Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Update VERSION to 12.1.14v12.1.14 | GitLab Release Tools Bot | 2019-10-07 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 12.1.14 | GitLab Release Tools Bot | 2019-10-07 | 1 | -0/+4 |
| | | | [ci skip] | ||||
* | Merge remote-tracking branch 'dev/12-1-stable' into 12-1-stable | GitLab Release Tools Bot | 2019-10-02 | 8 | -3/+213 |
|\ | |||||
| * | Update VERSION to 12.1.13v12.1.13 | GitLab Release Tools Bot | 2019-10-01 | 1 | -1/+1 |
| | | |||||
| * | Update CHANGELOG.md for 12.1.13 | GitLab Release Tools Bot | 2019-10-01 | 2 | -5/+7 |
| | | | | | | [ci skip] | ||||
| * | Merge branch 'security-29491-12-1-ce' into '12-1-stable' | Marin Jankovski | 2019-10-01 | 7 | -2/+210 |
| |\ |/ / | | | | | | | Fix private feature Elasticsearch leak See merge request gitlab/gitlabhq!3452 | ||||
| * | EE port: Fix private feature Elasticsearch leak | Mark Chao | 2019-10-01 | 7 | -2/+210 |
|/ | | | | | | Add spec to test different combinations. Accept string for required_minimum_access_level Allow more flexible project membership query | ||||
* | Merge branch 'fix_expired_gpg_key_specs' into 'master' | Stan Hu | 2019-09-30 | 2 | -151/+270 |
| | | | | | | | Fix broken specs : Generate new GPG key in place of expired one Closes #32956 See merge request gitlab-org/gitlab!17853 | ||||
* | Update VERSION to 12.1.12v12.1.12 | GitLab Release Tools Bot | 2019-09-26 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 12.1.12 | GitLab Release Tools Bot | 2019-09-26 | 12 | -58/+17 |
| | | | [ci skip] | ||||
* | Merge branch 'security-gitaly-1-53-4' into '12-1-stable' | GitLab Release Tools Bot | 2019-09-26 | 2 | -1/+6 |
|\ | | | | | | | | | Fix Gitaly SearchBlobs flag RPC injection [Gitaly v1.53.4] See merge request gitlab/gitlabhq!3435 | ||||
| * | Fix Gitaly SearchBlobs flag RPC injection | Paul Okstad | 2019-09-24 | 2 | -1/+6 |
| | | |||||
* | | Merge branch 'security-sarcila-verify-saml-request-origin-12-1' into ↵ | GitLab Release Tools Bot | 2019-09-26 | 12 | -40/+303 |
|\ \ | | | | | | | | | | | | | | | | | | | '12-1-stable' Check that SAML identity linking validates the origin of the request See merge request gitlab/gitlabhq!3376 | ||||
| * | | Validate that SAML requests are originated from gitlab | Sebastian Arcila Valenzuela | 2019-09-16 | 12 | -40/+303 |
| | | | | | | | | | | | | | | | | | | | | | | | | If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509 | ||||
* | | | Merge branch 'security-xss-mermaid-12-1' into '12-1-stable' | GitLab Release Tools Bot | 2019-09-26 | 5 | -318/+1642 |
|\ \ \ | | | | | | | | | | | | | | | | | Gitlab XSS in markdown preview page See merge request gitlab/gitlabhq!3400 | ||||
| * | | | Upgrade mermaid to prevent xss attack | Rajat Jain | 2019-09-10 | 5 | -318/+1642 |
| | | | | | | | | | | | | | | | | | | | | Update mermaid to avoid xss surface area. The newer release restricts script tags to be embedded in mermaid blocks. | ||||
* | | | | Merge branch ↵ | GitLab Release Tools Bot | 2019-09-26 | 3 | -1/+47 |
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'security-12717-fix-confidential-issue-assignee-visible-to-guests-12-1' into '12-1-stable' Display only participants that user has permission to see See merge request gitlab/gitlabhq!3403 | ||||
| * | | | | Display only participants that user has permission to see | Alexandru Croitor | 2019-09-20 | 3 | -1/+47 |
| | | | | | |||||
* | | | | | Merge branch 'security-bypass-email-verification-using-salesforce-12-1' into ↵ | GitLab Release Tools Bot | 2019-09-26 | 6 | -24/+78 |
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | '12-1-stable' Prevent Bypassing Email Verification using Salesforce See merge request gitlab/gitlabhq!3407 | ||||
| * | | | | | Bring back unary operator | Małgorzata Ksionek | 2019-09-11 | 1 | -2/+2 |
| | | | | | | |||||
| * | | | | | Switch unary operator to more verbose way | Małgorzata Ksionek | 2019-09-11 | 1 | -2/+2 |
| | | | | | | |||||
| * | | | | | Bring back unary operator | Małgorzata Ksionek | 2019-09-11 | 1 | -2/+2 |
| | | | | | | |||||
| * | | | | | Add checking for email_verified key | Małgorzata Ksionek | 2019-09-11 | 6 | -24/+78 |
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix rubocop offences and add changelog Add email_verified key for feature specs Add code review remarks Add code review remarks Fix specs | ||||
* | | | | | Merge branch 'security-mermaid-block-12-1' into '12-1-stable' | GitLab Release Tools Bot | 2019-09-26 | 3 | -1/+48 |
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | Only render fixed number of mermaid blocks See merge request gitlab/gitlabhq!3413 | ||||
| * | | | | | Only render fixed number of mermaid blocks | Rajat Jain | 2019-09-19 | 3 | -1/+48 |
| |/ / / / | |||||
* | | | | | Merge branch ↵ | GitLab Release Tools Bot | 2019-09-26 | 4 | -6/+115 |
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'security-12718-project-milestones-disclosed-via-groups-12-1-ce' into '12-1-stable' Hide disabled project milestones in project settings on group level See merge request gitlab/gitlabhq!3416 | ||||
| * | | | | | Hide disabled project milestones in project settings on group level | Alexandru Croitor | 2019-09-26 | 4 | -6/+115 |
| | |_|_|/ | |/| | | | |||||
* | | | | | Merge branch 'security-64938-dont-disclose-path-12-1-ce' into '12-1-stable' | GitLab Release Tools Bot | 2019-09-26 | 3 | -1/+40 |
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | Redirect user to root path after unsubscribing from private resource See merge request gitlab/gitlabhq!3418 | ||||
| * | | | | | Redirect user to root path after unsubscribing from private resource | Alexandru Croitor | 2019-09-20 | 3 | -1/+40 |
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If user unsubsrcribes from a resource that they no longer have access to they should not be revealed the resource path, but be redirected to app root instead. https://gitlab.com/gitlab-org/gitlab-ce/issues/64938 | ||||
* | | | | | Merge branch ↵ | GitLab Release Tools Bot | 2019-09-26 | 5 | -0/+178 |
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'security-12630-private-system-note-disclosed-in-graphql-12-1-ce' into '12-1-stable' Add policy check if cross reference system notes are accessible See merge request gitlab/gitlabhq!3428 | ||||
| * | | | | | Add policy check if cross reference system notes are accessible | Alexandru Croitor | 2019-09-25 | 5 | -0/+178 |
| | |/ / / | |/| | | | |||||
* | | | | | Merge branch 'security-fp-stop-jobs-when-blocking-user-12-1' into '12-1-stable' | GitLab Release Tools Bot | 2019-09-26 | 5 | -1/+68 |
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | Cancel all running CI jobs when user is blocked See merge request gitlab/gitlabhq!3438 | ||||
| * | | | | | Cancel all running CI jobs when user is blocked | Fabio Pitino | 2019-09-24 | 5 | -1/+68 |
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | This prevents a MITM attack where attacker could still access Git repository if any jobs were running long enough. | ||||
* | | | | | Merge branch 'security-cross-reference-fix-ce-12-1' into '12-1-stable' | GitLab Release Tools Bot | 2019-09-26 | 8 | -34/+284 |
|\ \ \ \ \ | |_|/ / / |/| | | | | | | | | | | | | | | Filter not accessible label events See merge request gitlab/gitlabhq!3442 | ||||
| * | | | | Filter not accessible label events | Jan Provaznik | 2019-09-24 | 8 | -34/+284 |
| |/ / / | | | | | | | | | | | | | | | | | | | | | Label events may use cross-project or cross-group references, if the projects are not accessible by user, we don't show these label events. | ||||
* | | | | Merge branch 'ss/fix-sast-failure-on-master-ee' into 'master' | Kushal Pandya | 2019-09-24 | 1 | -1/+1 |
|/ / / | | | | | | | | | | | | | Add argument to catch See merge request gitlab-org/gitlab-ee!15911 | ||||
* | | | Update VERSION to 12.1.11v12.1.11 | GitLab Release Tools Bot | 2019-09-19 | 1 | -1/+1 |
| | | | |||||
* | | | Update CHANGELOG.md for 12.1.11 | GitLab Release Tools Bot | 2019-09-19 | 1 | -0/+4 |
| | | | | | | | | | [ci skip] | ||||
* | | | Update VERSION to 12.1.10v12.1.1012-1-stable-patch-11 | GitLab Release Tools Bot | 2019-09-19 | 1 | -1/+1 |
| | | | |||||
* | | | Update CHANGELOG.md for 12.1.10 | GitLab Release Tools Bot | 2019-09-19 | 1 | -0/+4 |
| | | | | | | | | | [ci skip] | ||||
* | | | Merge branch '12-1-stable-patch-10' into '12-1-stable' | John Jarvis | 2019-09-19 | 2 | -7/+4 |
|\ \ \ | |/ / |/| | | | | | | | | Prepare 12.1.10 release See merge request gitlab-org/gitlab-foss!32979 | ||||
| * | | Merge branch 'sh-fix-captcha-state-pollution-spec' into 'master'12-1-stable-patch-10 | Mayra Cabrera | 2019-09-19 | 1 | -7/+1 |
| | | | | | | | | | | | | | | | | | | | | | Fix order-dependent spec failures with reCAPTCHA Closes #67133 See merge request gitlab-org/gitlab-ce!32771 | ||||
| * | | Merge branch 'sh-fix-no-downtime-upgrades-ce' into '12-1-stable-patch-10' | John Jarvis | 2019-09-19 | 1 | -0/+3 |
| |\ \ |/ / / | | | | | | | | | | [12-1-stable] Re-add ignore_column for import columns See merge request gitlab-org/gitlab-foss!32977 | ||||
| * | | Re-add ignore_column for import columnssh-fix-no-downtime-upgrades-ce | Stan Hu | 2019-09-17 | 1 | -0/+3 |
|/ / | | | | | | | | | This `ignore_column` was present for a while but recently removed, but to ensure we don't get error 500s let's keep it for a while. | ||||
* | | Merge remote-tracking branch 'dev/12-1-stable' into 12-1-stable | GitLab Release Tools Bot | 2019-09-11 | 3 | -2/+9 |
|\ \ | |/ |/| | |||||
| * | Update VERSION to 12.1.9v12.1.9 | GitLab Release Tools Bot | 2019-09-10 | 1 | -1/+1 |
| | | |||||
| * | Update CHANGELOG.md for 12.1.9 | GitLab Release Tools Bot | 2019-09-10 | 2 | -5/+7 |
| | | | | | | [ci skip] | ||||
| * | Merge branch 'security-12-1-bump-pages' into '12-1-stable' | GitLab Release Tools Bot | 2019-09-10 | 2 | -1/+6 |
| |\ |/ / | | | | | | | Set max-age and secure flag for pages auth cookies See merge request gitlab/gitlabhq!3380 | ||||
| * | Upgrade pages to 1.7.2 | Vladimir Shushlin | 2019-09-09 | 2 | -1/+6 |
|/ | |||||
* | Update VERSION to 12.1.8v12.1.8 | GitLab Release Tools Bot | 2019-08-28 | 1 | -1/+1 |
| |