| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
| |
[ci skip]
|
|\
| |
| |
| |
| | |
[11.5] Fix CRLF issue in UrlValidator
See merge request gitlab/gitlabhq!2652
|
|/ |
|
|\
| |
| |
| |
| | |
[11.5] Resolve "Reflected XSS in OAuth Authorize window due to redirect_uri allowing arbitrary protocols"
See merge request gitlab/gitlabhq!2658
|
| | |
|
|\ \
| | |
| | |
| | |
| | | |
[11.5] Fix SSRF in project integrations
See merge request gitlab/gitlabhq!2611
|
| | |
| | |
| | |
| | |
| | |
| | | |
This commit fixes a SSRF vulnerability related to project
hooks and ipv6 addresses. It also addresses a problem with ipv6
mapped addresses.
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
[11.5] Resolve: "Provide email notification when a user changes their email address"
See merge request gitlab/gitlabhq!2602
|
| |/ / |
|
|\ \ \
| |_|/
|/| |
| | |
| | | |
[11.5] Fixed ability to comment on and edit/delete comments on locked or confidential issues
See merge request gitlab/gitlabhq!2646
|
|/ /
| |
| |
| | |
confidential issues
|
|\ \
| | |
| | |
| | |
| | | |
[11.5] [pages] Possible symlink time of check to time of use race condition
See merge request gitlab/gitlabhq!2649
|
| | | |
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
[11.5] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"
See merge request gitlab/gitlabhq!2655
|
|/ / / |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
'security-11-5-xss-in-markdown-following-unrecognized-html-element' into 'security-11-5'
[11.5] XSS in markdown following unrecognized HTML element
See merge request gitlab/gitlabhq!2631
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
[11.5] Fix XSS in mermaid diagrams
See merge request gitlab/gitlabhq!2641
|
| | | | |
| | | | |
| | | | |
| | | | | |
(cherry picked from commit f2e9f22f7d3d84abeea5ba2918ee5ffcc55f2dad)
|
| | |/ /
| |/| |
| | | |
| | | | |
(cherry picked from commit fdea799d37ae9ca3f5e80f191a55be543a79857a)
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
[11.5] Don't expose confidential information in commit message list
See merge request gitlab/gitlabhq!2642
|
| |/ / /
| | | |
| | | |
| | | |
| | | | |
This makes sure the user viewing the commit does not get to see
anything they're not allowed to see
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
[11.5] Resolve: Promoting a milestone is missing an authorization check
See merge request gitlab/gitlabhq!2619
|
| | |_|/
| |/| |
| | | |
| | | |
| | | | |
Promoting milestone was missing an authorization check, guest
users were being able to promote project milestones to group milestones.
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
[11.5] Do not follow redirects in prometheus service
See merge request gitlab/gitlabhq!2623
|
| |/ / /
| | | |
| | | |
| | | | |
Do not allow redirects in the prometheus service to prevent SSRFs.
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
[11.5] Stored XSS for Environments
See merge request gitlab/gitlabhq!2614
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This is a backport for 11.5 stable branch.
Gitlab::UrlBlocker ignores scheme when validating URI matching either
config.gitlab or config.gitlab_shell
This patch enforces matching config.gitlab.protocol for internal web and
ssh for internal shell.
A cleanup migration for stored XSS from environments table is included.
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
[11.5] Fixed read name of private groups
See merge request gitlab/gitlabhq!2590
|
| | |/ /
| |/| | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
[11.5] Redact sensitive information on gitlab-workhorse log
See merge request gitlab/gitlabhq!2628
|
| | |/ /
| |/| | |
|
|\ \ \ \
| |_|_|/
|/| | | |
|
| | | | |
|
| | | |
| | | |
| | | | |
[ci skip]
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Stub Rails.application.env_config to prevent spec failures
Closes gitlab-ee#8488
See merge request gitlab-org/gitlab-ce!23222
|
| | | |
| | | |
| | | |
| | | |
| | | | |
add guide for creating runbook
See merge request gitlab-org/gitlab-ce!22885
|
| |\ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Prepare 11.5 RC13 release
See merge request gitlab-org/gitlab-ce!23206
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Update merge request file tree docs
See merge request gitlab-org/gitlab-ce!23187
(cherry picked from commit fa1fadb4dc214ded1e8f167bf7ae418608e639a5)
fff9aa64 Update merge request file tree docs
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fixed image discussion styling
Closes #54110
See merge request gitlab-org/gitlab-ce!23127
(cherry picked from commit ef1a158773c7cfbf681df6ed7f3514963ad8ca1b)
718c66f6 Fixed image discussion styling
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Update the cluster docs for Knative
See merge request gitlab-org/gitlab-ce!23113
(cherry picked from commit 17ef595865cde550e101806f69ead4b4394a79ae)
7b2fe02b Update the cluster docs for Knative
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Remove 'comment_on_any_diff_line' feature flag
Closes #54034
See merge request gitlab-org/gitlab-ce!23093
(cherry picked from commit b7cedd91e5ec07461b25f3920ae6cf2b00f3d84e)
6c796702 Remove 'comment_on_any_diff_line' feature flag
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Documentation: update Libre -> Core
See merge request gitlab-org/gitlab-ce!22533
(cherry picked from commit 633f59cb8e1d27ce13b532faac3b40141e002671)
bd8021ae Update Libre -> Core
be00c403 Add missing links
d3ddd3fd Fix include intro note as per documentation guidelines
|
| |\ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Move changelog for issue 54189 to correct location
See merge request gitlab-org/gitlab-ce!23216
|
| |/ / / |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
[11.5] Prevent templated services from being imported
See merge request gitlab/gitlabhq!2635
|
| | | |
| | | |
| | | |
| | | |
| | | | |
[11.5] Escape user fullname while rendering autocomplete template to prevent XSS
See merge request gitlab/gitlabhq!2606
|