Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Update VERSION to 12.5.7v12.5.7 | GitLab Release Tools Bot | 2020-01-13 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 12.5.7 | GitLab Release Tools Bot | 2020-01-13 | 2 | -5/+7 |
| | | | [ci skip] | ||||
* | Add latest changes from gitlab-org/security/gitlab@12-5-stable-ee | GitLab Bot | 2020-01-10 | 5 | -4/+20 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | 2020-01-10 | 1 | -1/+14 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | 2020-01-03 | 6 | -2/+30 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | 2020-01-02 | 2 | -1/+9 |
| | |||||
* | Merge remote-tracking branch 'dev/12-5-stable' into 12-5-stable | GitLab Release Tools Bot | 2020-01-02 | 17 | -23/+151 |
|\ | |||||
| * | Update VERSION to 12.5.6v12.5.6 | GitLab Release Tools Bot | 2020-01-02 | 1 | -1/+1 |
| | | |||||
| * | Update CHANGELOG.md for 12.5.6 | GitLab Release Tools Bot | 2020-01-02 | 6 | -25/+11 |
| | | | | | | [ci skip] | ||||
| * | Add latest changes from gitlab-org/security/gitlab@12-5-stable-ee | GitLab Bot | 2019-12-31 | 22 | -23/+165 |
|/ | |||||
* | Update VERSION to 12.5.5v12.5.5 | John T Skarbek | 2019-12-16 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 12.5.5 | John T Skarbek | 2019-12-16 | 1 | -0/+1 |
| | | | [ci skip] | ||||
* | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | 2019-12-16 | 6 | -16/+17 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | 2019-12-16 | 13 | -28/+72 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | 2019-12-16 | 3 | -1/+1 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | 2019-12-10 | 5 | -2/+12 |
| | |||||
* | Merge remote-tracking branch 'dev/12-5-stable' into 12-5-stable | GitLab Release Tools Bot | 2019-12-10 | 3 | -2/+19 |
|\ | |||||
| * | Update VERSION to 12.5.4v12.5.4 | GitLab Release Tools Bot | 2019-12-09 | 1 | -1/+1 |
| | | |||||
| * | Update CHANGELOG.md for 12.5.4 | GitLab Release Tools Bot | 2019-12-09 | 1 | -0/+4 |
| | | | | | | [ci skip] | ||||
| * | Merge branch 'security-37766-transfer-group-reindex-ce-12-5' into '12-5-stable' | Alessio Caiazza | 2019-12-09 | 1 | -1/+14 |
| |\ |/ / | | | | | | | Trigger Elasticsearch indexing when public group moved to private See merge request gitlab/gitlabhq!3577 | ||||
| * | Trigger Elasticsearch indexing when public group moved to private | Dylan Griffith | 2019-12-06 | 1 | -1/+14 |
|/ | | | | | | This fixes https://gitlab.com/gitlab-org/gitlab/issues/37766 which is caused by the fact that we leave the stale permissions data in the index after a group is moved to another group. | ||||
* | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | 2019-12-05 | 4 | -4/+5 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | 2019-12-03 | 2 | -1/+12 |
| | |||||
* | Update VERSION to 12.5.3v12.5.3 | GitLab Release Tools Bot | 2019-12-03 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 12.5.3 | GitLab Release Tools Bot | 2019-12-03 | 6 | -25/+14 |
| | | | [ci skip] | ||||
* | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | 2019-12-03 | 46 | -171/+477 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | 2019-11-27 | 2 | -1/+5 |
| | |||||
* | Merge remote-tracking branch 'dev/12-5-stable' into 12-5-stable | GitLab Release Tools Bot | 2019-11-27 | 3 | -6/+8 |
|\ | |||||
| * | Update VERSION to 12.5.2v12.5.2 | GitLab Release Tools Bot | 2019-11-27 | 1 | -1/+1 |
| | | |||||
| * | Update CHANGELOG.md for 12.5.2 | GitLab Release Tools Bot | 2019-11-27 | 2 | -5/+7 |
|/ | | | [ci skip] | ||||
* | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | 2019-11-27 | 4 | -4/+22 |
| | |||||
* | Merge remote-tracking branch 'dev/12-5-stable' into 12-5-stable | GitLab Release Tools Bot | 2019-11-27 | 53 | -269/+1242 |
|\ | |||||
| * | Merge branch 'security-dos-issue-and-commit-comments-12-5' into '12-5-stable' | GitLab Release Tools Bot | 2019-11-26 | 3 | -1/+11 |
| |\ | | | | | | | | | | | | | Fix invalid byte sequence See merge request gitlab/gitlabhq!3547 | ||||
| | * | Fix invalid byte sequence | Patrick Derichs | 2019-11-22 | 3 | -1/+11 |
| | | | |||||
| * | | Update VERSION to 12.5.1v12.5.1 | GitLab Release Tools Bot | 2019-11-26 | 1 | -1/+1 |
| | | | |||||
| * | | Update CHANGELOG.md for 12.5.1 | GitLab Release Tools Bot | 2019-11-26 | 9 | -41/+14 |
| | | | | | | | | | [ci skip] | ||||
| * | | Merge branch 'security-29660-update-dependencies-12-5' into '12-5-stable' | GitLab Release Tools Bot | 2019-11-26 | 3 | -2/+7 |
| |\ \ | | | | | | | | | | | | | | | | | Update Workhorse and Gitaly to fix a security issue See merge request gitlab/gitlabhq!3531 | ||||
| | * | | Update Workhorse and Gitaly to fix a security issue | Nick Thomas | 2019-11-21 | 3 | -2/+7 |
| | | | | |||||
| * | | | Merge branch 'security-aws-secret-key-2937-ce-12-5' into '12-5-stable' | GitLab Release Tools Bot | 2019-11-26 | 1 | -0/+1 |
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | Hide AWS secret on Admin Integration page See merge request gitlab/gitlabhq!3532 | ||||
| | * | | | Hide AWS secret on Admin Integration page | Justin Ho Tuan Duong | 2019-11-26 | 1 | -0/+1 |
| |/ / / | |||||
| * | | | Merge branch 'security-ag-cycle-analytics-guest-permissions-12-5' into ↵ | GitLab Release Tools Bot | 2019-11-26 | 6 | -6/+64 |
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | '12-5-stable' Prevent guests from seeing commits for cycle analytics See merge request gitlab/gitlabhq!3534 | ||||
| | * | | | Ensure that summary items remain aligned | Brandon Labuschagne | 2019-11-20 | 2 | -2/+8 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Default number of items is 3. If this is not the case, then increase the column width of the summary items to cater for 2 items plus the date filter. | ||||
| | * | | | Prevent guests from seeing commits for cycle analytics | Aakriti Gupta | 2019-11-20 | 4 | -4/+56 |
| | | | | | | | | | | | | | | | | | | | | | | | | | - if the user has access level lower than REPORTER, don't include commit count in summary | ||||
| * | | | | Merge branch 'security-filter-related-branches-from-activity-feed-12.5' into ↵ | GitLab Release Tools Bot | 2019-11-26 | 4 | -1/+121 |
| |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | '12-5-stable' Related Branches Visible to Guests in Issue Activity See merge request gitlab/gitlabhq!3538 | ||||
| | * | | | | Restrict branches visible to guests in Issue feed | Kerri Miller | 2019-11-20 | 4 | -1/+121 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Notes related to branch creation should not be shown in an issue's activity feed when the user doesn't have access to :download_code. | ||||
| * | | | | | Merge branch 'security-2943-encrypt-plaintext-tokens-12-5' into '12-5-stable' | GitLab Release Tools Bot | 2019-11-26 | 7 | -29/+239 |
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | GitLab stores AWS, Slack, Askimet, reCaptcha tokens in plaintext See merge request gitlab/gitlabhq!3543 | ||||
| | * | | | | | Encrypt application settings with pre and post deployments | Arturo Herrero | 2019-11-25 | 6 | -83/+31 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We had concerns about the cached values on Redis with the previous two releases strategy: First release (this commit): - Create new encrypted fields in the database. - Start populating new encrypted fields, read the encrypted fields or fallback to the plaintext fields. - Backfill the data removing the plaintext fields to the encrypted fields. Second release: - Remove the virtual attribute (created in step 2). - Drop plaintext columns from the database (empty columns after step 3). We end up with a better strategy only using migration scripts in one release: - Pre-deployment migration: Add columns required for storing encrypted values. - Pre-deployment migration: Store the encrypted values in the new columns. - Post-deployment migration: Remove the old unencrypted columns | ||||
| | * | | | | | Encrypt application setting tokens | Arturo Herrero | 2019-11-21 | 7 | -23/+285 |
| | | |_|/ / | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is the plan to encrypt the plaintext tokens: First release (this commit): 1. Create new encrypted fields in the database. 2. Start populating new encrypted fields, read the encrypted fields or fallback to the plaintext fields. 3. Backfill the data removing the plaintext fields to the encrypted fields. Second release: 4. Remove the virtual attribute (created in step 2). 5. Drop plaintext columns from the database (empty columns after step 3). | ||||
| * | | | | | Merge branch 'security-dns-rebind-ssrf-in-slack-notifications-12-5-ce' into ↵ | GitLab Release Tools Bot | 2019-11-26 | 12 | -181/+294 |
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | '12-5-stable' Use Gitlab::HTTP for all chat notifications See merge request gitlab/gitlabhq!3544 | ||||
| | * | | | | | Use Gitlab::HTTP for all chat notifications | Hordur Freyr Yngvason | 2019-11-21 | 12 | -181/+294 |
| | |/ / / / |