| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Ensure logged-out users can't see private refs
https://gitlab.com/gitlab-org/gitlab-ce/issues/18033
I'm still not sure what to do about the CHANGELOG on security issues - should I add to a patch release? This issue was assigned to 8.10.
See merge request !1974
(cherry picked from commit 3a6ebb1fd624c216a4ce65380e64072793b7ccda)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fix privilege escalation issue with OAuth external users
Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/19312
This MR fixes a privilege escalation issue, where manually set external users would be reverted back to internal users if they logged in via OAuth and that provider was not in the `external_providers` list.
/cc @douwe
See merge request !1975
(cherry picked from commit 5e6342b7ac08b4b37b233cad54f4aeaf0144b977)
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Fix visibility of snippets when searching
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18997
See merge request !1972
(cherry picked from commit 8a197c15d453de619fbe8aaebfe9e29b82eb873c)
|
| |
|
|
|
|
|
|
|
|
|
| |
Update omniauth-saml to 1.6.0 to address a security vulnerability in ruby-saml
Updates `omniauth-saml` to bring in the new `ruby-saml` dependency that addresses [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697)
Fixes #19206
See merge request !4951
(cherry picked from commit c3a8b252cdf569729e5e1e8e0614b4d2e5226371)
|
| | |
|
| |
|
|
|
|
|
|
| |
Only show notes through JSON on confidential issues that the user has access to
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18535
See merge request !1970
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Forbid scripting for wiki files
Wiki files (not pages - files in the repo) are just sent to the browser
with whatever content-type the mime_types gem assigns to them based on
their extension. As this is from the same domain as the GitLab
application, this is an XSS vulnerability.
Set a CSP forbidding all sources for scripting, CSS, XHR, etc. on these
files.
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/17298.
See merge request !1969
|
| |
|
|
|
|
|
|
|
|
| |
Remove 'unscoped' from project builds selection
This is a fix for this security bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/18188
/cc @kamil @grzegorz @stanhu
See merge request !1968
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
fix typo making gitlab.com importing to fail
Fixes https://gitlab.com/gitlab-org/gitlab-ee/issues/565
See merge request !4181
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Use the relative url prefix for links in Wiki
Retry of gitlab-org/gitlab-ce!4026
@rymai !4050 solved all other problems how it looks like. I [tested](https://gitlab.com/artem-forks/gitlab-ce/commit/ff01eca7b559efa7cacf3412aa01cd8ae8a6db7e/builds) this with ruby22
Fixes #17071
See merge request !4131
|
| |
|
|
|
|
|
|
|
| |
Create import data in service and fix timing issues when scheduling job
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/17401
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/17376
See merge request !4106
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Fix an issue when filtering merge requests with more than one label
Fixes #15529.
See merge request !3886
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix build notification on merge request page change even if the build status didn't change
## What does this MR do?
This MR contains a bugfix for #17357 which was introduced by !3998. The notification are now only shown on status changes, and not when switching between different merge requests.
## Are there points in the code the reviewer needs to double check?
Check implementation
## Why was this MR needed?
Because auf a bug introduced in !3998.
## What are the relevant issue numbers?
#17357
Closes #17357
See merge request !4086
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Relative Links in the Wiki Are Broken
- [ ] #16568 (!4050) Relative links in wiki are broken
- [x] Investigate issue
- [x] Implementation / Fix
- [x] Write (failing) tests for `WikiLinkFilter`
- [x] Link to `./bar` should either get rewritten correctly or left alone
- [x] Link to `./bar.md` should maybe get rewritten correctly (is left alone currently)
- [x] Link to `bar.md` should get rewritten correctly
- [x] Check if this indeed a bug
- [x] Make sure CI is green
- [x] Assign to endboss
- [x] Wait for review
- [x] Implement review feedback
- [ ] Wait for merge
See merge request !4050
|
| |
|
|
| |
This MR never made it into 8.7.4.
|
| | |
|
| |
|
|
| |
[ci skip]
|
| |
|
|
|
|
| |
'master'
"
This reverts commit d1ba09869542fa4d2198c6199cf820bc75fcbb63.
|
| |
|
|
| |
[ci skip]
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Use a case-insensitive check to compare URI schemes
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/17299
See merge request !1965
|
| |
|
|
|
|
|
| |
Add if exists to drop command
Add `IF EXISTS` as a precaution. Related to gitlab-org/gitlab-ce!4020
See merge request !4100
|
| |
|
|
|
| |
Rake drop tables with cascade
See merge request !4020
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix build notification on merge request page change even if the build status didn't change
## What does this MR do?
This MR contains a bugfix for #17357 which was introduced by !3998. The notification are now only shown on status changes, and not when switching between different merge requests.
## Are there points in the code the reviewer needs to double check?
Check implementation
## Why was this MR needed?
Because auf a bug introduced in !3998.
## What are the relevant issue numbers?
#17357
Closes #17357
See merge request !4086
|
| |
|
|
|
|
|
| |
Allow Redmine issue references to work as intended
Closes #14527 and #14894
See merge request !4048
|
| |
|
|
|
|
|
| |
Use sign out path only if not empty
Fixes: https://github.com/gitlabhq/gitlabhq/issues/10066
See merge request !3989
|
| |
|
|
|
|
|
|
|
|
|
| |
Pass trusted_proxies to action_dispatch as IPAddrs instead of strings
Without this setting your own trusted_proxies does not work.
Fixes an issue introduce in: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3524
Fixes: https://gitlab.com/gitlab-org/gitlab-ce/issues/17004
See merge request !3970
|
| |
|
|
|
|
|
| |
Fix importer bug when throwing exceptions
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/15681
See merge request !3941
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Initialize wikis on legacy projects during check
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/4173
Helps https://gitlab.com/gitlab-org/gitlab-ce/issues/15423
See merge request !3931
|
| |
|
|
|
|
|
|
|
| |
Fix the line code when importing PR review comments from GitHub
Pull Request Review Comments are comments on a portion of the unified diff.
Closes #17205
See merge request !4010
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Merge request widget displays TeamCity build state and code coverage correctly again
## What does this MR do?
This MR contains a fix for a regression introduced in `8.7`. In former version, the TeamCity build status was always displayed correctly. In `8.7` the build state is still checked, but the UI is not updated correctly any longer.
## Are there points in the code the reviewer needs to double check?
The changes are quite simple, so please simply double check them.
## Why was this MR needed?
This MR is needed to make the TeamCity build status working again.
## What are the relevant issue numbers?
#17080
See merge request !3998
|
| |
|
|
|
| |
Instrument methods used in email diffs
See merge request !4038
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Updated spacing between notification label and button
Closes #16552
See merge request !3965
|
| |
|
|
|
|
|
| |
Fix error when trying to create a wiki page
Closes #15527, #15569, #15623, #15630, #15637, #15653, #15870, #16558, #16875, #16987, #17016, https://github.com/gitlabhq/gitlabhq/issues/10317.
See merge request !3924
|
