delta/gitlab/gitlab-ce.git - gitlab.com: gitlab-org/gitlab-ce.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Update VERSION to 8.13.7v8.13.7	Rémy Coutable	2016-11-28	1	-1/+1
\|
*	Update CHANGELOG.md for 8.13.7	Rémy Coutable	2016-11-28	7	-24/+9
\| \| \|	[ci skip]
*	Merge branch 'zj-upgrade-grape' into 'master'	Robert Speicher	2016-11-25	3	-3/+7
\| \| \| \| \| \| \| \|	Update grape-entity to 0.6.0 See merge request !7491 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch 'jej-use-issuable-finder-instead-of-access-check' into 'security'	Douwe Maan	2016-11-24	14	-33/+97
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Replace issue access checks with use of IssuableFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 :warning: - Potentially untested :bomb: - No test coverage :traffic_light: - Test coverage of some sort exists (a test failed when error raised) :vertical_traffic_light: - Test coverage of return value (a test failed when nil used) :white_check_mark: - Permissions check tested Using `visible_to_user` likely makes these security issues too. See [Code smells](#code-smells). - [x] :vertical_traffic_light: app/finders/notes_finder.rb:15 [`visible_to_user`] - [x] :traffic_light: app/views/layouts/nav/_project.html.haml:73 [`visible_to_user`] [`.count`] - [x] :white_check_mark: app/services/merge_requests/build_service.rb:84 [`issue.try(:confidential?)`] - [x] :white_check_mark: lib/api/issues.rb:112 [`visible_to_user`] - CHANGELOG: Prevented API returning issues set to 'Only team members' to everyone - [x] :white_check_mark: lib/api/helpers.rb:126 [`can?(current_user, :read_issue, issue)`] Maybe here too? - [x] :white_check_mark: lib/gitlab/search_results.rb:53 [`visible_to_user`] - [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b2ff264eddf9819d7693c14ae213d941494fe2b3_128_126 - [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#7b6375270d22f880bdcb085e47b519b426a5c6c7_87_87 See merge request !2031 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch 'jej-fix-missing-access-check-on-issues' into 'security'	Douwe Maan	2016-11-24	17	-23/+62
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Fix missing access checks on issue lookup using IssuableFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ## Which fixes are in this MR? :warning: - Potentially untested :bomb: - No test coverage :traffic_light: - Test coverage of some sort exists (a test failed when error raised) :vertical_traffic_light: - Test coverage of return value (a test failed when nil used) :white_check_mark: - Permissions check tested ### Issue lookup without access check (security) - [x] :white_check_mark: app/controllers/projects/branches_controller.rb:39 - `before_action :authorize_push_code!` helpes limit/prevent exploitation. Always checks for reporter access so fine with confidential issues, issues only visible to team, etc. - [x] :traffic_light: app/models/cycle_analytics/summary.rb:9 [`.count`] - [x] :white_check_mark: app/controllers/projects/todos_controller.rb:19 ### Code smells - [x] Potential double render in app/controllers/projects/todos_controller.rb ### Previous discussions - https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#cedccb227af9bfdf88802767cb58d43c2b977439_24_24 See merge request !2030
*	Merge branch 'jej-22869' into 'security'	Douwe Maan	2016-11-24	6	-14/+108
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Fix information disclosure in `Projects::BlobController#update` ## What does this MR do? It was possible to discover private project names by modifying `from_merge_request`parameter in `Projects::BlobController#update`. This fixes that. ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added - Tests - [x] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? https://gitlab.com/gitlab-org/gitlab-ce/issues/22869 See merge request !2023 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch 'zj-fix-label-creation-non-members' into 'security'	Douwe Maan	2016-11-24	9	-102/+99
\| \| \| \| \| \| \|	Fix label creation non members Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23416 See merge request !2006
*	Merge branch '23990-project-show-error-when-empty-repo' into 'master'	Douwe Maan	2016-11-24	3	-1/+50
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	500 error on project show when user is not logged in and project is still empty ## What does this MR do? Aims to fix the 500 error when the project is empty and the user is not logged in and tries to access project#show ## Screenshots (if relevant) When the project is empty and the user is not logged in we default to the empty project partial instead of readme. ![Screen_Shot_2016-11-11_at_22.54.21](/uploads/3d87e65195376c85d3e515e6d5a9a850/Screen_Shot_2016-11-11_at_22.54.21.png) ## Does this MR meet the acceptance criteria? - [x] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added - [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [x] API support added - Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if it does - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #23990 See merge request !7376
*	Merge branch 'docs/backport-jira-docs-to-8-13' into '8-13-stable'	Achilleas Pipinellis	2016-11-22	1	-19/+27
\|\ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Backport JIRA api docs to 8-13-stable We need to backport the JIRA API docs that were until recently on master to 8-13-stable also. With 8.14 we simplified the way JIRA is configured and we need a link to point to the old docs. https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7675/diffs#bb2ba7ca0e10bd01609ab50236882ea82a183e60_472_471 See merge request !7677
\| *	Backport JIRA api docs to 8-13-stable	Achilleas Pipinellis	2016-11-22	1	-19/+27
\|/ \| \| \|	[ci skip]
*	Add missing changelog item	Rémy Coutable	2016-11-17	1	-0/+1
\| \| \| \| \| \|	[ci skip] Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Add a missing CHANGELOG item	Rémy Coutable	2016-11-17	1	-0/+1
\| \| \| \| \| \|	[ci skip] Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Update VERSION to 8.13.6v8.13.6	Rémy Coutable	2016-11-17	1	-1/+1
\|
*	Update CHANGELOG.md for 8.13.6	Rémy Coutable	2016-11-17	9	-33/+11
\| \| \|	[ci skip]
*	Merge branch '23824-activity-page-does-not-show-commits-comments' into 'master'	Robert Speicher	2016-11-17	4	-5/+36
\| \| \| \| \| \| \| \| \| \| \|	Allow commit note to be visible if repo is visible ## What does this MR do? It enforces the `:download_code` permission in `Event#visible_to_user?` for commit notes. Closes #23824 See merge request !7504
*	Merge branch 'rs-issue-24527' into 'master'	Sean McGivern	2016-11-17	3	-25/+41
\| \| \| \| \| \| \|	Limit labels returned for a specific project as an administrator Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/24527 See merge request !7496
*	Fix CHANGELOG and remove a spec meant to be on 8.14 only	Rémy Coutable	2016-11-16	2	-75/+0
\| \| \| \|	Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch '24392-lfs-helper-refactor' into 'master'	Douwe Maan	2016-11-15	2	-4/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Move the `objects` method to `LfsHelper` so that it is also available to `LfsStorageController` ## What does this MR do? Move the `objects` method to `LfsHelper` so that it is also available to `LfsStorageController` It is needed for the `lfs_check_access!` callback when the repository size limit is enabled (EE only). cc @stanhu @ahanselka ## Why was this MR needed? Errors shown here: gitlab-org/gitlab-ce#24392 Discovered thanks to gitlab-com/infrastructure#302 ## What are the relevant issue numbers? Fixes #24392 Fixes gitlab-com/support-forum#1280 See merge request !7417
*	Merge branch '24397-load-labels-on-mr-tabs' into 'master'	Sean McGivern	2016-11-15	3	-0/+30
\| \| \| \| \| \| \|	Ensure labels are loaded for all "show" methods of MR Controller Closes #24397 See merge request !7416
*	Merge branch 'fix-cache-for-commit-status' into 'master'	Rémy Coutable	2016-11-15	2	-1/+5
\| \| \| \| \| \| \| \| \|	Fix cache for commit status in commits list to respect branches Fix cache for commit status in commits list to respect branches Closes #24324 See merge request !7372
*	Merge branch 'fix-uncheckable-label-for-force_remove_source_branch' into ↵	Robert Speicher	2016-11-15	2	-1/+5
\| \| \| \| \| \| \| \| \| \| \| \| \|	'master' Clicking "force remove source branch" label now toggles the checkbox again We remove the ID from the hidden tag for `merge_request[force_remove_source_branch]` in order to fix the checkbox toggling when the associated label is clicked. The issue was introduced by !7267 and discovered in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7267#note_18028311. See merge request !7356
*	Merge branch 'split-out-markdown-cache-update' into 'master'	Yorick Peterse	2016-11-15	1	-1/+5
\| \| \| \| \|	Split out markdown cache storage into a separate method See merge request !7277
*	Merge branch '24038-fix-no-register-pane-if-ldap' into 'master'	Sean McGivern	2016-11-15	2	-0/+7
\| \| \| \| \| \| \|	Fix no "Register" tab if ldap auth is enabled (#24038) Closes #24038 See merge request !7274
*	Merge branch 'issue_20245' into 'master'	Robert Speicher	2016-11-15	3	-1/+25
\| \| \| \| \| \| \|	Fix project Visibility level selector not using default values closes #20245 See merge request !7264
*	Merge branch 'adam-fix-wiki-links-markdown' into 'master'	Sean McGivern	2016-11-15	2	-1/+46
\| \| \| \| \| \| \|	Fix relative links in Markdown wiki when displayed in "Project" tab Refers to #23806 See merge request !7218
*	Merge branch 'add-special-char-tests-for-refs-dropdown' into 'master'	Fatih Acet	2016-11-15	1	-1/+13
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Add test for refs dropdown selection with special chars ## What does this MR do? ## Are there points in the code the reviewer needs to double check? ## Why was this MR needed? ## Screenshots (if relevant) ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if it does - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? See merge request !7175
*	Merge branch '23713-milestone-dropdown-not-selected' into 'master'	Robert Speicher	2016-11-15	3	-2/+82
\| \| \| \| \| \| \| \| \| \|	Milestone dropdown does not stay selected Closes #23713 See merge request !7117 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch '23520-mr-sticky-tabs-overlap-discussion-from-anchor' into 'master'	Fatih Acet	2016-11-15	2	-8/+19
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Account for fixed position MR when scrolling to elements This MR accounts for the new merge request fixed affix bar when scrolling to an element on the MR page. The fixed MR tabs bar was not being taken into account when shifting permalink scroll targets so that they are unobscured by navigation elements. Closes #23520 See merge request !7051 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch 'fix_saml_ldap_link' into 'master'	Douwe Maan	2016-11-15	3	-1/+29
\| \| \| \| \| \| \|	Omniauth auto link LDAP user falls back to find by DN when user cannot be found by uid Unfortunately, SAML IDs can be an LDAP UID, DN, or something else entirely. UID and DN are most common, though. This adds a fallback scenario so we first try to find a matching LDAP user by UID, then by DN. This will fix a problem for the customer in https://gitlab.zendesk.com/agent/tickets/43298 See merge request !7002
*	Add 8.13.5 CHANGELOG	Rémy Coutable	2016-11-09	2	-4/+4
\| \| \| \| \| \|	[ci skip] Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Update VERSION to 8.13.5v8.13.5	Alejandro Rodríguez	2016-11-08	1	-1/+1
\|
*	Merge branch 'unauthenticated-container-registry-access' into 'security'	Alejandro Rodriguez	2016-11-08	4	-10/+32
\| \| \| \| \| \| \| \| \|	Restore unauthenticated access to public container registries Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/24284 /cc @stanhu @kamil @pablo See merge request !2025
*	Add date for the 8.13.4 release	Rémy Coutable	2016-11-07	1	-1/+1
\| \| \| \| \| \|	[ci skip] Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Update VERSION to 8.13.4v8.13.4	Rémy Coutable	2016-11-07	1	-1/+1
\|
*	Update CHANGELOG.md for 8.13.4	Rémy Coutable	2016-11-07	8	-28/+7
\| \| \|	[ci skip]
*	Fix ref not passed to commit partial	Rémy Coutable	2016-11-07	1	-1/+1
\| \| \| \|	Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch 'markdown-xss-fix-option-2.1' into 'security'	Douwe Maan	2016-11-07	3	-10/+54
\| \| \| \| \| \| \| \| \| \| \| \|	Fix for HackerOne XSS vulnerability in markdown This is an updated blacklist patch to fix https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2007. No text is removed. Dangerous schemes/protocols and invalid URIs are left intact but not linked. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23153 See merge request !2015 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch '24059-post-facto-fixups' into 'master'	Douwe Maan	2016-11-07	3	-7/+9
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Fixups to "Round-robin repository storage" ## What does this MR do? * Simplifies a method in application_settings.rb * Correctly marks a migration as needing downtime * Documents the requirement for renamed columns to be ## Are there points in the code the reviewer needs to double check? Should any of these changes be split out? Ideally we'd get this into the same point release as !7273 ## Why was this MR needed? Post-facto review of !7273 ## Screenshots (if relevant) ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added - [X] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [X] API support added - Tests - [X] Added for this feature/bug - [x] All builds are passing - [X] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [X] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [X] Branch has no merge conflicts with `master` (if it does - rebase it please) - [X] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Related to #24059 /cc @yorickpeterse @rspeicher See merge request !7287
*	Merge branch 'show-status-from-branch' into 'master'	Rémy Coutable	2016-11-04	19	-43/+139
\| \| \| \| \| \| \| \| \| \|	Show pipeline status from branch and commit than only commit Closes #23615 See merge request !7034 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch '24059-round-robin-repository-storage' into 'master'	Douwe Maan	2016-11-04	16	-25/+147
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Resolve "Introduce round-robin project creation to spread load over multiple shards" Allow multiple shards to be enabled in the admin settings page, balancing project creation across all enabled shards. * `f.select ..., multiple: true` isn't the most beautiful UI in the world, but switching to `collection_check_boxes` (or a facsimile thereof) isn't trivial * Should `pick_repository_storage` be a method of `ApplicationSetting`, or `Project`? It's going to accrete logic over time so perhaps it should be its own class already? * This is written to avoid the need for a database migration, so it is`serialize :repository_storage` without `, Array`. This is tested, but alternatives include: * Add a database migration * Write a custom Coder that will accept a String or Array in `load` and always `dump an Array. Closes #24059 See merge request !7273 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge remote-tracking branch 'origin/labels-api'	Rémy Coutable	2016-11-04	4	-8/+18
\| \| \| \| \| \|	See merge request !7014 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch '22271-drone-tag-pipeline-build' into 'master'	Douwe Maan	2016-11-04	18	-87/+161
\| \| \| \| \| \| \| \| \| \|	Fix lightweight tags not processed correctly by GitTagPushService Closes #22271 See merge request !6532 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch ↵	Sean McGivern	2016-11-04	4	-3/+20
\| \| \| \| \| \| \| \|	'24102-cannot-unselect-remove-source-branch-when-editing-merge-request' into 'master' Fixes #24102 See merge request !7267
*	Merge branch '23961-can-t-share-project-with-groups' into 'master'	Robert Speicher	2016-11-04	2	-1/+5
\| \| \| \| \| \| \|	Only skip group when it's actually a group in the "Share with group" select Fixes #23961 See merge request !7262
*	Merge branch 'issue_23242' into 'master'	Sean McGivern	2016-11-04	10	-43/+70
\| \| \| \| \| \| \| \| \| \|	Fix project features default values closes #23242 See merge request !7181 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch 'issue_23951' into 'master'	Sean McGivern	2016-11-04	3	-1/+22
\| \| \| \| \| \| \| \| \| \|	Fix builds tab visibility closes #23951 See merge request !7178 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch 'optimize/labels-finder' into 'master'	Sean McGivern	2016-11-04	10	-29/+39
\| \| \| \| \| \| \| \| \| \| \| \|	Optimize group labels page Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23684 Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/1148 See merge request !7123 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch 'allow-owner-to-run-ci-builds' into 'master'	Rémy Coutable	2016-11-04	6	-9/+66
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Allow owners to fetch source code in CI builds Due to different way of handling owners of a project, they were not allowed to fetch CI sources for project. This adds a separate code path for handling owners, that are not admins. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23437 See merge request !6943 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch '23403-fix-events-for-private-project-features' into 'security'	Robert Speicher	2016-11-04	6	-30/+163
\| \| \| \| \| \| \| \| \|	Respect project visibility settings in the contributions calendar This MR fixes a number of bugs relating to access controls and date selection of events for the contributions calendar Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23403 See merge request !2019
*	Merge branch 'fix-unathorized-cloning' into 'security'	Douwe Maan	2016-11-04	12	-47/+191
\| \| \| \| \| \| \|	Ensure external users are not able to clone disabled repositories. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23788 See merge request !2017