| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
| |
[ci skip]
|
|
|
|
|
| |
Update group policy to reflect all the requirements
See merge request gitlab-org/gitlab-ce!25854
|
|\ |
|
| |\
| | |
| | |
| | |
| | | |
Sharing a public project with a private group makes the group page publicly accessible
See merge request gitlab/gitlabhq!2986
|
| |/ |
|
| | |
|
|\ \
| |/
|/|
| |
| | |
Prepare 11.8.2 release
See merge request gitlab-org/gitlab-ce!25963
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Freeze date in merge request status view spec
See merge request gitlab-org/gitlab-ce!25671
(cherry picked from commit c994484d17d6a6da929f6a52f1b64dc15c38835c)
a05aba61 Freeze date in merge request status view spec
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Quarantine failing push_mirroring_over_http_spec
See merge request gitlab-org/gitlab-ce!25590
(cherry picked from commit 68b1ed92c18d5f975dd65c09d72ca3441eb0bc56)
141c5e4e Quarantine failing spec
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix method to mark a project repository as writable
See merge request gitlab-org/gitlab-ce!25546
(cherry picked from commit a8a02387a7ea5c5a4a6f733a043adf2b1f907e3c)
df044542 Fix project set_repository_writable!
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Allow `:read_list` when `:read_group` is allowed
Closes #58149
See merge request gitlab-org/gitlab-ce!25524
(cherry picked from commit 61c1509cc992959ac5021d10825d5dbf9dd2c091)
b81e7c52 Enable `:read_list` when `:read_group` is enabled
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Properly handle multiple X-Forwarded-For addresses in runner IP
Closes #58103
See merge request gitlab-org/gitlab-ce!25511
(cherry picked from commit dbf0a92292dd054843d28ec27d52222418400ca5)
d03b7bb1 Properly handle multiple X-Forwarded-For addresses in runner IP
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Update minimum ruby version to 2.5.
See merge request gitlab-org/gitlab-ce!25496
(cherry picked from commit 74cf92aae719969fc5225b41f923c2e7f3e04c5b)
ac34b4ac Update minimum ruby version to 2.5.
a538b6db Update example versions
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove padding for mr-widget-section
See merge request gitlab-org/gitlab-ce!25475
(cherry picked from commit a6d52ff83ff86f88f59f6a231fc4a348640729f7)
7bd65593 Remove padding for mr-widget-section
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Docs review: MR diffs external storage
Closes #57335
See merge request gitlab-org/gitlab-ce!25433
(cherry picked from commit 56b82db63a91695a1dec1b7cbf39636bb01ad3df)
1387983b Docs review: wording, styles, missing links
01680510 Copy edit - add missing preposition
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Retry failing tests
Closes gitlab-org/quality/team-tasks#92
See merge request gitlab-org/gitlab-ce!25391
(cherry picked from commit b570f53d17f5bc0e72fef9a122b7fe5645db0ea9)
d54cb37d Retry failed tests with rspec-retry
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
'57579-gitlab-project-import-fails-sidekiq-undefined-method-import_jid' into 'master'
Resolve "Gitlab Project import fails: sidekiq undefined method import_jid"
Closes #57579
See merge request gitlab-org/gitlab-ce!25239
(cherry picked from commit c06ebe511700f25a61b4dfaa518fbed7667c6876)
401a3bca Fix import_jid error on project import
|
| |
|
|
|
| |
[ci skip]
|
|\
| |
| |
| |
| | |
Display only information visible to current user on Milestone detail
See merge request gitlab/gitlabhq!2917
|
|/
|
|
|
|
| |
Display only labels and assignees of issues
visible by the currently logged user
Display only issues visible to user in the burndown chart
|
|\
| |
| |
| |
| | |
Display the correct number of MRs a user has access to
See merge request gitlab/gitlabhq!2929
|
|/ |
|
|\
| |
| |
| |
| |
| |
| | |
'11-8-stable'
Filter impersonated sessions from active sessions and remove ability to revoke session
See merge request gitlab/gitlabhq!2981
|
| |
| |
| |
| |
| |
| | |
Session ID is used as a parameter for the revoke session endpoint but it
should never be included in the HTML as an attacker could obtain it via
XSS.
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
'11-8-stable'
Forbid creating discussions for users with restricted access
See merge request gitlab/gitlabhq!2890
|
| | | |
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Check issue milestone availability
See merge request gitlab/gitlabhq!2904
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add project when creating milestone in specs
We validate milestone is from the same
project/parent group as issuable ->
we need to set project in specs correctly
Improve methods names and specs organization
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Prevent Releases links API to leak tag existence
See merge request gitlab/gitlabhq!2908
|
| |/ / / |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Disable issue board policies when issues are disabled
See merge request gitlab/gitlabhq!2910
|
| | | | |
| | | | |
| | | | |
| | | | | |
Board list policies are also included
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Show only MRs visible to user on milestone detail
See merge request gitlab/gitlabhq!2923
|
| |/ / / / |
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Don't allow non-members to see private related MRs
See merge request gitlab/gitlabhq!2930
|
| | | | | | |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Validate session key when authorizing with GCP to create a cluster
See merge request gitlab/gitlabhq!2934
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
It was previously possible to link a GCP account to another
user's GitLab account by having them visit the callback URL,
as there was no check that they were the initiator of the
request.
We now reject the callback unless the state parameter
matches the one added to the initiating user's session.
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Fix git clone revealing private repo's presence
See merge request gitlab/gitlabhq!2938
|
| |/ / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Ensure redirection to path with .git suffix regardless whether project
exists or not.
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Check snippet attached file to be moved is within designated directory
See merge request gitlab/gitlabhq!2941
|
| |/ / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Previously one could move any temp/ sub folder around.
Align spec with actual usage, as currently we pass temp file path to
FileMover.
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
'11-8-stable'
Fix blind SSRF in Prometheus Integration
See merge request gitlab/gitlabhq!2944
|
|/ / / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Check validity before querying so that if the dns entry for the api_url
has been changed to something invalid after the model was saved and
checked for validity, it will not query. This is to solve a toctou
(time of check to time of use) issue.
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Fix leaking private repository information in API
See merge request gitlab/gitlabhq!2948
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
defaultBranch and ciConfigPath should only be available to users with
the :download_code permission for the Project, as the respository might
be private.
When implementing the authorize check on these properties, it was
found that our current Graphql::Authorize::Instrumentation class does
not work with fields that resolve to subclasses of
GraphQL::Schema::Scalar, like GraphQL::STRING_TYPE.
After discussion with other Create Team members, it has been decided
that because the GraphQL API is not GA, to remove these properties from
ProjectType, and instead implement them as part of epic
https://gitlab.com/groups/gitlab-org/-/epics/711
Issue:
https://gitlab.com/gitlab-org/gitlab-ce/issues/55316
|