summaryrefslogtreecommitdiff
Commit message (Expand)AuthorAgeFilesLines
* Resolve conflicts in spec/mailers/notify_spec.rbStan Hu2019-03-041-10/+0
* Resolve conflicts in app/policies/group_policy.rbStan Hu2019-03-041-3/+0
* Merge dev master into GitLab.com masterYorick Peterse2019-03-04131-434/+1577
|\
| * Merge branch 'security-2773-milestones-fix' into 'master'Yorick Peterse2019-03-0419-73/+187
| |\
| | * Check issue milestone availabilityJarka Košanová2019-02-1419-73/+187
| * | Merge branch 'security-commit-private-related-mr' into 'master'Yorick Peterse2019-03-046-6/+65
| |\ \
| | * | Add changelog for security fixPatrick Bajao2019-01-281-0/+5
| | * | Modify MergeRequestsFinder to allow filtering by commitPatrick Bajao2019-01-284-4/+45
| | * | Respond with 403 when non-member requests for private MRsPatrick Bajao2019-01-282-2/+15
| * | | Merge branch 'security-id-restricted-access-to-private-repo' into 'master'Yorick Peterse2019-03-045-60/+137
| |\ \ \
| | * | | Forbid creating discussions for users with restricted accessIgor Drozdov2019-03-045-60/+137
| |/ / /
| * | | Merge branch 'security-protect-private-repo-information' into 'master'Yorick Peterse2019-03-046-22/+85
| |\ \ \
| | * | | Add changelog entryLuke Duncalfe2019-02-211-0/+5
| | * | | Removing sensitive properties from ProjectTypeLuke Duncalfe2019-02-181-2/+0
| | * | | Prevent leaking of private repo data through APILuke Duncalfe2019-02-184-20/+80
| * | | | Merge branch 'security-tags-oracle' into 'master'Yorick Peterse2019-03-043-0/+23
| |\ \ \ \
| | * | | | Prevent Releases links API to leak tag existanceAlessio Caiazza2019-02-083-0/+23
| * | | | | Merge branch 'security-2798-fix-boards-policy' into 'master'Yorick Peterse2019-03-043-8/+19
| |\ \ \ \ \
| | * | | | | Disable board policies when issues are disabledHeinrich Lee Yu2019-02-113-8/+19
| * | | | | | Merge branch 'security-2797-milestone-mrs' into 'master'Yorick Peterse2019-03-044-4/+61
| |\ \ \ \ \ \
| | * | | | | | Show only MRs visible to user on milestone detailJarka Košanová2019-02-144-4/+61
| | | |_|_|_|/ | | |/| | | |
| * | | | | | Merge branch 'security-shared-project-private-group' into 'master'Yorick Peterse2019-03-044-11/+67
| |\ \ \ \ \ \
| | * | | | | | Secure vulerability and add specsMałgorzata Ksionek2019-02-285-11/+69
| * | | | | | | Merge branch '2802-security-add-public-internal-groups-as-members-to-your-pro...Yorick Peterse2019-03-0410-13/+85
| |\ \ \ \ \ \ \
| | * | | | | | | Change policy regarding group visibilityMałgorzata Ksionek2019-02-2010-13/+85
| * | | | | | | | Merge branch 'security-kubernetes-local-ssrf' into 'master'Yorick Peterse2019-03-045-1/+60
| |\ \ \ \ \ \ \ \
| | * | | | | | | | Do not allow local urls in Kubernetes formThong Kuah2019-02-215-1/+60
| | | |_|/ / / / / | | |/| | | | | |
| * | | | | | | | Merge branch 'security-kubernetes-google-login-csrf' into 'master'Yorick Peterse2019-03-043-30/+67
| |\ \ \ \ \ \ \ \
| | * | | | | | | | Validate session key when authorizing with GCP to create a clusterTiger2019-02-193-30/+67
| * | | | | | | | | Merge branch 'security-56348' into 'master'Yorick Peterse2019-03-045-2/+60
| |\ \ \ \ \ \ \ \ \
| | * | | | | | | | | Check snippet attached file to be moved is within designated directoryMark Chao2019-02-215-0/+59
| | * | | | | | | | | Align spec with actual usageMark Chao2019-02-131-2/+1
| | |/ / / / / / / /
| * | | | | | | | | Merge branch 'security-55468-check-validity-before-querying' into 'master'Yorick Peterse2019-03-043-19/+53
| |\ \ \ \ \ \ \ \ \
| | * | | | | | | | | Check validity of prometheus_service before queryReuben Pereira2019-03-043-19/+53
| |/ / / / / / / / /
| * | | | | | | | | Merge branch 'security-2799-emails' into 'master'Yorick Peterse2019-03-045-17/+60
| |\ \ \ \ \ \ \ \ \
| | * | | | | | | | | Remove link after issue move when no permissionsJarka Košanová2019-02-205-17/+60
| | | |/ / / / / / / | | |/| | | | | | |
| * | | | | | | | | Merge branch 'security-osw-stop-linking-to-packages' into 'master'Yorick Peterse2019-03-0420-51/+207
| |\ \ \ \ \ \ \ \ \
| | * | | | | | | | | Add changelogOswaldo Ferreira2019-02-261-0/+5
| | * | | | | | | | | Raise not implemented error on BaseLinker for package_urlOswaldo Ferreira2019-02-251-0/+4
| | * | | | | | | | | Stop linking to unrecognized package sourcesOswaldo Ferreira2019-02-2119-51/+198
| | |/ / / / / / / /
| * | | | | | | | | Merge branch 'security-50334' into 'master'Yorick Peterse2019-03-045-66/+82
| |\ \ \ \ \ \ \ \ \
| | * | | | | | | | | Fix git clone revealing private repo's presenceMark Chao2019-02-195-66/+82
| * | | | | | | | | | Merge branch 'security-fj-diff-import-file-read-fix' into 'master'Yorick Peterse2019-03-0410-4/+103
| |\ \ \ \ \ \ \ \ \ \
| | * | | | | | | | | | Arbitrary file read via MergeRequestDiffFrancisco Javier López2019-03-0410-4/+103
| |/ / / / / / / / / /
| * | | | | | | | | | Merge branch 'security-mermaid' into 'master'Yorick Peterse2019-03-043-0/+27
| |\ \ \ \ \ \ \ \ \ \
| | * | | | | | | | | | Limit number of characters allowed in mermaidjsRajat Jain2019-02-273-0/+27
| * | | | | | | | | | | Merge branch 'security-issue_54789_2' into 'master'Yorick Peterse2019-03-043-0/+38
| |\ \ \ \ \ \ \ \ \ \ \
| | * | | | | | | | | | | Prevent disclosing project milestone titlesFelipe Artur2019-02-253-0/+38
| * | | | | | | | | | | | Merge branch 'security-2818_filter_impersonated_sessions' into 'master'Yorick Peterse2019-03-048-52/+38
| |\ \ \ \ \ \ \ \ \ \ \ \
| | * | | | | | | | | | | | Remove ability to revoke active sessionImre Farkas2019-02-276-49/+7
View Lorry Controller Status