summaryrefslogtreecommitdiff
path: root/CHANGELOG
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'note-avatar-link' into 'master'Dmitriy Zaporozhets2015-03-241-0/+1
|\ | | | | | | | | | | Link note avatar to user. See merge request !446
| * Link note avatar to user.note-avatar-linkDouwe Maan2015-03-241-0/+1
| |
* | Merge branch 'git-auth-rack-attack-improvements' into 'master'Dmitriy Zaporozhets2015-03-241-0/+1
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reduce Rack Attack false positives causing 403 errors during HTTP authentication ### What does this MR do? This MR reduces false positives causing `403 Forbidden` messages after HTTP authentication. A Git client may attempt to access a repository without a password. If it receives a 401 error, the client often will try again, this time supplying a password. The problem is that `grack_auth.rb` considers a blank password an authentication failure and increases a Redis counter each time this happens. With enough requests, an IP can be banned temporarily even though previous attempts may have been successful. This leads users to see `403 Forbidden` errors until the ban times out (default: 1 hour). To reduce the chance of a false positive, this MR resets the counter upon a successful authentication from an IP. In addition, this MR logs when a user has been banned and introduces the ability to disable Rack Attack via a config variable. ### Are there points in the code the reviewer needs to double check? rack-attack v4.2.0 doesn't support the ability to clear counters out of the box, so `rack_attack_helpers.rb` includes a number of monkey patches to make it work. It looks like this functionality may be added in v4.3.0. I've also sent pull requests to rack-attack to add the functionality necessary to delete a key. Each time an authentication is successful, the Redis counter for that IP is cleared. I deemed it better to clear the counter than to allow for blank passwords, since the latter seems like a security risk. ### Why was this MR needed? It was quite difficult to figure out why users were seeing `403 Forbidden`, which is why the log message was added. Users were getting a lot of false positives when accessing repositories with HTTPS. Including the username in the HTTPS URL (e.g. `https://username@mydomain.com/account/repo.git`) caused authentication failures because while the git client provided the username, it left the password blank, leading to an authentication failure. ### What are the relevant issue numbers / [Feature requests](http://feedback.gitlab.com/)? See Issue #1171 https://github.com/kickstarter/rack-attack/issues/113 See merge request !392
| * | Reduce Rack Attack false positives by clearing out auth failure count uponStan Hu2015-03-241-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | successful Git over HTTP authentication. Add logging when a ban goes into effect for debugging. Issue #1171
* | | Merge branch 'update-changelog' into 'master'Robert Schilling2015-03-241-2/+1
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove duplicate CHANGELOG items for v7.8.0 [ci skip] See merge request !447
| * | | Remove duplicate CHANGELOG items for v7.8.0Aurelio Jargas2015-03-241-2/+1
| |/ / | | | | | | | | | [ci skip]
* | | Merge branch 'fix-nested-tasks' into 'master'Dmitriy Zaporozhets2015-03-241-0/+1
|\ \ \ | |/ / |/| | | | | | | | | | | | | | | | | | | | | | | Fix nested task lists When nesting task list items, the parent item is wrapped in a `<p>` tag. Update the task list parser to handle these paragraph wrappers. cc @sytse See merge request !413
| * | Update CHANGELOGVinnie Okada2015-03-221-0/+1
| | |
* | | Merge branch 'merge-status-without-timestamps' into 'master'Dmitriy Zaporozhets2015-03-241-0/+1
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't mark merge request as updated when merge status relative to target branch changes. Addresses https://gitlab.com/gitlab-org/gitlab-ce/issues/1254 and private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2165. See merge request !431
| * | | Don't mark merge request as updated when merge status relative to target ↵merge-status-without-timestampsDouwe Maan2015-03-231-0/+1
| | | | | | | | | | | | | | | | branch changes.
* | | | Merge branch 'notes-count-without-system' into 'master'Dmitriy Zaporozhets2015-03-241-0/+1
|\ \ \ \ | |_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | Don't include system notes in issue/MR comment count. Addresses private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2163. See merge request !430
| * | | Don't include system notes in issue/MR comment count.notes-count-without-systemDouwe Maan2015-03-231-0/+1
| |/ /
* | | Merge branch 'emailsonpush-create-delete' into 'master'Dmitriy Zaporozhets2015-03-231-0/+3
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Send EmailsOnPush email when branch or tag is created or deleted. Addresses #1951, #1957 and #1925. ![Screen_Shot_2015-03-17_at_13.58.15](https://dev.gitlab.org/gitlab/gitlabhq/uploads/16ff25adb4b4a7e1923612e0652442b4/Screen_Shot_2015-03-17_at_13.58.15.png) ![Screen_Shot_2015-03-17_at_13.58.22](https://dev.gitlab.org/gitlab/gitlabhq/uploads/e346c1d84aba3a093b722d0a4167e289/Screen_Shot_2015-03-17_at_13.58.22.png) ![Screen_Shot_2015-03-17_at_13.58.28](https://dev.gitlab.org/gitlab/gitlabhq/uploads/720437ecc13f317c6d20eff82ac60bd7/Screen_Shot_2015-03-17_at_13.58.28.png) ![Screen_Shot_2015-03-17_at_13.58.34](https://dev.gitlab.org/gitlab/gitlabhq/uploads/2b302bb6cdbe27c96a8dff1375236602/Screen_Shot_2015-03-17_at_13.58.34.png) See merge request !1709
| * | | Send EmailsOnPush email when branch or tag is created or deleted.Douwe Maan2015-03-181-0/+1
| | | |
* | | | Merge branch 'no-comment-bubble' into 'master'Dmitriy Zaporozhets2015-03-231-0/+1
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't show commit comment button when user is not signed in. Address private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2167. See merge request !429
| * | | | Don't show commit comment button when user is not signed in.Douwe Maan2015-03-231-0/+1
| | |/ / | |/| |
* | | | Merge branch 'userpage-activity-scroll'Dmitriy Zaporozhets2015-03-231-0/+1
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | Conflicts: app/controllers/users_controller.rb
| * | | | Add inifinite scroll to user activity on user pageDmitriy Zaporozhets2015-03-221-0/+1
| | | | |
* | | | | Merge branch 'improve-contributions-calendar' into 'master'Dmitriy Zaporozhets2015-03-231-0/+1
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replace commits calendar with contributions calendar * count opening of issues and merge requests * dont trigger git repository - use events from database * count pushes instead of commits for faster and easier counting * much-much faster since does not affected by repository size See merge request !420
| * | | | | Update CHANGELOG with contribution calendarDmitriy Zaporozhets2015-03-221-0/+1
| |/ / / /
* | | | | Merge branch 'fix-admin-service-template-config' into 'master'Douwe Maan2015-03-231-0/+1
|\ \ \ \ \ | |_|/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Include missing events and fix save functionality in admin service template settings form ### What does this MR do? This MR includes missing settings left out in the Admin -> Service Templates page and fixes the inability to save certain settings. ### Are there points in the code the reviewer needs to double check? No. ### Why was this MR needed? Because the service template form was broken and untested. ### What are the relevant issue numbers / [Feature requests](http://feedback.gitlab.com/)? #1275 Before: ![Screen_Shot_2015-03-23_at_5.53.19_AM](https://gitlab.com/stanhu/gitlab-ce/uploads/e1bff75f30a3b6ecb174d3e25c722b7e/Screen_Shot_2015-03-23_at_5.53.19_AM.png) After: ![Screen_Shot_2015-03-23_at_5.53.13_AM](https://gitlab.com/stanhu/gitlab-ce/uploads/8fada00128a3d0951b3230fefa64be92/Screen_Shot_2015-03-23_at_5.53.13_AM.png) See merge request !427
| * | | | Include missing events and fix save functionality in admin service template ↵Stan Hu2015-03-231-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | settings form Closes #1275
* | | | | Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ceDmitriy Zaporozhets2015-03-221-0/+4
|\ \ \ \ \
| * | | | | Fix OAuth2 issue importing a new project from GitHub and GitLabStan Hu2015-03-221-0/+1
| |/ / / / | | | | | | | | | | | | | | | Closes #1268
| * | | | Merge branch 'disable-ref-generation-in-code-blocks' into 'master'Dmitriy Zaporozhets2015-03-221-0/+1
| |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Disable reference generation in preformatted/code blocks ### Summary If a user adds text in code or preformatted text via Markdown or HTML that contains `#XXX`, the system adds a note that issue `XXX` was mentioned. This is particularly annoying because we often list gdb backtrace dumps into our issues, and many issues get mentioned as a result. For example: ``` (gdb) bt #0 0x00000000004004c4 in second () at main.cc:6 #1 0x00000000004004d2 in first () at main.cc:11 #2 0x00000000004004dd in main () at main.cc:17 (gdb) ``` ### Steps to reproduce 1. In an issue, write the above text using Markdown or HTML tags (e.g. `<code>`, `<pre>`). 2. Observe that [issue 1](https://gitlab.com/gitlab-org/gitlab-ce/issues/1) and [issue 2](https://gitlab.com/gitlab-org/gitlab-ce/issues/2) have a note that says they were mentioned. ### Expected behavior Everything enclosed in the code blocks should be ignored as references. ### Observed behavior Issues get referenced unnecessarily. ### Fix I've made `reference_extractor.rb` strip out HTML and Markdown blocks before processing. I considered running the raw text through the entire Markdown processor, but this seems overkill and perhaps could lead to some unintended side effects. See merge request !365
| | * | | | Disable reference creation for comments surrounded by code/preformatted blocksStan Hu2015-03-191-0/+1
| | | | | |
| * | | | | Merge branch 'fix-dots-in-wiki-title' into 'master'Dmitriy Zaporozhets2015-03-221-0/+1
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix dots in Wiki slug causing errors ### What does this MR do? When a user enters in dots into the Wiki slug, an error occurs: ``` NoMethodError (undefined method `escaped_url_path' for nil:NilClass): app/models/wiki_page.rb:172:in `set_attributes' app/models/wiki_page.rb:191:in `save' app/models/wiki_page.rb:155:in `update' app/controllers/projects/wikis_controller.rb:49:in `update' ``` This MR fixes this problem. ### Are there points in the code the reviewer needs to double check? See the problem below. ### Why was this MR needed? The issue is that the `save` method gets called differently: ```ruby def create(attr = {}) .... save :create_page, title, content, format, message ``` or ```ruby def update(new_content = "", format = :markdown, message = nil) ... save :update_page, @page, content, format, message ``` In the create case, title is the slug entered in by the user (e.g. `path/how-to-write-wiki-pages`). In the update case, originally `@page.page` included the format extension (e.g.`path/how-to-write-wiki-pages.Markdown`). The method `page_title_and_dir` was trying to handle both cases and not doing the right thing. For example, calling `page_title_and_dir('test-1.2.3')` would result in: ``` path_title = test-1.2 path_dir = 3 ``` ### What are the relevant issue numbers / [Feature requests](http://feedback.gitlab.com/)? Issues #1263, #431 This replaces !156 See merge request !419
| | * | | | | Fix dots in Wiki slug causing errorsStan Hu2015-03-211-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Closes #1263, #431
| * | | | | | Fix "Import projects from" button to show the correct instructionsStan Hu2015-03-221-0/+1
| | |_|/ / / | |/| | | | | | | | | | | | | | | | Closes #1267
* | | | | | Remove the "unreleased" word from v7.9.0 changelogKahWee Teng2015-03-231-1/+1
|/ / / / /
* | | | | Restyle oauth accounts at profile page and add ability to unlink accountimprove-profileDmitriy Zaporozhets2015-03-211-0/+2
|/ / / /
* | | | Merge branch 'backup-permissions' into 'master'Dmitriy Zaporozhets2015-03-211-0/+1
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change permissions on backup files - #2 Use more restrictive permissions for backup tar files and for the db, uploads, and repositories directories inside the tar files. See #1894. Now the backup task recursively `chmod`s the `db/`, `uploads/`, and `repositories/` folders with 0700 permissions, and the tar file is created as 0600. This is a followup to !1703, which was reverted because it broke Rspec tests. The test failures were due to the rake task changing directories and not changing back, which I fixed with this commit. cc @sytse See merge request !1716
| * | | | Move backup permission changes to version 7.10Vinnie Okada2015-03-191-1/+1
| | | | |
| * | | | Change permissions on backup filesVinnie Okada2015-03-171-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Use more restrictive permissions for backup tar files and for the db, uploads, and repositories directories inside the tar files.
* | | | | Merge branch 'add-sidetiq' into 'master'Dmitriy Zaporozhets2015-03-211-0/+1
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add sidetiq dependency Add the sidetiq gem to the Gemfile to match EE. See #2159. cc @sytse See merge request !1734
| * | | | | Add sidetiq dependencyVinnie Okada2015-03-211-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Add the sidetiq gem to the Gemfile to match EE.
* | | | | | Merge branch 'topic/push_tag_events_for_ci' of ↵Dmitriy Zaporozhets2015-03-211-0/+1
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | https://github.com/ayufan/gitlabhq into ayufan-topic/push_tag_events_for_ci
| * | | | | | Extend push_tag event to include tag message and last commitKamil Trzcinski2015-03-211-0/+1
| |/ / / / /
* | | | | | Merge branch 'performance-tune' into 'master'Dmitriy Zaporozhets2015-03-211-0/+1
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Performance improvements * Cache project branches and tags into variables * Cache lookup results into hash to prevent repeating same requests to git repo * Cache head commit and head tree See merge request !417
| * | | | | | Cache project branches and tags into variablesDmitriy Zaporozhets2015-03-211-0/+1
| |/ / / / /
* | | | | | Add CHANGELOG item with print view fixDmitriy Zaporozhets2015-03-211-0/+1
| | | | | |
* | | | | | Fix link in patch update guideVinnie Okada2015-03-211-0/+1
|/ / / / /
* | | | | Merge branch 'user-location' into 'master'Dmitriy Zaporozhets2015-03-211-0/+1
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Location field in user profile Twitter allows you to set string with location information. I find it very useful in work to know where user from. It allows to communicate with knowing time difference and cultural things. See merge request !411
| * | | | | Add location to user profileDmitriy Zaporozhets2015-03-201-0/+1
| | | | | |
* | | | | | Link to CI with refValery Sizov2015-03-201-0/+1
| |_|_|_|/ |/| | | |
* | | | | Add error message when have error on profile screenCarlos Ribeiro2015-03-191-0/+1
| | | | |
* | | | | Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ceDmitriy Zaporozhets2015-03-191-0/+2
|\ \ \ \ \
| * \ \ \ \ Merge branch 'fix-underscore-notes' into 'master'Hannes Rosenögger2015-03-191-0/+1
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix cross-references that contain underscores ### What does this MR do? Cross-references that contain underscores confuse the Markdown renderer and don't work properly. For example: 1. In `myacct/project_one#456`, add a comment that includes a reference to `myacct/project_two#123`. 2. The comment in `myacct/project_one#456` links correctly. 3. The system note in `myacct/project_two#123` is incorrectly linked as: `mentioned in issue myacct/projectone#456_` This MR removes the use of the `_` character in the system notes to prevent Markdown confusion. See a full discussion in #1160. ### Are there points in the code the reviewer needs to double check? To preserve backwards compatibility with existing system notes, there is a SQL wildcard match for notes having underscores. This seemed safer than migrating all notes. ### Why was this MR needed? In an ideal world, the Markdown parser would be able to handle references containing underscores with or without escape sequences. However, there are a number of issues: 1. RedCarpet's parser for emphasis block is pretty dumb: it treats `#` as a word break and thus even the `intra_word_emphasis` flag has no effect. 2. The parser is in C and can't be changed easily. 3. There is no way to insert an escape sequence for emphasis blocks. The only way around this is to switch to something like CommonMark, which does support escape sequences. ### What are the relevant issue numbers / [Feature requests](http://feedback.gitlab.com/)? Issue #1160 ### Screenshots Before: ![Screen_Shot_2015-03-19_at_1.39.29_AM](https://gitlab.com/gitlab-org/gitlab-ce/uploads/a1db4b96c0df2f10d9855ed5abe976ca/Screen_Shot_2015-03-19_at_1.39.29_AM.png) After: ![Screen_Shot_2015-03-19_at_1.39.35_AM](https://gitlab.com/gitlab-org/gitlab-ce/uploads/189a062c2d19645eec1782ac1f0d4f2f/Screen_Shot_2015-03-19_at_1.39.35_AM.png) See merge request !385
| | * | | | | Fix cross references when usernames, milestones, or project names contain ↵Stan Hu2015-03-191-0/+1
| | | |_|/ / | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | underscores. Remove emphasis from system notes to avoid Markdown conflicts in names.
| * | | | | Merge branch 'version-bump-poltergeist' into 'master'Dmitriy Zaporozhets2015-03-191-0/+1
| |\ \ \ \ \ | | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update poltergeist to support phantomjs 2.0 In response to [my issue](https://gitlab.com/gitlab-org/gitlab-development-kit/issues/36) on the GDK. PhantomJS 1.8 was not in the repo's anymore. Only poltergeist needed it, but they support PhantomJS 2.0 since 1.6.0. (next release since 1.5.1) [Their CHANGELOG](https://github.com/teampoltergeist/poltergeist/blob/master/CHANGELOG.md). Tested locally with Ruby 2.1.5. As this took ages, I haven't tested further. See merge request !403
View Lorry Controller Status