| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
| |
[ci skip]
|
|\
| |
| |
| |
| | |
[10.1] Fix bug in security release with deploy keys migration
See merge request gitlab-org/gitlab-ce!16528
|
|/ |
|
| |
|
|
|
| |
[ci skip]
|
|\
| |
| |
| |
| | |
Prepare 10.1.6 Security Release
See merge request gitlab/gitlabhq!2291
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[10.1] Prevent login with disabled OAuth providers
See merge request gitlab/gitlabhq!2249
(cherry picked from commit e4951cc45f29a9ec1e07408102ab339444ff43e8)
71d8d00c Prevents login with disabled OAuth providers
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Port of [10.2] Sanitizes IPython notebook output
See merge request gitlab/gitlabhq!2284
(cherry picked from commit 72ce40bdebe73a06dc282d42f2c8a729730c9cee)
989d1187 Port of [10.2] Sanitizes IPython notebook output
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
'41293-fix-command-injection-vulnerability-on-system_hook_push-queue-through-web-hook-10-1' into 'security-10-1'
[10.1] Don't allow line breaks on HTTP headers
See merge request gitlab/gitlabhq!2286
(cherry picked from commit 271ef222fa964481379a14a9c07805621a7d52a6)
a30812d3 Don't allow line breaks on HTTP headers
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[10.1] Fix RCE via project import mechanism
See merge request gitlab/gitlabhq!2292
(cherry picked from commit 9a399c554268f3ac9e9cd2340600c2df2f5dfa47)
fdbd8d03 Fix RCE via project import mechanism
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
'security-10-1'
[10.1] Migrate `can_push` column from `keys` to `deploy_keys_project`
See merge request gitlab/gitlabhq!2274
(cherry picked from commit b8ed2ac5bf4a75d0787315e741d4c9aacd36e07e)
5f214517 Backport to 10.1
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[10.1] backport - check project access on MR create
See merge request gitlab/gitlabhq!2280
(cherry picked from commit 6ca3de3c1e97590f62677227c7eef2f000db766c)
285551b9 check project access on MR create
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[10.1] Fix path traversal in gitlab-ci.yml cache:key
See merge request gitlab/gitlabhq!2272
(cherry picked from commit 991ae1d593e78e7c2484d5fe5b12dfce44a94bc8)
754c83ea Fix path traversal in gitlab-ci.yml cache:key
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Validate project path in Gitlab import - 10.1 port
See merge request gitlab/gitlabhq!2266
(cherry picked from commit 14e7f46a07a45bf851178ae6c90c519460bf9736)
13ad8b50 Validate project path in Gitlab import
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove order param from the MilestoneFinder - 10.1 port
See merge request gitlab/gitlabhq!2265
(cherry picked from commit 5f0bb7928b40029a2ced18063c36697e3f8e80c2)
85c6530e Remove order param from the MilestoneFinder
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[10.1] Fix XSS in issue label dropdown
See merge request gitlab/gitlabhq!2252
(cherry picked from commit 447270c2603dc4962d6aed87baeaeb56c59788ba)
71c6cded Fix XSS in issue label dropdown
0cc81a51 Move xss_label to smaller test scope
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[10.1] Fix XSS vulnerability in Pipeline job trace - back port 10.1
See merge request gitlab/gitlabhq!2261
(cherry picked from commit ddb49b9053a31db0dfb93e02be1975549f991695)
dc3d4676 Fix XSS vulnerability in Pipeline job trace
|
|/
|
|
|
|
|
|
|
|
|
| |
'security-10-1-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-1'
Filter out sensitive fields from the project services API
See merge request gitlab/gitlabhq!2283
(cherry picked from commit cde3ae62e8f602b8db4fbdd382fba1a90780be7f)
c958086d Filter out sensitive fields from the project services API
|
|
|
|
|
|
|
| |
Bump redis-rails to 5.0.2 to get redis-store security updates
Closes #40889
See merge request gitlab-org/gitlab-ce!15773
|
|\
| |
| |
| |
| | |
Add changelog entries for 10.1.5
See merge request gitlab-org/gitlab-ce!15908
|
|/ |
|
| |
|
|
|
| |
[ci skip]
|
|\
| |
| |
| |
| | |
Prepare 10.1.4 release
See merge request gitlab-org/gitlab-ce!15379
|
| |
| |
| |
| |
| |
| |
| | |
Prevent error when authorizing an admin-created OAauth application without a set owner
Closes #40086
See merge request gitlab-org/gitlab-ce!15349
|
| |
| |
| |
| |
| |
| |
| | |
Don't try to create fork network memberships for forks of forks
Closes #40072
See merge request gitlab-org/gitlab-ce!15366
|
| |
| |
| |
| |
| |
| |
| | |
Prevent position update for image diff notes
Closes #40058
See merge request gitlab-org/gitlab-ce!15357
|
|/
|
|
|
| |
Formats bytes to human readable number in registry table
See merge request gitlab-org/gitlab-ce!15359
|
| |
|
|
|
| |
[ci skip]
|
|\
| |
| |
| |
| | |
Prepare 10.1.3 release
See merge request gitlab-org/gitlab-ce!15209
|
| |
| |
| |
| |
| |
| |
| | |
Prevent fast forward merge when rebase is required
Closes #39773
See merge request gitlab-org/gitlab-ce!15296
|
| |\
| |/
|/|
| |
| | |
* 10-1-stable:
Merge branch '32059-fix-oauth-phishing' into 'master'
|
| |
| |
| |
| |
| |
| | |
Prevent OAuth phishing attack by presenting detailed wording about app to user during authorization
See merge request gitlab-org/gitlab-ce!15311
|
| |
| |
| |
| |
| | |
Prevent OAuth phishing attack by presenting detailed wording about app to user during authorization
See merge request gitlab/gitlabhq!2205
|
| | |
|
| |\
| |/
|/|
| |
| | |
* 10-1-stable:
Add 10.1.2 security fixes to CHANGELOG.md
|
|\ \
| | |
| | |
| | |
| | | |
Add 10.1.2 security fixes to CHANGELOG.md
See merge request gitlab-org/gitlab-ce!15302
|
|/ / |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Resolve "Fix GKE wording"
Closes #39648
See merge request gitlab-org/gitlab-ce!15204
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
into 'master'
Make sure group and project creation is blocked for new users that are external by default
Closes #39664
See merge request gitlab-org/gitlab-ce!15212
|
| |
| |
| |
| |
| |
| |
| | |
Resolve "GPG tooltips not working in Safari"
Closes #38385
See merge request gitlab-org/gitlab-ce!15228
|
| |
| |
| |
| |
| |
| |
| | |
Fix arguments error on Import/Export fetch_ref method
Closes #39541
See merge request gitlab-org/gitlab-ce!15241
|
| |\
| | |
| | |
| | |
| | |
| | |
| | | |
10-1-stable-patch-2
* 10-1-jivl-fix-cancel-button-file-upload-new-issue:
Merge branch 'jivl-fix-cancel-button-file-upload-new-issue' into 'master'
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix cancel button not working when uploading a file on the new issue page
Closes #39512
See merge request gitlab-org/gitlab-ce!15137
|
| |\ \
| |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | | |
* 10-1-stable:
Update VERSION to 10.1.2
Update CHANGELOG.md for 10.1.2
Merge branch 'fix-mysql-grant-check' into 'master'
Merge branch '36099-api-responses-missing-x-content-type-options-header' into '10-1-stable'
Merge branch 'ssrf-protections-round-2' into 'security-10-1'
|
| | | |
|
| | |
| | |
| | | |
[ci skip]
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix TRIGGER checks for MySQL
Closes #38372
See merge request gitlab-org/gitlab-ce!15226
(cherry picked from commit d45fef88f7f0aa249893f9f151185eac5b9bb870)
|