Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Update VERSION to 12.1.17v12.1.1712-1-stable | GitLab Release Tools Bot | 2019-12-13 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 12.1.17 | GitLab Release Tools Bot | 2019-12-13 | 3 | -10/+8 |
| | | | [ci skip] | ||||
* | Merge branch 'ac-fix-12-1' into 12-1-stable | Alessio Caiazza | 2019-12-13 | 1 | -53/+8 |
|\ | |||||
| * | Simplify static-analysis output generationac-fix-12-1 | Stan Hu | 2019-12-13 | 1 | -53/+8 |
|/ | | | | | The buffering of the output may be causing issues, so let's disable it for now. | ||||
* | Merge branch 'backport-21510-12-1' into '12-1-stable' | John Skarbek | 2019-12-13 | 1 | -1/+1 |
|\ | | | | | | | | | Install lsb-release for repo URL construction See merge request gitlab/gitlabhq!3591 | ||||
| * | Install lsb-release for repo URL construction | Kyle Wiebers | 2019-12-13 | 1 | -1/+1 |
|/ | |||||
* | Adds message to indicate we are skipping release 12.1.16 | John T Skarbek | 2019-12-13 | 1 | -0/+4 |
| | |||||
* | Revert "Update CHANGELOG.md for 12.1.16" | John T Skarbek | 2019-12-13 | 3 | -8/+10 |
| | | | | This reverts commit 0455f2f37ff4813f556013ff70177577b0269848. | ||||
* | Revert "Update VERSION to 12.1.16" | John T Skarbek | 2019-12-13 | 1 | -1/+1 |
| | | | | This reverts commit d2e3962c2fde0ff5aaf301cd629b56469f991861. | ||||
* | Update VERSION to 12.1.16v12.1.16 | GitLab Release Tools Bot | 2019-12-12 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 12.1.16 | GitLab Release Tools Bot | 2019-12-12 | 3 | -10/+8 |
| | | | [ci skip] | ||||
* | Adds message to indicate we are skipping release 12.1.15 | John T Skarbek | 2019-12-12 | 1 | -0/+4 |
| | |||||
* | Revert "Update CHANGELOG.md for 12.1.15" | John T Skarbek | 2019-12-12 | 3 | -8/+10 |
| | | | | This reverts commit 2404e6c71a9a9b1699bc2dbb487f909a320e21f3. | ||||
* | Revert "Update VERSION to 12.1.15" | John T Skarbek | 2019-12-12 | 1 | -1/+1 |
| | | | | This reverts commit fa242b393fbadf2578c32b70b437e8dd6f06172b. | ||||
* | Update VERSION to 12.1.15v12.1.15 | GitLab Release Tools Bot | 2019-12-11 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 12.1.15 | GitLab Release Tools Bot | 2019-12-11 | 3 | -10/+8 |
| | | | [ci skip] | ||||
* | Merge branch '12-1-stable-backport-reliable-fetcher' into '12-1-stable' | John Skarbek | 2019-12-10 | 12 | -46/+47 |
|\ | | | | | | | | | Backport reliable fetcher to 12.1 See merge request gitlab/gitlabhq!3584 | ||||
| * | Fix specs, backporting | Valery Sizov | 2019-12-09 | 10 | -43/+44 |
| | | | | | | | | | | | | backport https://gitlab.com/gitlab-org/gitlab/commit/2be136b6cdf59f4664d9fbbe91e16498a47ba227 see https://gitlab.com/gitlab-org/gitlab/commit/3baeb0c7fd6829b8c083a43370163d16f7700263 see https://gitlab.com/gitlab-org/gitlab/merge_requests/21161 | ||||
| * | Backport reliable fetcher | Valery Sizov | 2019-12-09 | 2 | -3/+3 |
|/ | |||||
* | Merge branch 'security-stored-xss-using-find-file-12-1' into '12-1-stable' | GitLab Release Tools Bot | 2019-10-24 | 2 | -1/+7 |
|\ | | | | | | | | | Sanitize search text to prevent XSS See merge request gitlab/gitlabhq!3471 | ||||
| * | Sanitize search text to prevent XSS | samantha-dev | 2019-10-10 | 2 | -1/+7 |
| | | |||||
* | | Merge branch 'security-xss-grafana-url-12-1' into '12-1-stable' | GitLab Release Tools Bot | 2019-10-24 | 8 | -15/+189 |
|\ \ | |/ |/| | | | | | Handle Stored XSS for Grafana URL in settings See merge request gitlab/gitlabhq!3483 | ||||
| * | Handle Stored XSS for Grafana URL in settings | David Wilkins | 2019-10-24 | 8 | -15/+189 |
|/ | | | | | | | | | | | | | | | | | | | | | | | - Extend Gitlab::UrlBlocker to allow relative urls (require_absolute setting). The new `require_absolute` setting defaults to true, which is the existing behavior. - Extend AddressableUrlValidator to accept `require_abosolute` and default to the existing behavior - Add validation for ApplicationSetting#grafana_url to validate that the URL does not contain XSS but can be a valid relative or absolute url. - In the case of existing stored URLs, validate the stored URL does not contain XSS. If the stored URL contains stored XSS or is an otherwise invalid URL, return the default database column value. - Add tests for Gitlab::UrlBlocker to test require_absolute setting - Add tests for AddressableUrlValidator - Add tests for ApplicationSetting#grafana_url | ||||
* | Merge remote-tracking branch 'dev/12-1-stable' into 12-1-stable | GitLab Release Tools Bot | 2019-10-07 | 2 | -1/+5 |
|\ | |||||
| * | Update VERSION to 12.1.14v12.1.14 | GitLab Release Tools Bot | 2019-10-07 | 1 | -1/+1 |
| | | |||||
| * | Update CHANGELOG.md for 12.1.14 | GitLab Release Tools Bot | 2019-10-07 | 1 | -0/+4 |
|/ | | | [ci skip] | ||||
* | Merge remote-tracking branch 'dev/12-1-stable' into 12-1-stable | GitLab Release Tools Bot | 2019-10-02 | 8 | -3/+213 |
|\ | |||||
| * | Update VERSION to 12.1.13v12.1.13 | GitLab Release Tools Bot | 2019-10-01 | 1 | -1/+1 |
| | | |||||
| * | Update CHANGELOG.md for 12.1.13 | GitLab Release Tools Bot | 2019-10-01 | 2 | -5/+7 |
| | | | | | | [ci skip] | ||||
| * | Merge branch 'security-29491-12-1-ce' into '12-1-stable' | Marin Jankovski | 2019-10-01 | 7 | -2/+210 |
| |\ |/ / | | | | | | | Fix private feature Elasticsearch leak See merge request gitlab/gitlabhq!3452 | ||||
| * | EE port: Fix private feature Elasticsearch leak | Mark Chao | 2019-10-01 | 7 | -2/+210 |
|/ | | | | | | Add spec to test different combinations. Accept string for required_minimum_access_level Allow more flexible project membership query | ||||
* | Merge branch 'fix_expired_gpg_key_specs' into 'master' | Stan Hu | 2019-09-30 | 2 | -151/+270 |
| | | | | | | | Fix broken specs : Generate new GPG key in place of expired one Closes #32956 See merge request gitlab-org/gitlab!17853 | ||||
* | Update VERSION to 12.1.12v12.1.12 | GitLab Release Tools Bot | 2019-09-26 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 12.1.12 | GitLab Release Tools Bot | 2019-09-26 | 12 | -58/+17 |
| | | | [ci skip] | ||||
* | Merge branch 'security-gitaly-1-53-4' into '12-1-stable' | GitLab Release Tools Bot | 2019-09-26 | 2 | -1/+6 |
|\ | | | | | | | | | Fix Gitaly SearchBlobs flag RPC injection [Gitaly v1.53.4] See merge request gitlab/gitlabhq!3435 | ||||
| * | Fix Gitaly SearchBlobs flag RPC injection | Paul Okstad | 2019-09-24 | 2 | -1/+6 |
| | | |||||
* | | Merge branch 'security-sarcila-verify-saml-request-origin-12-1' into ↵ | GitLab Release Tools Bot | 2019-09-26 | 12 | -40/+303 |
|\ \ | | | | | | | | | | | | | | | | | | | '12-1-stable' Check that SAML identity linking validates the origin of the request See merge request gitlab/gitlabhq!3376 | ||||
| * | | Validate that SAML requests are originated from gitlab | Sebastian Arcila Valenzuela | 2019-09-16 | 12 | -40/+303 |
| | | | | | | | | | | | | | | | | | | | | | | | | If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509 | ||||
* | | | Merge branch 'security-xss-mermaid-12-1' into '12-1-stable' | GitLab Release Tools Bot | 2019-09-26 | 5 | -318/+1642 |
|\ \ \ | | | | | | | | | | | | | | | | | Gitlab XSS in markdown preview page See merge request gitlab/gitlabhq!3400 | ||||
| * | | | Upgrade mermaid to prevent xss attack | Rajat Jain | 2019-09-10 | 5 | -318/+1642 |
| | | | | | | | | | | | | | | | | | | | | Update mermaid to avoid xss surface area. The newer release restricts script tags to be embedded in mermaid blocks. | ||||
* | | | | Merge branch ↵ | GitLab Release Tools Bot | 2019-09-26 | 3 | -1/+47 |
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'security-12717-fix-confidential-issue-assignee-visible-to-guests-12-1' into '12-1-stable' Display only participants that user has permission to see See merge request gitlab/gitlabhq!3403 | ||||
| * | | | | Display only participants that user has permission to see | Alexandru Croitor | 2019-09-20 | 3 | -1/+47 |
| | | | | | |||||
* | | | | | Merge branch 'security-bypass-email-verification-using-salesforce-12-1' into ↵ | GitLab Release Tools Bot | 2019-09-26 | 6 | -24/+78 |
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | '12-1-stable' Prevent Bypassing Email Verification using Salesforce See merge request gitlab/gitlabhq!3407 | ||||
| * | | | | | Bring back unary operator | Małgorzata Ksionek | 2019-09-11 | 1 | -2/+2 |
| | | | | | | |||||
| * | | | | | Switch unary operator to more verbose way | Małgorzata Ksionek | 2019-09-11 | 1 | -2/+2 |
| | | | | | | |||||
| * | | | | | Bring back unary operator | Małgorzata Ksionek | 2019-09-11 | 1 | -2/+2 |
| | | | | | | |||||
| * | | | | | Add checking for email_verified key | Małgorzata Ksionek | 2019-09-11 | 6 | -24/+78 |
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix rubocop offences and add changelog Add email_verified key for feature specs Add code review remarks Add code review remarks Fix specs | ||||
* | | | | | Merge branch 'security-mermaid-block-12-1' into '12-1-stable' | GitLab Release Tools Bot | 2019-09-26 | 3 | -1/+48 |
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | Only render fixed number of mermaid blocks See merge request gitlab/gitlabhq!3413 | ||||
| * | | | | | Only render fixed number of mermaid blocks | Rajat Jain | 2019-09-19 | 3 | -1/+48 |
| |/ / / / | |||||
* | | | | | Merge branch ↵ | GitLab Release Tools Bot | 2019-09-26 | 4 | -6/+115 |
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'security-12718-project-milestones-disclosed-via-groups-12-1-ce' into '12-1-stable' Hide disabled project milestones in project settings on group level See merge request gitlab/gitlabhq!3416 |