summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Update VERSION to 11.6.6v11.6.6GitLab Release Tools Bot2019-01-281-1/+1
|
* Update CHANGELOG.md for 11.6.6GitLab Release Tools Bot2019-01-2825-122/+30
| | | [ci skip]
* Merge branch '56860-fix-spec-race-condition-upside-the-head' into 'master'Douglas Barbosa Alexandre2019-01-281-0/+3
| | | | | | | | | Fix a JS race in a spec Closes #56860 See merge request gitlab-org/gitlab-ce!24684 (cherry picked from commit b5e10cd3ac4e15e7421ebc9acc5d4f9ca9e8e3ea)
* Merge branch 'security-11-6-22076-sanitize-url-in-names' into 'security-11-6'Yorick Peterse2019-01-2540-54/+84
| | | | | | | | | | | [11.6] Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs See merge request gitlab/gitlabhq!2829 (cherry picked from commit 7dd747b8ce1f59672c530af25237bdf661cb480a) 61fc453c Add `sanitize_name` helper to sanitize URLs in user full name e5cd214e Use `sanitize_name` to sanitize URL in user full name 1b000d5a Add changelog entry
* Merge branch 'security-project-move-users-11-6' into 'security-11-6'Yorick Peterse2019-01-256-7/+66
| | | | | | | | | [11.6] Sent notification only to authorized users See merge request gitlab/gitlabhq!2857 (cherry picked from commit 4152329ce44bbc7567a1c7b03d5bf9e84bb1efc7) fb0fd18c Sent notification only to authorized users
* Merge branch '11-6-security-stored-xss-via-katex' into 'security-11-6'Yorick Peterse2019-01-254-15/+31
| | | | | | | | | | [11.6] Resolve "[Security] Stored XSS via KaTeX" See merge request gitlab/gitlabhq!2755 (cherry picked from commit f79ff59ee1e21a5dbff19b86c5d5af16b62ac894) 024098db 11.6 backport of fix for XSS in KaTex Links 37b798d7 Merge branch 'security-11-6' of https://dev.gitlab.org/gitlab/gitlabhq into...
* Merge branch 'security-2780-disable-git-v2-protocol-11-6' into 'security-11-6'Yorick Peterse2019-01-255-2/+38
| | | | | | | | | | [11.6] Disable git v2 protocol temporarily See merge request gitlab/gitlabhq!2860 (cherry picked from commit 5c80952f99aea931d53ac58b6068e1eabd8b6295) d7d7bc0d Allow Gitaly to be built from a custom URL c478d134 Disable git v2 protocol temporarily
* Merge branch 'sh-fix-issue-56663-11-6' into 'security-11-6'Yorick Peterse2019-01-248-8/+43
| | | | | | | | | [11.6] Alias GitHub and BitBucket OAuth2 callback URLs See merge request gitlab/gitlabhq!2846 (cherry picked from commit f8a23d89e6f94a74b2779b3b215c475a39ba8de3) f652a9e0 Alias GitHub and BitBucket OAuth2 callback URLs
* Merge branch 'security-fix-user-email-tag-push-leak-11-6' into 'security-11-6'Yorick Peterse2019-01-243-3/+8
| | | | | | | | | | [11.6] Security fix user email tag push leak See merge request gitlab/gitlabhq!2808 (cherry picked from commit 7260e6e0c2ad3df7dea2c0bd5c0d91c4bc5b15ae) 589c57c7 Prefer build() rather than create() 63d13410 Fix private user email being visible in tag webhooks
* Merge branch 'security-import-path-logging-11-6' into 'security-11-6'Yorick Peterse2019-01-248-17/+107
| | | | | | | | | [11.6] Fix error disclosure on Project Import See merge request gitlab/gitlabhq!2733 (cherry picked from commit b4797537a586bce6a96580a0257f59f9c6a92c14) f470ad2f Fix path disclosure on Project Import
* Merge branch 'security-contributed-projects-11-6' into 'security-11-6'Yorick Peterse2019-01-244-0/+56
| | | | | | | | | | [11.6] Contributed projects info is still visible even user enable private profile See merge request gitlab/gitlabhq!2765 (cherry picked from commit dfc0edd52628ba86578f1b6645575049b9db1058) 7502af85 Fix contributed projects finder shown private info 06aadabb Use old spec syntax
* Merge branch 'security-import-project-visibility-11-6' into 'security-11-6'Yorick Peterse2019-01-246-3/+220
| | | | | | | | | | [11.6] Fix Imported Project Retains Prior Visibility Setting See merge request gitlab/gitlabhq!2853 (cherry picked from commit 348a5dbc905cac1d61158e9fb83b82185a27cb04) aaca3d2b Fix tree restorer visibility level 1d942ad1 Update schema file
* Merge branch 'security-11-6-2769-idn-homograph-attack' into '11-6-stable'Yorick Peterse2019-01-249-13/+228
|\ | | | | | | | | [11.6] GitLab vulnerable to IDN homograph attacks and RTLO attacks See merge request gitlab/gitlabhq!2822
| * Show tooltip for malicious looking linksBrett Walker2019-01-219-13/+228
| | | | | | | | | | | | | | Such as those with IDN homographs or embedded right-to-left (RTLO) characters. Autolinked hrefs should be escaped
* | Merge branch 'security-pipeline-trigger-tokens-exposure-11-6' into ↵Yorick Peterse2019-01-2411-17/+130
| | | | | | | | | | | | | | | | | | | | | | 'security-11-6' [11.6] Do not expose trigger token when user should not see it See merge request gitlab/gitlabhq!2759 (cherry picked from commit 33fbd62b9b4a73679a9f3cd1d9020e5dc6e9072d) 64a328be Do not expose trigger token when user should not see it
* | Merge branch 'security-fix-regex-dos-11-6' into 'security-11-6'Yorick Peterse2019-01-244-1/+14
| | | | | | | | | | | | | | | | | | [11.6] Fix DoS in reference extraction regexes See merge request gitlab/gitlabhq!2778 (cherry picked from commit 06f1ea1f540b62aefbaa4f69901de2d29df11e7c) e73f2f1d Fix slow project reference pattern regex
* | Merge branch 'security-do-not-process-mr-ref-for-guests-11-6' into ↵Yorick Peterse2019-01-243-2/+17
| | | | | | | | | | | | | | | | | | | | | | 'security-11-6' [11.6] Don't process MR refs for guests in the notes See merge request gitlab/gitlabhq!2782 (cherry picked from commit ee0f107791921dec7a6e3d43fe45ebef43d864be) 6e10237d Don't process MR refs for guests in the notes
* | Merge branch 'security-bump-rails-version-11-6' into 'security-11-6'Yorick Peterse2019-01-247-56/+88
| | | | | | | | | | | | | | | | | | [11.6] Bump Rails version to 5.0.7.1 See merge request gitlab/gitlabhq!2797 (cherry picked from commit 3a5dd09effda664888b25c935142b5c8fc23c304) f705c816 Bump Ruby on Rails version to 5.0.7.1
* | Merge branch ↵Yorick Peterse2019-01-2414-51/+131
| | | | | | | | | | | | | | | | | | | | | | 'security-fix-wiki-access-rights-with-external-wiki-enabled-11-6' into 'security-11-6' [11.6] Fix access to internal wiki when external wiki is enabled See merge request gitlab/gitlabhq!2801 (cherry picked from commit 1edd23f18210a03ab3e1f6925aa4e434f68cee79) 24a48893 Fixed bug when external wiki is enabled
* | Merge branch 'security-11-6-test-permissions' into 'security-11-6'Yorick Peterse2019-01-2435-95/+324
| | | | | | | | | | | | | | | | | | | | [11.6] Pipelines section is available to unauthorized users See merge request gitlab/gitlabhq!2805 (cherry picked from commit 6f6e0e2ba7e8e2afe38e2d57883a8dfda0685d86) e5c0b597 Backport security fix 181c74a1 Add CHANGELONG entry
* | Merge branch 'security-fix-new-issues-login-message-11-6' into 'security-11-6'Yorick Peterse2019-01-243-10/+7
| | | | | | | | | | | | | | | | | | [11.6] Use common error for not logged in users when creating issues See merge request gitlab/gitlabhq!2812 (cherry picked from commit fe692173d2da5df4646050725359bc7fd1c99f4e) a2dba33c Use common error for unauthenticated users
* | Merge branch 'security-guests-can-see-list-of-merge-requests-11-6' into ↵Yorick Peterse2019-01-247-20/+154
| | | | | | | | | | | | | | | | | | | | | | 'security-11-6' [11.6] Group Guests are no longer able to see merge requests See merge request gitlab/gitlabhq!2815 (cherry picked from commit a662cfdb80a9d7fe6eacbc1a40fb24b5a7b9272e) f7a2dabd Group Guests are no longer able to see merge requests
* | Merge branch 'security-fix-lfs-import-project-ssrf-forgery-11-6' into ↵Yorick Peterse2019-01-2413-103/+359
| | | | | | | | | | | | | | | | | | | | | | 'security-11-6' [11.6] LFS object forgery in project import See merge request gitlab/gitlabhq!2818 (cherry picked from commit 6402c62822692b924ee95234cbcc2578501236f9) bb635c64 Added validations to prevent LFS object forgery
* | Merge branch 'security-2779-fix-email-comment-permissions-check-11-6' into ↵Yorick Peterse2019-01-2412-37/+94
| | | | | | | | | | | | | | | | | | | | | | 'security-11-6' [11.6] Fix discussion replies permissions check See merge request gitlab/gitlabhq!2825 (cherry picked from commit 367767766d9727101908a1f195120732d72201b1) 313a9f2e Prevent comments by email when issue is locked
* | Merge branch 'security-extract-pages-with-rubyzip-dev-11-6' into 'security-11-6'Yorick Peterse2019-01-2418-25/+595
| | | | | | | | | | | | | | | | | | | | [11.6] Security extract pages with rubyzip See merge request gitlab/gitlabhq!2834 (cherry picked from commit a55b637dea3b526ad48bd9a27352c5d7ca2d54db) 57be1a57 Extract GitLab Pages using RubyZip eeeafb9b Fix Gemfile.rails4.lock
* | Merge branch 'security-11-6-commit-status-shown-for-guest-user' into ↵Yorick Peterse2019-01-243-1/+27
| | | | | | | | | | | | | | | | | | | | | | 'security-11-6' [11.6] Stop showing ci for guest users See merge request gitlab/gitlabhq!2836 (cherry picked from commit 6390008e01ddfbbcff3b0f16f88bdd38bfcaf0ed) 75ec9ba8 Stop showing ci for guest users
* | Merge branch 'security-2776-fix-add-reaction-permissions-11-6' into ↵Yorick Peterse2019-01-243-0/+8
| | | | | | | | | | | | | | | | | | | | | | 'security-11-6' [11.6] Revoke award_emoji permissions for confidential issues See merge request gitlab/gitlabhq!2850 (cherry picked from commit f645472619fe1e1ec4fdaa02010408d548287efb) 47d86827 Prevent award_emoji to notes not visible to user
* | Merge branch 'security-2767-verify-lfs-finalize-from-workhorse-11-6' into ↵Yorick Peterse2019-01-244-8/+26
| | | | | | | | | | | | | | | | | | | | | | 'security-11-6' [11.6] Verify that LFS upload requests are genuine See merge request gitlab/gitlabhq!2863 (cherry picked from commit 6154e199fee175685e24a5b0b0d57f5971b1ed08) edb61807 Verify that LFS upload requests are genuine
* | Merge branch 'sh-fix-issue-55161' into 'master'Rémy Coutable2019-01-221-5/+15
|/ | | | | | | Fix failing MySQL spec due to deadlock condition Closes #55161 See merge request gitlab-org/gitlab-ce!24378
* Update VERSION to 11.6.5v11.6.5GitLab Release Tools Bot2019-01-171-1/+1
|
* Update CHANGELOG.md for 11.6.5GitLab Release Tools Bot2019-01-176-25/+11
| | | [ci skip]
* Merge branch '11-6-stable-patch-5' into '11-6-stable'Alex Hanselka2019-01-1620-25/+130
|\ | | | | | | | | Prepare 11.6.5 release See merge request gitlab-org/gitlab-ce!24439
| * Resolve Rails 4 spec failureRobert Speicher2019-01-161-1/+1
| | | | | | | | | | | | The `params` keyword argument only works in Rails 5. Removing it will cause a Rails 4 deprecation warning, but that's better than not working at all.
| * Merge branch 'rs-transient-failure' into 'master'Stan Hu2019-01-161-0/+2
| | | | | | | | | | | | | | Resolve a transient failure in MWPS feature spec Closes gitlab-ee#6770 See merge request gitlab-org/gitlab-ce!23838
| * Merge branch 'sh-fix-gon-helper-avatar' into 'master'Rémy Coutable2019-01-163-4/+25
| | | | | | | | | | | | | | | | | | | | | | Fix no avatar not showing in user selection box Closes #56268 See merge request gitlab-org/gitlab-ce!24346 (cherry picked from commit 8285205815ccdb25238fcae1c1e91063a46f19b0) 2265ce34 Fix no avatar not showing in user selection box
| * Merge branch 'sh-fix-request-profiles-html' into 'master'Sean McGivern2019-01-163-1/+53
| | | | | | | | | | | | | | | | | | | | | | Fix requests profiler in admin page not rendering HTML properly Closes #56152 See merge request gitlab-org/gitlab-ce!24291 (cherry picked from commit 59c0c173b471d50007442c95464df0cac0030fc6) 4ac4ba26 Fix requests profiler in admin page not rendering HTML properly
| * Merge branch 'sh-fix-real-size-warnings' into 'master'Robert Speicher2019-01-164-2/+22
| | | | | | | | | | | | | | | | | | | | | | Fix broken templated "Too many changes to show" text Closes #56138 See merge request gitlab-org/gitlab-ce!24282 (cherry picked from commit 819de8e8084e1b0cc102664abb8bbc836ff99ede) 488d7d1f Fix broken templated "Too many changes to show" text
| * Merge branch '55945-suggested-change-highlight' into 'master'Phil Hughes2019-01-163-3/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | Add syntax highlighting to suggestion diff Closes #55945 See merge request gitlab-org/gitlab-ce!24156 (cherry picked from commit da3b20f7a4cbcbf1698b995f6dc69fa388bc5b2f) 2635f2c6 Add syntax highlighting to suggestion diff e3919efd Add unit test for syntax highlighting 95f2d284 Add changelog entry
| * Merge branch 'suggestion-dashes' into 'master'Kushal Pandya2019-01-164-6/+9
| | | | | | | | | | | | | | | | | | | | | | Fixes diff sugestions removing dashes from diff Closes #55634 See merge request gitlab-org/gitlab-ce!23994 (cherry picked from commit 32f80629bdbd4d2fcd43b6220da373394ffd95b6) e6f1209e Fixes diff sugestions removing dashes from diff
| * Merge branch '11-6-8810-fix-weight-sort' into '11-6-stable-patch-5'Alex Hanselka2019-01-162-9/+11
| |\ |/ / | | | | | | [11.6] Backport of 8810-fix-weight-sort See merge request gitlab-org/gitlab-ce!23919
| * Backport of 8810-fix-weight-sort11-6-8810-fix-weight-sortMario de la Ossa2018-12-182-9/+11
| |
* | Update VERSION to 11.6.4v11.6.4GitLab Release Tools Bot2019-01-151-1/+1
| |
* | Update CHANGELOG.md for 11.6.4GitLab Release Tools Bot2019-01-152-5/+7
| | | | | | [ci skip]
* | Merge branch 'security-2770-verify-bundle-import-files-11-6' into ↵Yorick Peterse2019-01-156-5/+79
| | | | | | | | | | | | | | | | | | | | | | 'security-11-6' [11.6] Validate bundle files before unpacking them See merge request gitlab/gitlabhq!2774 (cherry picked from commit ad73bf817253ec4fc3fae8c7fb60898f11922218) 5f2fe991 Validate bundle files before unpacking them
* | Update VERSION to 11.6.3v11.6.3GitLab Release Tools Bot2019-01-041-1/+1
| |
* | Update CHANGELOG.md for 11.6.3GitLab Release Tools Bot2019-01-042-5/+7
| | | | | | [ci skip]
* | Merge branch '11-6-stable-patch-3' into '11-6-stable'Alex Hanselka2019-01-043-2/+46
|\ \ | | | | | | | | | | | | Prepare 11.6.3 release See merge request gitlab-org/gitlab-ce!24155
| * | Merge branch 'sh-fix-clone-url-for-https' into 'master'11-6-stable-patch-3Douglas Barbosa Alexandre2019-01-043-2/+46
|/ / | | | | | | | | | | | | | | | | | | | | Fix clone URL not showing if protocol is HTTPS Closes #55896 See merge request gitlab-org/gitlab-ce!24131 (cherry picked from commit 64c582d1841a35193c684a707b9688feb2d21772) 913084e6 Fix clone URL not showing if protocol is HTTPS
* | Update VERSION to 11.6.2v11.6.2GitLab Release Tools Bot2019-01-021-1/+1
| |
* | Update CHANGELOG.md for 11.6.2GitLab Release Tools Bot2019-01-028-35/+13
| | | | | | [ci skip]
View Lorry Controller Status