'master'Kamil TrzciƄski2019-06-033-0/+34
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Add activerecord-explain-analyze gem See merge request gitlab-org/gitlab-ce!29051
| * | | | | Add activerecord-explain-analyze gemToon Claes2019-06-033-0/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This gem allows you to get the `EXPLAIN ANALYZE` query plan, directly from the Rails console. The gem is installed with `require: false`, but if it was loaded on launch, this would be it's memory load: ``` TOP: 145.3086 MiB rails/all: 22.4844 MiB ... activerecord-explain-analyze: 2.9648 MiB active_record/connection_adapters/postgresql_adapter: 2.9648 MiB pg: 2.9648 MiB pg_ext: 2.9648 MiB ... ```
* | | | | | Merge branch 'qa-tentative-to-de-quarantine-e2e-test' into 'master'Dan Davison2019-06-031-1/+1
|\ \ \ \ \ \ | |/ / / / / |/| | | | | | | | | | | | | | | | | Backport EE MR See merge request gitlab-org/gitlab-ce!29066
| * | | | | Backport EE MRqa-tentative-to-de-quarantine-e2e-testWalmyr Lima2019-06-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/13913
* | | | | | Merge branch 'lm-update-mermaid-arch' into 'master'Achilleas Pipinellis2019-06-031-1/+1
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | | | | | | | | | | | | | Update architecture.md to fix typo in GitLabMonito -> GitLabMonitor See merge request gitlab-org/gitlab-ce!28955
| * | | | | Update architecture.md to fix typo in GitLabMonito -> GitLabMonitorLee Matos2019-06-031-1/+1
|/ / / / /
* | | | | Merge branch 'sh-resolve-member-presenter-conflicts' into 'master'Robert Speicher2019-06-032-1/+17
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Reconcile CE and EE differences in members/_member.html.haml See merge request gitlab-org/gitlab-ce!29021
| * | | | | Reconcile CE and EE differences in members/_member.html.hamlsh-resolve-member-presenter-conflictsStan Hu2019-06-012-1/+17
| | | | | | | | | | | | | | | | | | | | | | | | This file conflicts quite frequently with any changes in the file.
* | | | | | Merge branch 'zj-bump-gitaly-master' into 'master'Mayra Cabrera2019-06-034-7/+7
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Stop two-step rebase from hanging when errors occur Closes #62353 See merge request gitlab-org/gitlab-ce!29068
| * | | | | | Bump Gitaly version to 1.44.0Douwe Maan2019-06-034-7/+7
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change makes sure Gitaly includes a fix to make rebase work again properly. Part of: https://gitlab.com/gitlab-org/gitlab-ce/issues/62353
* | | | | | Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhqRobert Speicher2019-06-039-3/+96
|\ \ \ \ \ \
| * \ \ \ \ \ Merge branch 'security-60143-address-xss-issue-master' into 'master'Robert Speicher2019-06-033-0/+55
| |\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reject slug+uri concat if slug is deemed unsafe See merge request gitlab/gitlabhq!3108
| | * | | | | | Reject slug+uri concat if slug is deemed unsafeKerri Miller2019-05-243-0/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | First reported: https://gitlab.com/gitlab-org/gitlab-ce/issues/60143 When the page slug is "javascript:" and we attempt to link to a relative path (using `.` or `..`) the code will concatenate the slug and the uri. This MR adds a guard to that concat step that will return `nil` if the incoming slug matches against any of the "unsafe" slug regexes; currently this is only for the slug "javascript:" but can be extended if needed. Manually tested against a non-exhaustive list from OWASP of common javascript XSS exploits that have to to with mangling the "javascript:" method, and all are caught by this change or by existing code that ingests the user-specified slug.
| * | | | | | | Merge branch 'security-58856-persistent-xss-in-note-objects' into 'master'Robert Speicher2019-06-036-3/+41
| |\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Persistent XSS in note objects CE See merge request gitlab/gitlabhq!3075
| | * | | | | | | Remove unused fixture linesTiger2019-05-281-2/+0
| | | | | | | | |
| | * | | | | | | Change `prohibited_key` to use regexescharlieablett2019-05-011-4/+2
| | | | | | | | |
| | * | | | | | | Add `html` to sensitive wordscharlieablett2019-05-013-3/+4
| | | | | | | | |
| | * | | | | | | Remove accidental regressionscharlieablett2019-04-301-5/+6
| | | | | | | | |
| | * | | | | | | Ensure Issue & MR note_html cannot be importedAsh McKenzie2019-04-302-16/+16
| | | | | | | | |
| | * | | | | | | Refactor `attribute_cleaner` for readabilitycharlieablett2019-04-301-1/+3
| | | | | | | | |
| | * | | | | | | Further clarify `attribute_cleaner`charlieablett2019-04-291-10/+4
| | | | | | | | |
| | * | | | | | | Tighten up prohibited_key methodcharlieablett2019-04-261-3/+2
| | | | | | | | |
| | * | | | | | | Use English instead of LatinCharlie Ablett2019-04-251-2/+2
| | | | | | | | |