| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
confidential issues
|
|\
| |
| |
| |
| | |
[11.5] [pages] Possible symlink time of check to time of use race condition
See merge request gitlab/gitlabhq!2649
|
| | |
|
|\ \
| | |
| | |
| | |
| | | |
[11.5] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"
See merge request gitlab/gitlabhq!2655
|
|/ / |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
'security-11-5-xss-in-markdown-following-unrecognized-html-element' into 'security-11-5'
[11.5] XSS in markdown following unrecognized HTML element
See merge request gitlab/gitlabhq!2631
|
| | | |
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
[11.5] Fix XSS in mermaid diagrams
See merge request gitlab/gitlabhq!2641
|
| | | |
| | | |
| | | |
| | | | |
(cherry picked from commit f2e9f22f7d3d84abeea5ba2918ee5ffcc55f2dad)
|
| | |/
| |/|
| | |
| | | |
(cherry picked from commit fdea799d37ae9ca3f5e80f191a55be543a79857a)
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
[11.5] Don't expose confidential information in commit message list
See merge request gitlab/gitlabhq!2642
|
| |/ /
| | |
| | |
| | |
| | | |
This makes sure the user viewing the commit does not get to see
anything they're not allowed to see
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
[11.5] Resolve: Promoting a milestone is missing an authorization check
See merge request gitlab/gitlabhq!2619
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Promoting milestone was missing an authorization check, guest
users were being able to promote project milestones to group milestones.
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
[11.5] Do not follow redirects in prometheus service
See merge request gitlab/gitlabhq!2623
|
| |/ / /
| | | |
| | | |
| | | | |
Do not allow redirects in the prometheus service to prevent SSRFs.
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
[11.5] Stored XSS for Environments
See merge request gitlab/gitlabhq!2614
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This is a backport for 11.5 stable branch.
Gitlab::UrlBlocker ignores scheme when validating URI matching either
config.gitlab or config.gitlab_shell
This patch enforces matching config.gitlab.protocol for internal web and
ssh for internal shell.
A cleanup migration for stored XSS from environments table is included.
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
[11.5] Fixed read name of private groups
See merge request gitlab/gitlabhq!2590
|
| | |/ /
| |/| | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
[11.5] Redact sensitive information on gitlab-workhorse log
See merge request gitlab/gitlabhq!2628
|
| | |/ /
| |/| | |
|
|\ \ \ \
| |_|_|/
|/| | | |
|
| | | | |
|
| | | |
| | | |
| | | | |
[ci skip]
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Stub Rails.application.env_config to prevent spec failures
Closes gitlab-ee#8488
See merge request gitlab-org/gitlab-ce!23222
|
| | | |
| | | |
| | | |
| | | |
| | | | |
add guide for creating runbook
See merge request gitlab-org/gitlab-ce!22885
|
| |\ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Prepare 11.5 RC13 release
See merge request gitlab-org/gitlab-ce!23206
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Update merge request file tree docs
See merge request gitlab-org/gitlab-ce!23187
(cherry picked from commit fa1fadb4dc214ded1e8f167bf7ae418608e639a5)
fff9aa64 Update merge request file tree docs
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fixed image discussion styling
Closes #54110
See merge request gitlab-org/gitlab-ce!23127
(cherry picked from commit ef1a158773c7cfbf681df6ed7f3514963ad8ca1b)
718c66f6 Fixed image discussion styling
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Update the cluster docs for Knative
See merge request gitlab-org/gitlab-ce!23113
(cherry picked from commit 17ef595865cde550e101806f69ead4b4394a79ae)
7b2fe02b Update the cluster docs for Knative
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Remove 'comment_on_any_diff_line' feature flag
Closes #54034
See merge request gitlab-org/gitlab-ce!23093
(cherry picked from commit b7cedd91e5ec07461b25f3920ae6cf2b00f3d84e)
6c796702 Remove 'comment_on_any_diff_line' feature flag
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Documentation: update Libre -> Core
See merge request gitlab-org/gitlab-ce!22533
(cherry picked from commit 633f59cb8e1d27ce13b532faac3b40141e002671)
bd8021ae Update Libre -> Core
be00c403 Add missing links
d3ddd3fd Fix include intro note as per documentation guidelines
|
| |\ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Move changelog for issue 54189 to correct location
See merge request gitlab-org/gitlab-ce!23216
|
| |/ / / |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
[11.5] Prevent templated services from being imported
See merge request gitlab/gitlabhq!2635
|
| | | |
| | | |
| | | |
| | | |
| | | | |
[11.5] Escape user fullname while rendering autocomplete template to prevent XSS
See merge request gitlab/gitlabhq!2606
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
[11.5] Prevent templated services from being imported
See merge request gitlab/gitlabhq!2635
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | | |
Templated services should only be created by admins and does not
apply to project import/export.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54189
|
|\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | | |
[11.5] Escape user fullname while rendering autocomplete template to prevent XSS
See merge request gitlab/gitlabhq!2606
|
| | | | |
|
| | |/
| |/| |
|
| | | |
|
|\ \ \
| |_|/
|/| |
| | |
| | | |
Prepare 11.5 RC11 release
See merge request gitlab-org/gitlab-ce!23139
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
'54011-all-files-named-index-have-their-content-rendered-as-if-they-were-text-files' into 'master'
Resolve "All files named `index.*` have their content rendered as if they were text files"
Closes #54011
See merge request gitlab-org/gitlab-ce!23063
|
| | |
| | |
| | |
| | | |
Resolve conflict for https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/23139
|
| | |
| | |
| | |
| | |
| | |
| | | |
Docs eks update
See merge request gitlab-org/gitlab-ce!23133
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Revert API is going into 11.5, not 11.6.
See merge request gitlab-org/gitlab-ce!23060
(cherry picked from commit 38d234e2e5474fc732306c2cfbbd274e1cc32fea)
f1f03895 Revert API is going into 11.5, not 11.6.
|