Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Update VERSION to 11.2.7v11.2.7 | GitLab Release Tools Bot | 2018-10-27 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 11.2.7 | GitLab Release Tools Bot | 2018-10-27 | 1 | -0/+4 |
| | | | [ci skip] | ||||
* | Merge branch 'fix_pat_auth-11-2' into 'security-11-2' | Robert Speicher | 2018-10-26 | 3 | -3/+3 |
| | | | | | [11.2] Fix Token lookup for Git over HTTP and registry authentication See merge request gitlab/gitlabhq!2579 | ||||
* | Update VERSION to 11.2.6v11.2.6 | GitLab Release Tools Bot | 2018-10-26 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 11.2.6 | GitLab Release Tools Bot | 2018-10-26 | 6 | -25/+11 |
| | | | [ci skip] | ||||
* | Merge branch 'security-11-2-2717-fix-issue-title-xss' into 'security-11-2' | Jan Provaznik | 2018-10-24 | 3 | -4/+25 |
| | | | | | [11.2] Escape issue title while template rendering to prevent XSS See merge request gitlab/gitlabhq!2558 | ||||
* | Merge branch 'security-redact-links-11-2' into 'security-11-2' | Jan Provaznik | 2018-10-24 | 11 | -1/+382 |
| | | | | | [11.2] Redact unsubscribe links in issuable texts See merge request gitlab/gitlabhq!2567 | ||||
* | Merge branch 'security-fix/control-headers-11-2' into 'security-11-2' | Jan Provaznik | 2018-10-24 | 4 | -7/+65 |
| | | | | | : [11.2] Resolve "Sensitive information is stored in browser history" See merge request gitlab/gitlabhq!2560 | ||||
* | Merge branch 'security-11-2-junit-test-report-exposes-stacktrace' into ↵ | Jan Provaznik | 2018-10-24 | 1 | -4/+4 |
| | | | | | | | 'security-11-2' [11.2] JUnit test reports endpoint exposes full stack trace in production mode See merge request gitlab/gitlabhq!2554 | ||||
* | Merge branch 'security-if-51113-hash_tokens-11-2' into 'security-11-2' | Jan Provaznik | 2018-10-24 | 20 | -69/+701 |
| | | | | | [11.2] Persist only SHA digest of PersonalAccessToken#token See merge request gitlab/gitlabhq!2553 | ||||
* | Merge branch 'security-11-2-51527-xss-in-mr-source-branch' into 'security-11-2' | Thiago Presa | 2018-10-24 | 3 | -9/+17 |
| | | | | | [11.2] Fix XSS in MR source branch name See merge request gitlab/gitlabhq!2546 | ||||
* | Merge branch 'sh-block-other-localhost-11-2' into 'security-11-2' | Thiago Presa | 2018-10-24 | 3 | -0/+37 |
| | | | | | [11.2] Prevent SSRF attacks in HipChat integration See merge request gitlab/gitlabhq!2549 | ||||
* | Update VERSION to 11.2.5v11.2.5 | GitLab Release Tools Bot | 2018-10-05 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 11.2.5 | GitLab Release Tools Bot | 2018-10-05 | 4 | -15/+9 |
| | | | [ci skip] | ||||
* | Merge branch 'security-bw-confidential-titles-through-markdown-api-11-2' ↵ | Bob Van Landuyt | 2018-10-04 | 5 | -5/+62 |
| | | | | | | | into 'security-11-2' [11.2] Confidential issue/private snippet titles can be read by unauthenticated user through GFM markdown API See merge request gitlab/gitlabhq!2534 | ||||
* | Merge branch 'security-fix-leaking-private-project-namespace-11-2' into ↵ | Bob Van Landuyt | 2018-10-04 | 6 | -33/+80 |
| | | | | | | | 'security-11-2' [11-2] Fix leaking private project namespace See merge request gitlab/gitlabhq!2541 | ||||
* | Merge branch 'security-osw-user-info-leak-discussions-11-2' into 'security-11-2' | Bob Van Landuyt | 2018-10-04 | 4 | -1/+39 |
| | | | | | [11.2] Filter user sensitive data from discussions JSON See merge request gitlab/gitlabhq!2538 | ||||
* | Update VERSION to 11.2.4v11.2.4 | GitLab Release Tools Bot | 2018-09-26 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 11.2.4 | GitLab Release Tools Bot | 2018-09-26 | 7 | -30/+12 |
| | | | [ci skip] | ||||
* | Merge branch 'security-fj-stored-xss-in-repository-imports-11-2' into ↵ | Bob Van Landuyt | 2018-09-25 | 3 | -1/+34 |
| | | | | | | | 'security-11-2' [11.2] Stored XSS in Gitlab Merge Request from imported repository See merge request gitlab/gitlabhq!2501 | ||||
* | Merge branch 'security-package-json-xss-11-2' into 'security-11-2' | Bob Van Landuyt | 2018-09-25 | 3 | -5/+24 |
| | | | | | [11.2] Fix XSS vulnerability sourced from package.json's homepage See merge request gitlab/gitlabhq!2509 | ||||
* | Merge branch 'fix-events-finder-incomplete-11-2' into 'security-11-2' | Bob Van Landuyt | 2018-09-24 | 7 | -6/+235 |
| | | | | | [11.2] Redact events shown in the events API See merge request gitlab/gitlabhq!2519 | ||||
* | Merge branch 'zj-gitaly-sec-11-2' into 'security-11-2' | Bob Van Landuyt | 2018-09-24 | 1 | -1/+1 |
| | | | | | Include the Gitaly security release upstream See merge request gitlab/gitlabhq!2513 | ||||
* | Merge branch 'sh-sh-block-other-localhost-11-2' into 'security-11-2' | Bob Van Landuyt | 2018-09-24 | 3 | -1/+33 |
| | | | | | Block loopback addresses in UrlBlocker (11.2 port) See merge request gitlab/gitlabhq!2522 | ||||
* | Merge branch ↵ | Bob Van Landuyt | 2018-09-24 | 20 | -44/+159 |
| | | | | | | | 'security-11-2-6881-project-group-approvers-leaks-private-group-info-ce' into 'security-11-2' [11.2] Project group approvers leaks private group info See merge request gitlab/gitlabhq!2489 | ||||
* | Merge branch 'security-11-2-gcp-token-exposed-by-kubernetes' into ↵ | Bob Van Landuyt | 2018-09-24 | 4 | -9/+9 |
| | | | | | | | 'security-11-2' [11.2] - Do not persist errors from Kubernetes calls See merge request gitlab/gitlabhq!2504 | ||||
* | Merge branch 'security-acet-issue-details-11-2' into 'security-11-2' | Bob Van Landuyt | 2018-09-24 | 5 | -4/+47 |
| | | | | | [11.2] Fix XSS on Issue details page. See merge request gitlab/gitlabhq!2471 | ||||
* | Merge branch 'security-security-2697-code-highlight-timeout-11-2' into ↵ | Bob Van Landuyt | 2018-09-24 | 3 | -1/+35 |
| | | | | | | | 'security-11-2' [11.2] Fix syntax highlight taking too long See merge request gitlab/gitlabhq!2484 | ||||
* | Update VERSION to 11.2.3v11.2.3 | GitLab Release Tools Bot | 2018-08-28 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 11.2.3 | GitLab Release Tools Bot | 2018-08-28 | 1 | -0/+4 |
| | | | [ci skip] | ||||
* | Merge branch 'security-diff-cache-fix-11-2' into 'security-11-2' | José Iván Vargas López | 2018-08-28 | 3 | -7/+16 |
| | | | | | [11.2] Include rich_text in diff cache keys See merge request gitlab/gitlabhq!2483 | ||||
* | Update VERSION to 11.2.2v11.2.2 | GitLab Release Tools Bot | 2018-08-27 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 11.2.2 | GitLab Release Tools Bot | 2018-08-27 | 4 | -15/+9 |
| | | | [ci skip] | ||||
* | Merge branch 'security-mk-exclude-orphaned-upload-files-from-export-11-2' ↵ | José Iván Vargas López | 2018-08-24 | 2 | -8/+43 |
| | | | | | | | into 'security-11-2' [11.2] Resolve "Orphaned upload files are accessible via project exports" See merge request gitlab/gitlabhq!2464 | ||||
* | Merge branch 'security-fj-missing-csrf-system-hooks-resend-11-2' into ↵ | José Iván Vargas López | 2018-08-24 | 7 | -10/+14 |
| | | | | | | | 'security-11-2' [11.2] Missing CSRF in System Hooks resend action See merge request gitlab/gitlabhq!2476 | ||||
* | Merge branch 'security-2694-pipeline-11-2' into 'security-11-2' | José Iván Vargas López | 2018-08-24 | 18 | -59/+27 |
| | | | | | [11.2] Removes <br> sent from backend on tooltips in jobs See merge request gitlab/gitlabhq!2458 | ||||
* | Merge branch 'security-49085-11.2-persistent-xss-rendering' into 'security-11-2' | José Iván Vargas López | 2018-08-24 | 8 | -11/+79 |
| | | | | | [11.2] Port of Fixed persistent XSS rendering/escaping of diff location lines to 11.2 See merge request gitlab/gitlabhq!2473 | ||||
* | Merge branch 'sh-block-link-local-master-11-2-port' into 'security-11-2' | Nick Thomas | 2018-08-24 | 3 | -1/+37 |
| | | | | | Block link-local addresses in URLBlocker (11.2 port) See merge request gitlab/gitlabhq!2460 | ||||
* | Update VERSION to 11.2.1v11.2.1 | GitLab Release Tools Bot | 2018-08-22 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 11.2.1 | GitLab Release Tools Bot | 2018-08-22 | 4 | -15/+12 |
| | | | [ci skip] | ||||
* | Merge branch 'sh-fix-broken-ldap-clones' into 'master'11-2-stable-patch-1 | Alejandro Rodríguez | 2018-08-22 | 3 | -0/+48 |
| | | | | | | | Fix broken Git over HTTP clones with LDAP users Closes #50579 See merge request gitlab-org/gitlab-ce!21352 | ||||
* | Merge branch 'sh-conditional-system-hook-push' into 'master' | Sean McGivern | 2018-08-22 | 2 | -1/+5 |
| | | | | | | | | Eliminate unnecessary and duplicate system hook fires Closes #50549 See merge request gitlab-org/gitlab-ce!21337 | ||||
* | Merge branch 'sh-fix-wrong-commit-count-in-push' into 'master' | Alejandro Rodríguez | 2018-08-22 | 3 | -16/+53 |
| | | | | | | | | Fix wrong commit count in push event payload Closes #49971 See merge request gitlab-org/gitlab-ce!21338 | ||||
* | Update VERSION to 11.2.0v11.2.0 | GitLab Release Tools Bot | 2018-08-22 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 11.2.0 | GitLab Release Tools Bot | 2018-08-22 | 217 | -1086/+240 |
| | | | [ci skip] | ||||
* | Update VERSION to 11.2.0-rc10v11.2.0-rc10 | GitLab Release Tools Bot | 2018-08-20 | 1 | -1/+1 |
| | |||||
* | Merge branch ↵11-2-stable-prepare-rc10 | Sean McGivern | 2018-08-20 | 8 | -9/+19 |
| | | | | | | | | | '49907-commits-and-merge-requests-does-not-list-all-files-when-one-file-exceeds-size-limits' into 'master' Resolve "Commits and Merge Requests does not list all files when one file exceeds size limits" Closes #49907 See merge request gitlab-org/gitlab-ce!21125 | ||||
* | Merge branch 'master' into 'master' | Stan Hu | 2018-08-20 | 1 | -2/+2 |
| | | | | | Added missing html_safe on text messages. See merge request gitlab-org/gitlab-ce!21232 | ||||
* | Update VERSION to 11.2.0-rc9v11.2.0-rc9 | GitLab Release Tools Bot | 2018-08-17 | 1 | -1/+1 |
| | |||||
* | Merge branch 'sh-bump-rugged-0.27.4' into 'master'11-2-stable-prepare-rc9 | Robert Speicher | 2018-08-17 | 2 | -1/+6 |
| | | | | | Bump rugged to 0.27.4 for security fixes See merge request gitlab-org/gitlab-ce!21170 |