Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Update VERSION to 9.0.13v9.0.13 | James Edwards-Jones | 2017-08-09 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 9.0.13 | James Edwards-Jones | 2017-08-09 | 3 | -9/+5 |
| | | | [ci skip] | ||||
* | Merge branch '9-0-stable-fix-cache' into '9-0-stable' | Mike Greiling | 2017-08-08 | 1 | -0/+4 |
| | |||||
* | Merge branch 'import-symlinks-9-0' into 'security-9-0' | Mike Greiling | 2017-08-08 | 3 | -1/+14 |
| | | | | | Fix file disclosure via hidden symlinks using the project import (9.0) See merge request !2161 | ||||
* | Merge branch 'rs-alphanumeric-ssh-params-9-0' into 'security-9-0' | Mike Greiling | 2017-08-08 | 3 | -0/+47 |
| | | | | | Ensure user and hostnames begin with an alnum character in UrlBlocker See merge request !2152 | ||||
* | Merge branch 'fix-docs-re2-install' into 'master' | Rémy Coutable | 2017-08-01 | 1 | -1/+1 |
| | | | | | | | Add libre2-dev to the list of dependencies Closes #35342 See merge request !12996 | ||||
* | Update VERSION to 9.0.12v9.0.12 | James Edwards-Jones | 2017-07-20 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 9.0.12 | James Edwards-Jones | 2017-07-20 | 2 | -4/+4 |
| | | | [ci skip] | ||||
* | Merge branch 'fix-re2-infinite-loop-nick' into 'security-9-3' | Sean McGivern | 2017-07-20 | 3 | -8/+45 |
| | | | | | Fix an infinite loop in Gitlab:UntrustedRegexp See merge request !2146 | ||||
* | Update VERSION to 9.0.11v9.0.11 | James Edwards-Jones | 2017-07-19 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 9.0.11 | James Edwards-Jones | 2017-07-19 | 4 | -12/+6 |
| | | | [ci skip] | ||||
* | Merge branch '24570-use-re2-for-user-supplied-regexp-9-0' into 'security-9-0' | Douwe Maan | 2017-07-19 | 9 | -8/+186 |
| | | | | | [security-9-0] Use re2 for user-supplied regexps See merge request !2122 | ||||
* | Merge branch '33303-9-0-security-fix' into 'security-9-0' | Sean McGivern | 2017-07-19 | 3 | -0/+44 |
| | | | | | [9.0 security fix] Renders 404 if given project is not readable by the user on Todos dashboard See merge request !2135 | ||||
* | Merge branch 'bvl-security-9-0-remove-appearance-symlink' into 'security-9-0' | Douwe Maan | 2017-07-19 | 5 | -2/+105 |
| | | | | | (security-9-0) Remove the `appearance` symlink that was previously missed See merge request !2127 | ||||
* | Merge branch 'fix-changelog-entry' into 'security-9-2' | Sean McGivern | 2017-07-19 | 1 | -0/+0 |
| | | | | | Fix filename used for CHANGELOG entry See merge request !2140 | ||||
* | Merge branch ↵ | Sean McGivern | 2017-07-19 | 3 | -1/+35 |
| | | | | | | | 'security-9-0-backport-33323-fix-incorrect-project-authorizations' into 'security-9-0' Escape the underscore char inside the LIKE operator See merge request !2133 | ||||
* | Update VERSION to 9.0.10v9.0.10 | Regis | 2017-06-07 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 9.0.10 | Regis | 2017-06-07 | 1 | -0/+4 |
| | | | [ci skip] | ||||
* | Merge branch 'bvl-fix-typo-renaming-appearance' into 'security-9-2' | Douwe Maan | 2017-06-07 | 3 | -3/+59 |
| | | | | | | Fix typo in moving the`appearance` folder in migrations See merge request !2116 | ||||
* | Update VERSION to 9.0.9v9.0.9 | Regis | 2017-06-02 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 9.0.9 | Regis | 2017-06-02 | 2 | -4/+4 |
| | | | [ci skip] | ||||
* | fix double method definition for can_read-reference | Regis | 2017-06-02 | 1 | -4/+0 |
| | |||||
* | Merge branch '25934-project-snippet-vis' into 'security-9-2' | Douwe Maan | 2017-06-02 | 14 | -18/+210 |
| | | | | | | Fix visibility when referencing snippets See merge request !2101 | ||||
* | Merge branch 'fix-security-9-0-conflicts-for-mr-2112' into 'security-9-0' | Regis Boudinot | 2017-06-02 | 4 | -2/+17 |
| | | | | | Fix conflicts while picking !2112 to `security-9-0` See merge request !2113 | ||||
* | Update VERSION to 9.0.8v9.0.8 | Regis | 2017-05-31 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 9.0.8 | Regis | 2017-05-31 | 4 | -12/+6 |
| | | | [ci skip] | ||||
* | Only check new migrations in 'rake down_timecheck' | Douwe Maan | 2017-05-31 | 1 | -1/+1 |
| | | | | This is necessary for the `security-9-0` build to pass. | ||||
* | Merge branch 'dz-restrict-autocomplete' into 'security-9-1' | Robert Speicher | 2017-05-31 | 3 | -11/+25 |
| | | | | | Allow users autocomplete by author_id only for authenticated users See merge request !2100 | ||||
* | Merge branch '28917-contain-uploads-in-system-dir' into 'security' | Douwe Maan | 2017-05-31 | 35 | -30/+959 |
| | | | | | | Upload files into `public/upload/system` instead of `public/upload` See merge request !2073 | ||||
* | Merge branch 'dz-api-x-frame' into 'security-9-2' | Robert Speicher | 2017-05-31 | 2 | -0/+5 |
| | | | | | | Restrict API X-Frame-Options to same origin See merge request !2103 | ||||
* | Revert "Merge remote-tracking branch 'dev/security-9-0' into 9-0-stable" | Timothy Andrew | 2017-05-30 | 41 | -990/+42 |
| | | | | | This reverts commit f6ba1e081c96bd0a8c3561d92f97aa11d6688bc5, reversing changes made to 810cc51be37e03ebbe99711a53663956e4ffde8c. | ||||
* | Merge remote-tracking branch 'dev/security-9-0' into 9-0-stable | Timothy Andrew | 2017-05-30 | 41 | -42/+990 |
|\ | |||||
| * | Only check new migrations in 'rake down_timecheck' | Douwe Maan | 2017-05-26 | 1 | -1/+1 |
| | | | | | | | | This is necessary for the `security-9-0` build to pass. | ||||
| * | Merge branch 'dz-restrict-autocomplete' into 'security-9-1' | Robert Speicher | 2017-05-26 | 3 | -11/+25 |
| | | | | | | | | | | Allow users autocomplete by author_id only for authenticated users See merge request !2100 | ||||
| * | Merge branch '28917-contain-uploads-in-system-dir' into 'security' | Douwe Maan | 2017-05-26 | 35 | -30/+959 |
| | | | | | | | | | | | | Upload files into `public/upload/system` instead of `public/upload` See merge request !2073 | ||||
| * | Merge branch 'dz-api-x-frame' into 'security-9-2' | Robert Speicher | 2017-05-26 | 2 | -0/+5 |
|/ | | | | | | Restrict API X-Frame-Options to same origin See merge request !2103 | ||||
* | Update VERSION to 9.0.7v9.0.7 | Lin Jen-Shin | 2017-05-05 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 9.0.7 | Lin Jen-Shin | 2017-05-05 | 10 | -36/+12 |
| | | | [ci skip] | ||||
* | Fix test error | Lin Jen-Shin | 2017-05-05 | 1 | -1/+1 |
| | |||||
* | Merge branch 'tc-fix-private-subgroups-shown' into 'security' | Douwe Maan | 2017-05-04 | 8 | -19/+105 |
| | | | | | Use GroupsFinder to find subgroups the user has access to See merge request !2096 | ||||
* | Merge branch 'fix-hamlit-xss' into 'security-9-1' | Robert Speicher | 2017-05-04 | 5 | -3/+29 |
| | | | | | New Hamlit XSS fix, does not include extraneous changes See merge request !2095 | ||||
* | Merge branch 'snippets-finder-visibility' into 'security' | Douwe Maan | 2017-05-04 | 23 | -186/+389 |
| | | | | | Refactor snippets finder & dont return internal snippets for external users See merge request !2094 | ||||
* | Merge branch 'branch-name-escape' into 'security' | Robert Speicher | 2017-05-04 | 3 | -7/+19 |
| | | | | | Fix XSS in branches dropdown See merge request !2093 | ||||
* | Merge branch '31157-respect-project-features-in-wiki-search' into 'security' | Douwe Maan | 2017-05-04 | 3 | -3/+80 |
| | | | | | Respect project features in wiki and blob search See merge request !2089 | ||||
* | Merge branch 'snippets_visibility' into 'security' | Sean McGivern | 2017-05-04 | 4 | -215/+161 |
| | | | | | Fix snippets visibility for show action - external users can not see internal snippets See merge request !2087 | ||||
* | Merge branch 'rs-sanitize-submodule-urls' into 'security' | Douwe Maan | 2017-05-04 | 3 | -16/+46 |
| | | | | | Sanitize submodule URLs before linking to them in the file tree view See merge request !2084 | ||||
* | Merge branch 'bvl-markup-pipeline' into 'security' | Robert Speicher | 2017-05-04 | 7 | -32/+60 |
| | | | | | Render asciidoc & other markup using banzai in a pipeline See merge request !2088 | ||||
* | Merge branch 'bvl-validate-urls-in-markdown-using-uri' into 'security' | Robert Speicher | 2017-05-04 | 3 | -55/+70 |
| | | | | | Add correct `rel` attributes to external links when rendering markdown See merge request !2086 | ||||
* | Update VERSION to 9.0.6v9.0.6 | James Lopez | 2017-04-21 | 1 | -1/+1 |
| | |||||
* | Update CHANGELOG.md for 9.0.6 | James Lopez | 2017-04-21 | 10 | -37/+12 |
| | | | [ci skip] |