summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Update VERSION to 12.1.4v12.1.4GitLab Release Tools Bot2019-08-051-1/+1
|
* Update CHANGELOG.md for 12.1.4GitLab Release Tools Bot2019-08-055-20/+13
| | | [ci skip]
* Merge branch '12-1-stable-patch-4' into '12-1-stable'Robert Speicher2019-08-0525-102/+259
|\ | | | | | | | | Prepare 12.1.4 release See merge request gitlab-org/gitlab-ce!31483
| * Merge branch '12-1-stable-patch-4-updated' into '12-1-stable-patch-4'John Skarbek2019-08-052-1/+6
| |\ | | | | | | | | | | | | Cherry pick !30958 into 12.1.4 See merge request gitlab-org/gitlab-ce!31486
| | * Fix translation of 'Updated' term in projects listPaul Gascou-Vaillancourt2019-08-052-1/+6
| |/
| * Merge branch 'leipert-no-danger-on-stbl' into 'master'Robert Speicher2019-08-051-0/+1
| | | | | | | | | | | | | | | | | | Don't run danger on stable branches See merge request gitlab-org/gitlab-ce!31430 (cherry picked from commit e14265d50d80e96db694f66d6ea3a12b1fdcf943) 3a3476d4 Don't run danger on stable branches
| * Merge branch 'leipert-remove-docker-host' into 'master'Bob Van Landuyt2019-08-052-2/+2
| | | | | | | | | | | | | | | | | | Resolve docker in docker problems See merge request gitlab-org/gitlab-ce!31417 (cherry picked from commit 0fec9a4fc7fae7480a92d6402d3ad144b4bd7233) 7b4c88ed Use stable image version for dind
| * Merge branch 'sh-fix-mermaid-subgraphs-docs' into 'master'Evan Read2019-08-054-28/+19
| | | | | | | | | | | | | | | | | | Use Mermaid Markdown for testing guide docs See merge request gitlab-org/gitlab-ce!31322 (cherry picked from commit 407de0417d8ecb625e457054a85497f0e640316f) a3e18e7c Use Mermaid Markdown for testing guide docs
| * Merge branch 'sh-mermaid-subgraph-docs' into 'master'Evan Read2019-08-051-0/+43
| | | | | | | | | | | | | | | | | | | | | | Document required quotes in Mermaid subgraph titles Closes #65338 See merge request gitlab-org/gitlab-ce!31312 (cherry picked from commit ef19202c16fd333f0a45e5f0e3c56d1b2089eae4) 8f9b2fcc Document required quotes in Mermaid subgraph titles
| * Merge branch 'leipert-improve-ansi2html' into 'master'Fatih Acet2019-08-057-44/+54
| | | | | | | | | | | | | | | | | | | | | | Improve job log rendering performance See merge request gitlab-org/gitlab-ce!31262 (cherry picked from commit eb2d4adf38726da62f62e850d181cedf12c64c5e) 6b45d85e Prevent empty classes in ansi2html conversion 5366c89b Fix deep DOM tree problem in ansi2html d1f4d8c7 Improve size of rendered job trace
| * Merge branch 'patch-72' into 'master'Thong Kuah2019-08-052-0/+6
| | | | | | | | | | | | | | | | | | | | | | Set DOCKER_TLS_CERTDIR in CI job templates See merge request gitlab-org/gitlab-ce!31201 (cherry picked from commit 82ce29d32fc8d98571ee43a6d348f89bdecfa9c0) 8d4f53a0 Set DOCKER_TLS_CERTDIR in CI job templates 25486f40 Merge remote-tracking branch 'upstream/master' into patch-72 2535575c Add changelog.
| * Merge branch 'osw-avoid-errors-due-to-concurrent-calls' into 'master'12-1-stable-patch-4Douwe Maan2019-08-057-27/+128
|/ | | | | | | | | Add exclusive lease to mergeability check process See merge request gitlab-org/gitlab-ce!31082 (cherry picked from commit c017dc578dc78729050792d22b449ce0529479cf) f4cd926c Add exclusive lease to mergeability check process
* Update VERSION to 12.1.3v12.1.3fix_docs_lint-12-1GitLab Release Tools Bot2019-07-301-1/+1
|
* Update CHANGELOG.md for 12.1.3GitLab Release Tools Bot2019-07-3013-61/+21
| | | [ci skip]
* Merge branch '12-1-stable-patch-3' into '12-1-stable'Robert Speicher2019-07-3056-148/+534
|\ | | | | | | | | Prepare 12.1.3 release See merge request gitlab-org/gitlab-ce!31295
| * Merge branch 'docs-fix-broken-internal-links' into 'master'Marcia Ramos2019-07-302-2/+2
| | | | | | | | | | | | | | | | Fix broken internal links in docs Closes #65318 See merge request gitlab-org/gitlab-ce!31280
| * Merge branch 'sh-fix-gitaly-access-control' into 'master'Douglas Barbosa Alexandre2019-07-303-1/+16
| | | | | | | | | | | | | | | | | | | | | | Fix exception handling in Gitaly autodetection Closes #65328 See merge request gitlab-org/gitlab-ce!31285 (cherry picked from commit d92a8c1a5f9b061a10140239bed44b432b28abdf) 3b76d298 Fix exception handling in Gitaly autodetection
| * Merge branch 'sh-fix-pdfjs-page-ordering' into 'master'12-1-stable-patch-3Mike Greiling2019-07-303-9/+16
| | | | | | | | | | | | | | | | | | | | | | | | Fix pdf.js rendering pages in the wrong order Closes #64467 See merge request gitlab-org/gitlab-ce!31222 (cherry picked from commit f039d592aa6203502be487801777167e433ad9d2) 6d3b203d Fix pdf.js rendering pages in the wrong order 5246626d Simplify pdf.js logic
| * Merge branch 'dm-submodule-links-nil' into 'master'Nick Thomas2019-07-305-3/+75
| | | | | | | | | | | | | | | | | | Fix error rendering submodules in MR diffs when there is no .gitmodules See merge request gitlab-org/gitlab-ce!31162 (cherry picked from commit 55f99e930e1c147ec191a234ff4881ea7e70ea61) cfef1e8e Fix error rendering submodules in MR diffs when there is no .gitmodules
| * Merge branch 'sh-support-docker-oci-images' into 'master'Dmitriy Zaporozhets2019-07-305-5/+49
| | | | | | | | | | | | | | | | | | | | | | Support Docker OCI images Closes gitlab-ee#12877 and #58685 See merge request gitlab-org/gitlab-ce!31127 (cherry picked from commit 29f2903d161c2b93468a997f704a81adebcc9f58) a4011606 Support Docker OCI images
| * Merge branch '65019-job-templates-dind-tls-fix' into 'master'Thong Kuah2019-07-306-0/+12
| | | | | | | | | | | | | | | | | | Set DOCKER_TLS_CERTDIR in CI job templates See merge request gitlab-org/gitlab-ce!31080 (cherry picked from commit 8768e295c3474cb3fcee9afe3b7e9a2ac1431b50) c472bec5 Set DOCKER_TLS_CERTDIR in CI job templates
| * Merge branch '65019-auto-devops-dind-tls-fix' into 'master'Thong Kuah2019-07-302-0/+7
| | | | | | | | | | | | | | | | | | Set DOCKER_TLS_CERTDIR in Auto Dev-Ops CI template See merge request gitlab-org/gitlab-ce!31078 (cherry picked from commit a842c3882c4b47cc8b384fbd84be5643dacc7269) af88ccfa Set DOCKER_TLS_CERTDIR in Auto Dev-Ops CI template
| * Merge branch 'alhashash1-12-1-stable-patch-67177' into 'master'Stan Hu2019-07-301-4/+11
| | | | | | | | | | | | | | | | | | | | | | Fix incorrect web server selection parameter in init.d script Closes #64802 and #65008 See merge request gitlab-org/gitlab-ce!31076 (cherry picked from commit 0a2bbc9267e5aca220cda17f13e6f62bae7f1f1b) 2bc43c44 Fix incorrect web server parameter in init.d script
| * Merge branch 'optimise-import-performance' into 'master'Stan Hu2019-07-3010-34/+32
| | | | | | | | | | | | | | | | | | | | | | Optimise import performance Closes #64924 See merge request gitlab-org/gitlab-ce!31045 (cherry picked from commit 0d538e44aff066372ecd9d10ac6786681bc347c9) 8d1e97fc Optimise import performance
| * Merge branch '64091-fix-sprockets-paths' into 'master'Stan Hu2019-07-302-1/+9
| | | | | | | | | | | | | | | | | | | | | | | | Fix xterm CSS not loading Closes #64091 See merge request gitlab-org/gitlab-ce!31023 (cherry picked from commit 9881aa08bfe68224e7d37b5721ee4b026d94f739) 4b84e1c4 Fix xterm CSS not loading 64d16844 Add CHANGELOG.md entry
| * Merge branch 'dm-submodule-helper-routing' into 'master'Nick Thomas2019-07-303-40/+58
| | | | | | | | | | | | | | | | | | | | | | Ensure SubmoduleHelper works outside view context Closes #64833 See merge request gitlab-org/gitlab-ce!31005 (cherry picked from commit 8b284a51c03d6ab0634f115b38014d5a87f73d57) 26ac53b3 Ensure SubmoduleHelper works outside view context
| * Merge branch ↵Nick Thomas2019-07-304-1/+115
| | | | | | | | | | | | | | | | | | | | | | | | | | '64870-can-t-save-pages-domain-form-with-let-s-encrypt-enabled-if-current-certificate-is-outdated' into 'master' Resolve "Can't save pages domain form with Let's Encrypt enabled if current certificate is outdated" Closes #64870 See merge request gitlab-org/gitlab-ce!30995 (cherry picked from commit 8073b0554fc8f7dddc250025aaf5cedd09f423cb) 9c0f4286 Validate certificate chain only if it's changed
| * Merge branch '64731-fix-project-auto-devops-api' into 'master'Mayra Cabrera2019-07-305-21/+45
| | | | | | | | | | | | | | | | | | Fix the project auto devops API See merge request gitlab-org/gitlab-ce!30946 (cherry picked from commit a85a233ffc5a8a06de16fd2a52b3fdb039cfae5b) 74444a93 Fix the project auto devops API
| * Merge branch 'docs-jivanvl-additional-panel-type-support' into 'master'Evan Read2019-07-303-1/+60
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add documentation for panel types See merge request gitlab-org/gitlab-ce!30695 (cherry picked from commit acdb1f79688adae87933b34c3140e286ebab055c) d5efb69f Add documentation for panel types e9287a99 Apply suggestion to doc/user/project/integrations/prometheus.md 010de6cf Apply suggestion to doc/user/project/integrations/prometheus.md 55f0b4d2 Apply suggestion to doc/user/project/integrations/prometheus.md 07462a1f Apply suggestion to doc/user/project/integrations/prometheus.md 4a3d72fa Apply suggestion to doc/user/project/integrations/prometheus.md a3f7fe49 Apply suggestion to doc/user/project/integrations/prometheus.md b32a701e Apply suggestion to doc/user/project/integrations/prometheus.md
| * Merge branch 'registry-fix-multi-delete-modal' into 'master'Kushal Pandya2019-07-301-0/+5
| | | | | | | | | | | | | | | | | | Set unique modal IDs See merge request gitlab-org/gitlab-ce!30532 (cherry picked from commit b698e4ce87d4c8f349fa120ca5ab854ef6d98764) a076d1d8 Set unique modal IDs
| * Merge branch ↵Kushal Pandya2019-07-304-26/+22
|/ | | | | | | | | | | '11639-improve-discovery-and-navigation-for-gitlab-package-features-ce' into 'master' Improving packages navigation in project sidebar [CE Backport] See merge request gitlab-org/gitlab-ce!30256 (cherry picked from commit f64868ccbd88ecd9517554c5817d077d6e12d1e0) c1698f41 Improving packages navigation in project sidebar
* Update CHANGELOG.md for 12.1.2v12.1.2GitLab Release Tools Bot2019-07-262-5/+4
| | | [ci skip]
* Merge branch 'security-mr-pipeline-permissions-12-1' into '12-1-stable'GitLab Release Tools Bot2019-07-264-6/+102
|\ | | | | | | | | MR pipeline permissions See merge request gitlab/gitlabhq!3281
| * Use MergeRequest#source_project as permissions reference for ↵drew cimino2019-07-264-6/+102
|/ | | | | | | | | | MergeRequest#all_pipelines MergeRequest#all_pipelines fetches Ci::Pipeline records from the source project, so we should specifically check that project for permissions. This was already happening for intra-project merge requests, but in the event that the target and source projects both have private builds, we should ensure that the project permissions are respected.
* Update VERSION to 12.1.2GitLab Release Tools Bot2019-07-251-1/+1
|
* Update CHANGELOG.md for 12.1.2GitLab Release Tools Bot2019-07-2510-45/+15
| | | [ci skip]
* Merge branch 'security-dns-ssrf-bypass-12-1' into '12-1-stable'GitLab Release Tools Bot2019-07-244-14/+49
|\ | | | | | | | | Server Side Request Forgery mitigation bypass See merge request gitlab/gitlabhq!3220
| * Fix Server Side Request Forgery mitigation bypassFrancisco Javier López2019-07-154-14/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | When we can't resolve the hostname or it is invalid, we shouldn't even perform the request. This fix also fixes the problem the SSRF rebinding attack. We can't stub feature flags outside example blocks. Nevertheless, there are some actions that calls the UrlBlocker, that are performed outside example blocks, ie: `set` instruction. That's why we have to use some signalign mechanism outside the scope of the specs.
* | Merge branch 'security-60143-patch-additional-xss-issue-12.1' into '12-1-stable'GitLab Release Tools Bot2019-07-2410-92/+235
|\ \ | | | | | | | | | | | | Extract SanitizeNodeLink and apply to WikiLinkFilter See merge request gitlab/gitlabhq!3221
| * | Extract SanitizeNodeLink and apply to WikiLinkFilterKerri Miller2019-07-1610-92/+235
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The SanitizationFilter was running before the WikiFilter. Since WikiFilter can modify links, we could see links that _should_ be stopped by SanatizationFilter being rendered on the page. I (kerrizor) had previously addressed the bug in: https://gitlab.com/gitlab-org/gitlab-ee/commit/7bc971915bbeadb950bb0e1f13510bf3038229a4 However, an additional exploit was discovered after that was merged. Working through the issue, we couldn't simply shuffle the order of filters, due to some implicit assumptions about the order of filters, so instead we've extracted the logic that sanitizes a Nokogiri-generated Node object, and applied it to the WikiLinkFilter as well. On moving filters around: Once we start moving around filters, we get cascading failures; fix one, another one crops up. Many of the existing filters in the WikiPipeline chain seem to assume that other filters have already done their work, and thus operate on a "transform anything that's left" basis; WikiFilter, for instance, assumes any link it finds in the markdown should be prepended with the wiki_base_path.. but if it does that, it also turns `href="@user"` into `href="/path/to/wiki/@user"`, which the UserReferenceFilter doesn't see as a user reference it needs to transform into a user profile link. This is true for all the reference filters in the WikiPipeline.
* | Merge branch 'security-github-ssrf-redirect-12-1' into '12-1-stable'GitLab Release Tools Bot2019-07-246-3/+100
|\ \ | | | | | | | | | | | | Do not allow localhost url redirection in GitHub Integration See merge request gitlab/gitlabhq!3223
| * | Do not allow localhost url redirection in GitHub Integrationmanojmj2019-07-096-3/+100
| | |
* | | Merge branch 'security-remove-take-trigger-ownership-feature-12-1' into ↵GitLab Release Tools Bot2019-07-2411-141/+9
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | '12-1-stable' Drop feature to take ownership of a trigger token See merge request gitlab/gitlabhq!3225
| * | | Drop feature to take ownership of a trigger tokenFabio Pitino2019-07-1011-141/+9
| |/ / | | | | | | | | | | | | | | | | | | Removing API and frontend interactions that allowed users to take ownership of a trigger token. Removed mentions from the documentation.
* | | Merge branch 'security-60551-fix-upload-scope-12-1' into '12-1-stable'GitLab Release Tools Bot2019-07-247-2/+48
|\ \ \ | | | | | | | | | | | | | | | | Queries for Upload should be scoped by model See merge request gitlab/gitlabhq!3234
| * | | Queries for Upload should be scoped by modelAdam Hegyi2019-07-117-2/+48
| |/ /
* | | Merge branch 'security-fix-badges-leaked-to-unauthorized-users-12-1' into ↵GitLab Release Tools Bot2019-07-243-31/+101
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | '12-1-stable' Don't display badges when builds are restricted See merge request gitlab/gitlabhq!3236
| * | | Don't display badges when builds are restrictedFabio Pitino2019-07-113-31/+101
| |/ / | | | | | | | | | | | | | | | | | | | | | Badges were leaked to unauthorized users even when Public Builds project setting is disabled. Added guard clause to the controller to check if user can read build.
* | | Merge branch 'security-bvl-filter-mr-params-12-1' into '12-1-stable'GitLab Release Tools Bot2019-07-244-8/+83
|\ \ \ | | | | | | | | | | | | | | | | Filter params in MR build service See merge request gitlab/gitlabhq!3253
| * | | Filter params in MR build serviceBob Van Landuyt2019-07-174-8/+83
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reusing the existing `IssuableBaseService#filter_params` which uses the policies to determine what params a user can set, and which values it can be set to. This also removed the need for the seperate call to `IssuableBaseService#ensure_milestone_available`. The `Issues::BuildService` does not suffer from this because it limits the params that are assignable to the `title`, `description` and `milestone_id`.
View Lorry Controller Status