Commit message (Expand) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Update VERSION to 12.0.7v12.0.7 | GitLab Release Tools Bot | 2019-08-27 | 1 | -1/+1 |
* | Update CHANGELOG.md for 12.0.7 | GitLab Release Tools Bot | 2019-08-27 | 23 | -110/+28 |
* | Merge branch 'security-exposed-default-branch-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 3 | -2/+91 |
|\ | |||||
| * | Avoid exposing unaccessible repo data upon GFM processing | Oswaldo Ferreira | 2019-08-26 | 3 | -2/+91 |
|/ | |||||
* | Merge branch 'security-hide_merge_request_ids_on_emails-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 5 | -18/+89 |
|\ | |||||
| * | Prevent disclosure of merge request id via email | Felipe Artur | 2019-08-21 | 5 | -18/+89 |
* | | Merge branch 'security-64711-fix-commit-todos-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 3 | -20/+112 |
|\ \ | |||||
| * | | Send TODOs for comments on commits correctly | Nick Thomas | 2019-08-23 | 3 | -20/+112 |
| |/ | |||||
* | | Merge branch 'security-59549-add-capcha-for-failed-logins-12-0' into '12-0-st... | GitLab Release Tools Bot | 2019-08-26 | 20 | -27/+306 |
|\ \ | |||||
| * | | Add captcha if there are multiple failed login attempts | MaĆgorzata Ksionek | 2019-08-26 | 20 | -27/+306 |
|/ / | |||||
* | | Merge branch 'security-12-0-enable-image-proxy' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 33 | -25/+600 |
|\ \ | |||||
| * | | Add support for using a Camo proxy server | Brett Walker | 2019-08-15 | 35 | -27/+602 |
* | | | Merge branch 'security-60551-fix-upload-scope-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 7 | -2/+48 |
|\ \ \ | |||||
| * | | | Queries for Upload should be scoped by model | Adam Hegyi | 2019-07-11 | 7 | -2/+48 |
* | | | | Merge branch 'security-epic-notes-api-reveals-historical-info-ce-12-0' into '... | GitLab Release Tools Bot | 2019-08-26 | 7 | -7/+20 |
|\ \ \ \ | |||||
| * | | | | Revert parameter change to fix spec | Patrick Derichs | 2019-08-09 | 1 | -1/+1 |
| * | | | | Filter out old system notes for epics | Patrick Derichs | 2019-08-09 | 7 | -8/+21 |
* | | | | | Merge branch 'security-fix-html-injection-for-label-description-ce-12-0' into... | GitLab Release Tools Bot | 2019-08-26 | 5 | -3/+29 |
|\ \ \ \ \ | |||||
| * | | | | | Fix HTML injection for label description | Patrick Derichs | 2019-08-06 | 5 | -3/+29 |
| |/ / / / | |||||
* | | | | | Merge branch 'security-61974-limit-issue-comment-size-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 14 | -19/+103 |
|\ \ \ \ \ | |||||
| * | | | | | Limit the size of issuable description and comments | Alexandru Croitor | 2019-08-22 | 14 | -19/+103 |
| | |_|_|/ | |/| | | | |||||
* | | | | | Merge branch 'security-mr-head-pipeline-leak-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 3 | -5/+39 |
|\ \ \ \ \ | |||||
| * | | | | | Permission fix for MergeRequestsController#pipeline_status | drew cimino | 2019-08-12 | 3 | -5/+39 |
* | | | | | | Merge branch 'security-katex-dos-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 4 | -23/+143 |
|\ \ \ \ \ \ | |||||
| * | | | | | | Enforce max chars and max render time in markdown math | Martin Hanzel | 2019-08-06 | 4 | -23/+143 |
| | |_|/ / / | |/| | | | | |||||
* | | | | | | Merge branch 'security-ssrf-kubernetes-dns-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 5 | -18/+269 |
|\ \ \ \ \ \ | |||||
| * | | | | | | Override hostname when connecting via Kubeclient | Thong Kuah | 2019-08-04 | 5 | -18/+269 |
| |/ / / / / | |||||
* | | | | | | Merge branch 'security-2853-prevent-comments-on-private-mrs-12-0' into '12-0-... | GitLab Release Tools Bot | 2019-08-26 | 6 | -75/+371 |
|\ \ \ \ \ \ | |||||
| * | | | | | | Prevent unauthorised comments on merge requests | Alex Kalderimis | 2019-08-07 | 6 | -75/+371 |
| |/ / / / / | |||||
* | | | | | | Merge branch 'security-fix_jira_ssrf_vulnerability-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 4 | -1/+82 |
|\ \ \ \ \ \ | |||||
| * | | | | | | Fix DNS rebind vulnerability for JIRA integration | Felipe Artur | 2019-08-08 | 4 | -1/+82 |
| |/ / / / / | |||||
* | | | | | | Merge branch 'security-id-filter-timeline-activities-for-guests-12-0' into '1... | GitLab Release Tools Bot | 2019-08-26 | 2 | -1/+6 |
|\ \ \ \ \ \ | |||||
| * | | | | | | Add merge note type as cross reference | Igor Drozdov | 2019-08-21 | 2 | -1/+6 |
| | |_|/ / / | |/| | | | | |||||
* | | | | | | Merge branch 'security-project-import-bypass-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 5 | -26/+244 |
|\ \ \ \ \ \ | |||||
| * | | | | | | Fix project import restricted visibility bypass | George Koltsov | 2019-08-15 | 5 | -26/+244 |
| | |_|/ / / | |/| | | | | |||||
* | | | | | | Merge branch 'security-bvl-bump-gitaly-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 1 | -1/+1 |
|\ \ \ \ \ \ | |||||
| * | | | | | | Bump Gitaly version to 1.47.3 | Bob Van Landuyt | 2019-08-16 | 1 | -1/+1 |
| | |/ / / / | |/| | | | | |||||
* | | | | | | Merge branch 'security-add-job-activity-limit-ce-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 5 | -2/+43 |
|\ \ \ \ \ \ | |||||
| * | | | | | | Add active_jobs_limit to plans table | Fabio Pitino | 2019-08-21 | 5 | -2/+43 |
| |/ / / / / | |||||
* | | | | | | Merge branch 'security-sarcila-fix-weak-session-management-12-0' into '12-0-s... | GitLab Release Tools Bot | 2019-08-26 | 4 | -0/+71 |
|\ \ \ \ \ \ | |||||
| * | | | | | | Add User#will_save_change_to_login? to clear reset_password_tokens | Sebastian Arcila Valenzuela | 2019-08-21 | 4 | -0/+71 |
| |/ / / / / | |||||
* | | | | | | Merge branch 'security-ci-metrics-permissions-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 3 | -8/+64 |
|\ \ \ \ \ \ | |||||
| * | | | | | | Restrict MergeRequests#test_reports to authenticated users with read-access o... | drew cimino | 2019-08-22 | 3 | -8/+64 |
| | |/ / / / | |/| | | | | |||||
* | | | | | | Merge branch 'security-personal-snippets-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 12 | -10/+77 |
|\ \ \ \ \ \ | |||||
| * | | | | | | Add direct upload support for personal snippets | Jan Provaznik | 2019-08-23 | 12 | -10/+77 |
| | |/ / / / | |/| | | | | |||||
* | | | | | | Merge branch 'security-group-runners-permissions-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 3 | -43/+173 |
|\ \ \ \ \ \ | |||||
| * | | | | | | admin_group authorization for Groups::RunnersController | drew cimino | 2019-08-22 | 3 | -43/+173 |
| |/ / / / / | |||||
* | | | | | | Merge branch 'security-fix-markdown-xss-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 8 | -13/+76 |
|\ \ \ \ \ \ | |/ / / / / |/| | | | | | |||||
| * | | | | | Re-escape whole HTML content instead of only match | Jan Provaznik | 2019-08-23 | 8 | -13/+76 |
|/ / / / / | |||||
* | | | | | Merge branch 'jts/12-0-changelog-update' into '12-0-stable' | Marin Jankovski | 2019-08-16 | 1 | -4/+3 |
|\ \ \ \ \ | |/ / / / |/| | | | |