Commit message (Expand) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Update VERSION to 11.8.1v11.8.1 | GitLab Release Tools Bot | 2019-02-28 | 1 | -1/+1 |
* | Update CHANGELOG.md for 11.8.1 | GitLab Release Tools Bot | 2019-02-28 | 22 | -107/+27 |
* | Merge branch '11-8-security-2774-milestones-detail' into '11-8-stable' | Robert Speicher | 2019-02-27 | 4 | -4/+112 |
|\ | |||||
| * | Display only informaton visible to current user | Jarka Košanová | 2019-02-27 | 4 | -4/+112 |
|/ | |||||
* | Merge branch 'security-id-fix-mr-visibility-11-8' into '11-8-stable' | Yorick Peterse | 2019-02-27 | 7 | -213/+335 |
|\ | |||||
| * | Display the correct number of MRs a user has access to | Igor Drozdov | 2019-02-27 | 7 | -213/+335 |
|/ | |||||
* | Merge branch 'security-2818_filter_impersonated_sessions-11-8' into '11-8-sta... | Yorick Peterse | 2019-02-27 | 8 | -52/+38 |
|\ | |||||
| * | Remove ability to revoke active session | Imre Farkas | 2019-02-27 | 6 | -49/+7 |
| * | Filter active sessions belonging to an admin impersonating the user | Imre Farkas | 2019-02-27 | 4 | -4/+32 |
* | | Merge branch 'security-id-restricted-access-to-private-repo-11-8' into '11-8-... | Yorick Peterse | 2019-02-27 | 5 | -60/+137 |
|\ \ | |||||
| * | | Forbid creating discussions for users with restricted access | Igor Drozdov | 2019-02-07 | 5 | -60/+137 |
* | | | Merge branch '11-8-security-2773-milestones-fix' into '11-8-stable' | Yorick Peterse | 2019-02-27 | 19 | -73/+187 |
|\ \ \ | |||||
| * | | | Check issue milestone availability | Jarka Košanová | 2019-02-13 | 19 | -73/+187 |
* | | | | Merge branch 'security-tags-oracle-11-8' into '11-8-stable' | Yorick Peterse | 2019-02-27 | 3 | -0/+23 |
|\ \ \ \ | |||||
| * | | | | Prevent Releases links API to leak tag existance | Alessio Caiazza | 2019-02-13 | 3 | -0/+23 |
| |/ / / | |||||
* | | | | Merge branch 'security-2798-fix-boards-policy-11-8' into '11-8-stable' | Yorick Peterse | 2019-02-27 | 3 | -8/+19 |
|\ \ \ \ | |||||
| * | | | | Disable board policies when issues are disabled | Heinrich Lee Yu | 2019-02-14 | 3 | -8/+19 |
* | | | | | Merge branch '11-8-security-2797-milestone-mrs' into '11-8-stable' | Yorick Peterse | 2019-02-27 | 4 | -4/+61 |
|\ \ \ \ \ | |||||
| * | | | | | Show only MRs visible to user on milestone detail | Jarka Košanová | 2019-02-14 | 4 | -4/+61 |
| |/ / / / | |||||
* | | | | | Merge branch 'security-commit-private-related-mr-11-8' into '11-8-stable' | Yorick Peterse | 2019-02-27 | 6 | -6/+65 |
|\ \ \ \ \ | |||||
| * | | | | | Don't allow non-members to see private related MRs | Patrick Bajao | 2019-02-15 | 6 | -6/+65 |
* | | | | | | Merge branch 'security-kubernetes-google-login-csrf-11-8' into '11-8-stable' | Yorick Peterse | 2019-02-27 | 3 | -30/+67 |
|\ \ \ \ \ \ | |||||
| * | | | | | | Validate session key when authorizing with GCP to create a cluster | Tiger | 2019-02-19 | 3 | -30/+67 |
* | | | | | | | Merge branch 'security-50334-11-8' into '11-8-stable' | Yorick Peterse | 2019-02-27 | 5 | -66/+82 |
|\ \ \ \ \ \ \ | |||||
| * | | | | | | | Fix git clone revealing private repo's presence | Mark Chao | 2019-02-19 | 5 | -66/+82 |
| |/ / / / / / | |||||
* | | | | | | | Merge branch 'security-56348-11-8' into '11-8-stable' | Yorick Peterse | 2019-02-27 | 5 | -2/+60 |
|\ \ \ \ \ \ \ | |||||
| * | | | | | | | Check snippet attached file to be moved is within designated directory | Mark Chao | 2019-02-21 | 5 | -2/+60 |
| |/ / / / / / | |||||
* | | | | | | | Merge branch 'security-55468-check-validity-before-querying-11-8' into '11-8-... | Yorick Peterse | 2019-02-27 | 3 | -19/+53 |
|\ \ \ \ \ \ \ | |||||
| * | | | | | | | Check validity of prometheus_service before query | Reuben Pereira | 2019-02-27 | 3 | -19/+53 |
|/ / / / / / / | |||||
* | | | | | | | Merge branch 'security-protect-private-repo-information-11-8' into '11-8-stable' | Yorick Peterse | 2019-02-27 | 6 | -22/+85 |
|\ \ \ \ \ \ \ | |||||
| * | | | | | | | Add changelog entry | Luke Duncalfe | 2019-02-21 | 1 | -0/+5 |
| * | | | | | | | Removing sensitive properties from ProjectType | Luke Duncalfe | 2019-02-20 | 1 | -2/+0 |
| * | | | | | | | Prevent leaking of private repo data through API | Luke Duncalfe | 2019-02-20 | 4 | -20/+80 |
* | | | | | | | | Merge branch 'security-fj-diff-import-file-read-fix-11-8' into '11-8-stable' | Yorick Peterse | 2019-02-27 | 10 | -4/+103 |
|\ \ \ \ \ \ \ \ | |||||
| * | | | | | | | | Arbitrary file read via MergeRequestDiff | Francisco Javier López | 2019-02-27 | 10 | -4/+103 |
|/ / / / / / / / | |||||
* | | | | | | | | Merge branch '11-8-security-2799-emails' into '11-8-stable' | Yorick Peterse | 2019-02-27 | 5 | -17/+60 |
|\ \ \ \ \ \ \ \ | |||||
| * | | | | | | | | Remove link after issue move when no permissions | Jarka Košanová | 2019-02-22 | 5 | -17/+60 |
| | |_|_|_|_|_|/ | |/| | | | | | | |||||
* | | | | | | | | Merge branch 'security-kubernetes-local-ssrf-11-8' into '11-8-stable' | Yorick Peterse | 2019-02-27 | 5 | -1/+60 |
|\ \ \ \ \ \ \ \ | |||||
| * | | | | | | | | Do not allow local urls in Kubernetes form | Thong Kuah | 2019-02-21 | 5 | -1/+60 |
* | | | | | | | | | Merge branch 'security-add-public-internal-groups-as-members-to-your-project-... | Yorick Peterse | 2019-02-27 | 10 | -13/+85 |
|\ \ \ \ \ \ \ \ \ | |||||
| * | | | | | | | | | Change policy regarding group visibility | Małgorzata Ksionek | 2019-02-20 | 10 | -13/+85 |
| | |_|/ / / / / / | |/| | | | | | | | |||||
* | | | | | | | | | Merge branch 'security-osw-stop-linking-to-packages-11-8' into '11-8-stable' | Yorick Peterse | 2019-02-27 | 20 | -51/+207 |
|\ \ \ \ \ \ \ \ \ | |||||
| * | | | | | | | | | Add changelog | Oswaldo Ferreira | 2019-02-26 | 1 | -0/+5 |
| * | | | | | | | | | Raise not implemented error on BaseLinker for package_url | Oswaldo Ferreira | 2019-02-25 | 1 | -0/+4 |
| * | | | | | | | | | Stop linking to unrecognized package sources | Oswaldo Ferreira | 2019-02-24 | 19 | -51/+198 |
| | |_|/ / / / / / | |/| | | | | | | | |||||
* | | | | | | | | | Merge branch 'security-issue_54789_2-11-8' into '11-8-stable' | Yorick Peterse | 2019-02-27 | 3 | -0/+44 |
|\ \ \ \ \ \ \ \ \ | |||||
| * | | | | | | | | | Prevent disclosing project milestone titles | Felipe Artur | 2019-02-25 | 3 | -0/+44 |
| |/ / / / / / / / | |||||
* | | | | | | | | | Merge branch 'security-mermaid-11-8' into '11-8-stable' | Yorick Peterse | 2019-02-27 | 3 | -0/+27 |
|\ \ \ \ \ \ \ \ \ | |/ / / / / / / / |/| | | | | | | | | |||||
| * | | | | | | | | Limit number of characters allowed in mermaidjs | Rajat Jain | 2019-02-27 | 3 | -0/+27 |
| | |/ / / / / / | |/| | | | | | | |||||
* | | | | | | | | Update VERSION to 11.8.0v11.8.0 | GitLab Release Tools Bot | 2019-02-22 | 1 | -1/+1 |