Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Update VERSION to 11.3.7v11.3.7 | GitLab Release Tools Bot | 2018-10-26 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 11.3.7 | GitLab Release Tools Bot | 2018-10-26 | 7 | -30/+12 |
| | | | [ci skip] | ||||
* | Merge branch 'security-11-3-2717-fix-issue-title-xss' into 'security-11-3' | Jan Provaznik | 2018-10-24 | 3 | -4/+25 |
| | | | | | [11.3] Escape issue title while template rendering to prevent XSS See merge request gitlab/gitlabhq!2557 | ||||
* | Merge branch 'security-redact-links-11-3' into 'security-11-3' | Jan Provaznik | 2018-10-24 | 11 | -1/+382 |
| | | | | | [11.3] Redact unsubscribe links in issuable texts See merge request gitlab/gitlabhq!2566 | ||||
* | Merge branch 'security-fix/control-headers-11-3' into 'security-11-3' | Jan Provaznik | 2018-10-24 | 4 | -7/+65 |
| | | | | | : [11.3] Resolve "Sensitive information is stored in browser history" See merge request gitlab/gitlabhq!2561 | ||||
* | Merge branch 'sh-validate-wiki-attachments-11-3' into 'security-11-3' | Thiago Presa | 2018-10-24 | 4 | -2/+32 |
| | | | | | [11.3] Validate Wiki attachments are valid temporary files See merge request gitlab/gitlabhq!2570 | ||||
* | Merge branch 'security-11-3-junit-test-report-exposes-stacktrace' into ↵ | Jan Provaznik | 2018-10-24 | 1 | -4/+4 |
| | | | | | | | 'security-11-3' [11.3] JUnit test reports endpoint exposes full stack trace in production mode See merge request gitlab/gitlabhq!2516 | ||||
* | Merge branch 'security-if-51113-hash_tokens-11-3' into 'security-11-3' | Jan Provaznik | 2018-10-24 | 20 | -69/+701 |
| | | | | | [11.3] Persist only SHA digest of PersonalAccessToken#token See merge request gitlab/gitlabhq!2552 | ||||
* | Merge branch 'security-11-3-51527-xss-in-mr-source-branch' into 'security-11-3' | Thiago Presa | 2018-10-24 | 3 | -9/+17 |
| | | | | | [11.3] Fix XSS in MR source branch name See merge request gitlab/gitlabhq!2545 | ||||
* | Merge branch 'sh-block-other-localhost-11-3' into 'security-11-3' | Thiago Presa | 2018-10-24 | 3 | -0/+37 |
| | | | | | [11.3] Prevent SSRF attacks in HipChat integration See merge request gitlab/gitlabhq!2548 | ||||
* | Update VERSION to 11.3.6v11.3.6 | GitLab Release Tools Bot | 2018-10-17 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 11.3.6 | GitLab Release Tools Bot | 2018-10-17 | 1 | -0/+4 |
| | | | [ci skip] | ||||
* | Update VERSION to 11.3.5v11.3.511-3-stable-patch-6 | GitLab Release Tools Bot | 2018-10-15 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 11.3.5 | GitLab Release Tools Bot | 2018-10-15 | 3 | -10/+8 |
| | | | [ci skip] | ||||
* | Merge branch '51958-fix-mr-discussion-loading-11-3-stable-patch-5' into ↵11-3-stable-patch-5 | Sean McGivern | 2018-10-12 | 10 | -92/+96 |
|\ | | | | | | | | | | | | | '11-3-stable-patch-5' [11-3] Backport of "Fix MR discussion not loaded issue" See merge request gitlab-org/gitlab-ce!22328 | ||||
| * | Fix MR discussion not loaded issue | Mark Chao | 2018-10-12 | 10 | -92/+96 |
|/ | | | | | | Display `formatter` as the sole content of `position` object. This means `diff_file` data is not referenced, which is the caseu of "IOError: not opened for reading". | ||||
* | Revert "Merge branch '51958-fix-mr-discussion-loading' into 'master'" | Bob Van Landuyt | 2018-10-12 | 10 | -113/+91 |
| | | | | This reverts commit 95d90966d1e0e066fb02f08cb76f7d0ef262b429. | ||||
* | Merge branch 'sh-fix-project-deletion-with-export' into 'master' | Robert Speicher | 2018-10-12 | 3 | -4/+26 |
| | | | | | | | Fix project deletion when there is a export available Closes #52362 See merge request gitlab-org/gitlab-ce!22276 | ||||
* | Merge branch '51958-fix-mr-discussion-loading' into 'master' | Phil Hughes | 2018-10-12 | 10 | -91/+113 |
| | | | | | | | | Fix MR discussion not loaded issue Closes #51958 See merge request gitlab-org/gitlab-ce!21982 | ||||
* | Update VERSION to 11.3.4v11.3.4 | GitLab Release Tools Bot | 2018-10-05 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 11.3.4 | GitLab Release Tools Bot | 2018-10-05 | 4 | -15/+9 |
| | | | [ci skip] | ||||
* | Merge branch 'security-bw-confidential-titles-through-markdown-api-11-3' ↵ | Bob Van Landuyt | 2018-10-04 | 5 | -5/+62 |
| | | | | | | | into 'security-11-3' [11.3] Confidential issue/private snippet titles can be read by unauthenticated user through GFM markdown API See merge request gitlab/gitlabhq!2535 | ||||
* | Merge branch 'security-fix-leaking-private-project-namespace-11-3' into ↵ | Bob Van Landuyt | 2018-10-04 | 6 | -33/+80 |
| | | | | | | | 'security-11-3' [11-3] Fix leaking private project namespace See merge request gitlab/gitlabhq!2542 | ||||
* | Merge branch 'security-osw-user-info-leak-discussions-11-3' into 'security-11-3' | Bob Van Landuyt | 2018-10-04 | 4 | -1/+39 |
| | | | | | [11.3] Filter user sensitive data from discussions JSON See merge request gitlab/gitlabhq!2537 | ||||
* | Update VERSION to 11.3.3v11.3.3 | GitLab Release Tools Bot | 2018-10-04 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 11.3.3 | GitLab Release Tools Bot | 2018-10-04 | 1 | -0/+4 |
| | | | [ci skip] | ||||
* | Merge branch 'fl-revert-21802' into '11-3-stable' | Bob Van Landuyt | 2018-10-04 | 4 | -101/+64 |
|\ | | | | | | | | | Revert `Fixes Admin Runners table not wrapping the content` for 11-3-stable See merge request gitlab-org/gitlab-ce!22097 | ||||
| * | Regenerates potfiles | Filipa Lacerda | 2018-10-03 | 1 | -12/+0 |
| | | |||||
| * | Reverts changes to the runners table | Filipa Lacerda | 2018-10-03 | 3 | -89/+64 |
|/ | | | | | | | Reverts !21802, it was picked into 11-3-stable due to being mislabeled and with the wrong milestone. This commit reverts the changes wrongly added to 11-3-stable | ||||
* | Update VERSION to 11.3.2v11.3.2 | GitLab Release Tools Bot | 2018-10-03 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 11.3.2 | GitLab Release Tools Bot | 2018-10-03 | 6 | -25/+14 |
| | | | [ci skip] | ||||
* | Add newly translated strings11-3-stable-patch-2 | Bob Van Landuyt | 2018-10-03 | 1 | -0/+12 |
| | |||||
* | Merge branch '51782-fix_rename_login_namespace_migration' into 'master' | Sean McGivern | 2018-10-03 | 2 | -0/+7 |
| | | | | | | | Resolve ""update_column_in_batches can not be run inside a transaction" during upgrade to 11.3" Closes #51782 See merge request gitlab-org/gitlab-ce!22055 | ||||
* | Merge branch '51549-runners-table' into 'master' | Annabel Dunstone Gray | 2018-10-03 | 4 | -64/+94 |
| | | | | | | | | Fixes Admin Runners table not wrapping the content Closes #51549 See merge request gitlab-org/gitlab-ce!21802 | ||||
* | Merge branch ↵ | Stan Hu | 2018-10-02 | 3 | -2/+7 |
| | | | | | | | | | '51522-add-new-project-via-import-by-url-auto-populates-slug-but-not-project-name' into 'master' Resolve "Add new project via import by URL auto populates slug but not project name" Closes #51522 See merge request gitlab-org/gitlab-ce!21770 | ||||
* | Merge branch ↵ | Douglas Barbosa Alexandre | 2018-10-02 | 5 | -4/+29 |
| | | | | | | | | | '51747-gitlab-com-unable-to-import-a-project-that-was-just-exported' into 'master' Resolve "gitlab.com: Unable to import a project that was just exported" Closes #43840, #43896, and #51747 See merge request gitlab-org/gitlab-ce!21875 | ||||
* | Merge branch 'sh-fix-forks-with-no-gravatar' into 'master' | Rémy Coutable | 2018-10-02 | 6 | -40/+28 |
| | | | | | | | Fix Error 500 when forking projects with Gravatar disabled Closes #50254 See merge request gitlab-org/gitlab-ce!21985 | ||||
* | Merge branch 'mr-discussion-expanding-bug-fixes' into 'master' | Filipa Lacerda | 2018-10-02 | 2 | -1/+39 |
| | | | | | Fixed hidden truncated diff lines not showing when expanded See merge request gitlab-org/gitlab-ce!21801 | ||||
* | Merge branch '50347-fix-scrolling-to-diff-note-after-incremental-rendering' ↵ | Phil Hughes | 2018-10-02 | 5 | -40/+215 |
| | | | | | | | | | into 'master' Resolve "Link to file in Changes tab of MR no longer works for all files after incremental rendering improvement" Closes #50347 See merge request gitlab-org/gitlab-ce!21727 | ||||
* | Merge branch '51657-fix-merge-mr-from-fork-spec' into 'master' | Robert Speicher | 2018-10-02 | 2 | -5/+21 |
| | | | | | | | QA: Fix failure in merge_merge_request_from_fork_spec.rb Closes #51657 See merge request gitlab-org/gitlab-ce!21817 | ||||
* | Merge branch 'jr-wiki-doc' into 'master' | Achilleas Pipinellis | 2018-10-02 | 1 | -5/+8 |
| | | | | | Update wiki upload documentation See merge request gitlab-org/gitlab-ce!21815 | ||||
* | Merge branch 'jr-webhook-docs' into 'master' | Achilleas Pipinellis | 2018-10-02 | 2 | -0/+8 |
| | | | | | Add webhook branch filtering docs See merge request gitlab-org/gitlab-ce!21816 | ||||
* | Merge branch 'move-cloud-images-job-stage' into 'master' | Robert Speicher | 2018-10-02 | 1 | -1/+1 |
| | | | | | Move the cloud-native-image trigger job into the test stage See merge request gitlab-org/gitlab-ce!21819 | ||||
* | Update VERSION to 11.3.1v11.3.1 | GitLab Release Tools Bot | 2018-09-26 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 11.3.1 | GitLab Release Tools Bot | 2018-09-26 | 7 | -30/+12 |
| | | | [ci skip] | ||||
* | Merge branch 'security-fj-stored-xss-in-repository-imports-11-3' into ↵ | Bob Van Landuyt | 2018-09-25 | 5 | -2/+80 |
| | | | | | | | 'security-11-3' [11.3] Stored XSS in Gitlab Merge Request from imported repository See merge request gitlab/gitlabhq!2500 | ||||
* | Merge branch 'security-package-json-xss-11-3' into 'security-11-3' | Bob Van Landuyt | 2018-09-25 | 3 | -5/+24 |
| | | | | | [11.3] Fix XSS vulnerability sourced from package.json's homepage See merge request gitlab/gitlabhq!2508 | ||||
* | Merge branch 'fix-events-finder-incomplete-11-3' into 'security-11-3' | Bob Van Landuyt | 2018-09-24 | 7 | -4/+231 |
| | | | | | [11.3] Redact events shown in the events API See merge request gitlab/gitlabhq!2518 | ||||
* | Merge branch 'zj-gitaly-sec-11-3' into 'security-11-3' | Bob Van Landuyt | 2018-09-24 | 1 | -1/+1 |
| | | | | | Upstream Gitaly version bump See merge request gitlab/gitlabhq!2515 | ||||
* | Merge branch 'sh-sh-block-other-localhost-11-3' into 'security-11-3' | Bob Van Landuyt | 2018-09-24 | 3 | -1/+33 |
| | | | | | Block loopback addresses in UrlBlocker (11.3 port) See merge request gitlab/gitlabhq!2521 |