summaryrefslogtreecommitdiff
path: root/app/models
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'security-project-move-users-11-5' into 'security-11-5'Yorick Peterse2019-01-242-0/+21
| | | | | | | | | [11.5] Sent notification only to authorized users See merge request gitlab/gitlabhq!2858 (cherry picked from commit 81c1e9455ca291841704687cdcff085570e89043) baa1b756 Sent notification only to authorized users
* Merge branch 'security-11-5-2769-idn-homograph-attack-1' into '11-5-stable'Yorick Peterse2019-01-241-1/+1
|\ | | | | | | | | [11.5] GitLab vulnerable to IDN homograph attacks and RTLO attacks See merge request gitlab/gitlabhq!2823
| * Show tooltip for malicious looking linksBrett Walker2019-01-211-1/+1
| | | | | | | | | | | | | | Such as those with IDN homographs or embedded right-to-left (RTLO) characters. Autolinked hrefs should be escaped
* | Merge branch 'security-pipeline-trigger-tokens-exposure-11-5' into ↵Yorick Peterse2019-01-241-1/+2
| | | | | | | | | | | | | | | | | | | | | | 'security-11-5' [11.5] Do not expose trigger token when user should not see it See merge request gitlab/gitlabhq!2760 (cherry picked from commit 138126043d62c57b4fb1e057561b433347b36d03) bd70c84e Do not expose trigger token when user should not see it
* | Merge branch 'security-fix-regex-dos-11-5' into 'security-11-5'Yorick Peterse2019-01-241-0/+1
| | | | | | | | | | | | | | | | | | [11.5] Fix DoS in reference extraction regexes See merge request gitlab/gitlabhq!2779 (cherry picked from commit 9f3dc81480d4b72a201e3517335c4f18235a1f7d) 0a37ec23 Fix slow project reference pattern regex
* | Merge branch 'security-11-5-test-permissions' into 'security-11-5'Yorick Peterse2019-01-242-1/+12
| | | | | | | | | | | | | | | | | | | | | | | | [11.5] Pipelines section is available to unauthorized users See merge request gitlab/gitlabhq!2806 (cherry picked from commit 3a060db7ea48eee0f08d06f312b01936abf9cc70) bd1ae349 Backport security fix b2469eeb Add CHANGELOG entry 957f6694 Rename Project#all_pipelines to Project#pipelines 8a9894d6 Remove destroy_pipeline specs
* | Merge branch 'security-fix-lfs-import-project-ssrf-forgery-11-5' into ↵Yorick Peterse2019-01-241-0/+22
|/ | | | | | | | | | | 'security-11-5' [11.5] LFS object forgery in project import See merge request gitlab/gitlabhq!2819 (cherry picked from commit 2bb4e59e6e24aaf25afa3325d9f043709d564129) ec8e01ab Added validations to prevent LFS object forgery
* Merge branch 'security-fix/security-group-user-removal-11-5' into ↵John Jarvis2018-12-273-0/+7
|\ | | | | | | | | | | | | 'security-11-5' [11.5] Resolve "Removing a user from a private group doesn't remove them from group's project, if their project's role was changed" See merge request gitlab/gitlabhq!2715
| * Merge branch 'security-11-5' into ↵James Lopez2018-12-277-26/+63
| |\ | | | | | | | | | | | | | | | 'security-fix/security-group-user-removal-11-5' # Conflicts: # app/services/members/destroy_service.rb
| * | Add subresources removal to member destroy serviceJames Lopez2018-12-133-0/+7
| | |
* | | Merge remote-tracking branch 'origin/security-48259-private-snippet-11-5' ↵John Jarvis2018-12-271-0/+6
|\ \ \ | |_|/ |/| | | | | into security-11-5
| * | Block private snippets from being embeddableMark Chao2018-12-201-0/+6
| |/ | | | | | | Move embeddable? to model to be used outside view
* | Merge branch 'security-11-5-secret-ci-variables-exposed' into 'security-11-5'John Jarvis2018-12-275-21/+50
|\ \ | | | | | | | | | | | | [11.5] Secret CI variables can exposed by creating a tag with the same name as an existing protected branch See merge request gitlab/gitlabhq!2682
| * | Backport security fix for 11.5Matija Čupić2018-12-085-21/+50
| | |
* | | Merge branch 'ensure-that-build-token-is-always-running-11-5' into ↵John Jarvis2018-12-271-0/+4
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | 'security-11-5' [11.5] Ensure that build token is only used when running See merge request gitlab/gitlabhq!2664
| * | | Ensure that build token is only used when runningKamil Trzciński2018-12-181-0/+4
| |/ / | | | | | | | | | | | | 1. We provide an updated interface to ensure that, 2. We authenticate build dependendencies by build that is being run,
* | | Merge branch 'security-11-5-fix-ssrf-import-url-remote-mirror' into ↵John Jarvis2018-12-272-5/+4
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | 'security-11-5' [11.5] SSRF - Scan Internal Ports and GCP/AWS endpoints See merge request gitlab/gitlabhq!2709
| * | | Replaced UrlValidator with PublicUrlValidator for import_url and remote ↵Francisco Javier López2018-12-132-5/+4
| | |/ | |/| | | | | | | mirror urls
* | | Delete confidential issue todos for guestsFelipe Artur2018-12-171-0/+5
|/ / | | | | | | | | Fix leaking information of confidential issues on TODOs when user is downgraded to guest access.
* | Merge branch '53778-remove-site-statistics' into 'master'Sean McGivern2018-11-302-79/+0
|/ | | | | | | | Remove Site Statistic Closes #53778 See merge request gitlab-org/gitlab-ce!23314
* [11.5] Fixed ability to comment on and edit/delete comments on locked or ↵Chantal Rollison2018-11-261-1/+1
| | | | confidential issues
* Merge branch ↵Steve Azzopardi2018-11-231-1/+1
|\ | | | | | | | | | | | | 'security-11-5-xss-in-markdown-following-unrecognized-html-element' into 'security-11-5' [11.5] XSS in markdown following unrecognized HTML element See merge request gitlab/gitlabhq!2631
| * Sanitize output of SpacedLinkFilterBrett Walker2018-11-161-1/+1
| |
* | Merge branch 'security-2736-prometheus-ssrf-11-5' into 'security-11-5'Steve Azzopardi2018-11-231-1/+1
|\ \ | |/ |/| | | | | [11.5] Do not follow redirects in prometheus service See merge request gitlab/gitlabhq!2623
| * No redirects in prometheus servicerpereira22018-11-141-1/+1
| | | | | | | | Do not allow redirects in the prometheus service to prevent SSRFs.
* | Merge branch 'ignore-environment-validation-failure' into 'master'Kamil Trzciński2018-11-151-0/+4
| | | | | | | | | | | | | | | | | | | | | | Ignore environment validation failure See merge request gitlab-org/gitlab-ce!23100 (cherry picked from commit 0f25d2b33fbee7161f0ecf26a6d853533808beec) ea695ab7 Ignore environment validation failure a2a2a8f0 Add changelog 00842f95 User persisted?
* | Merge branch 'fix-deployment-metrics-in-mr-widget' into 'master'Kamil Trzciński2018-11-151-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Avoid returning deployment metrics url to MR widget when the deployment is not successful Closes #53870 See merge request gitlab-org/gitlab-ce!23010 (cherry picked from commit 7674a8f477c90c1c8c9a969e7d80ea1ec9e72cd9) e270fcc8 Fix deployment metrics in MR widget 15431054 Add spec for deployment metrics 2d6570f0 Do not remove the existing permission check 09e693c6 Add changelog d8c24ac1 Remove unrelated changes
* | Merge branch 'osw-comment-on-any-line-on-diffs-w-feature-flag' into 'master'Douwe Maan2018-11-141-17/+28
| | | | | | | | | | | | | | Comment on any expanded diff line on MRs (with feature-flag) Closes #13950 See merge request gitlab-org/gitlab-ce!22914
* | Merge branch '53972-fix-fill-shards' into 'master'Stan Hu2018-11-131-6/+5
| | | | | | | | | | | | | | Fix a race condition in the shard population logic Closes #53972 See merge request gitlab-org/gitlab-ce!23028
* | Merge branch '53879-kube-token-nil' into 'master'Kamil Trzciński2018-11-132-1/+3
| | | | | | | | | | | | | | Fix deployment jobs using nil token Closes #53879 See merge request gitlab-org/gitlab-ce!23009
* | Merge branch 'fix-tags-for-envs' into 'master'11-5-stable-prepare-rc6Stan Hu2018-11-121-5/+2
| | | | | | | | | | | | | | Fix tags for environments Closes gitlab-ee#8397 See merge request gitlab-org/gitlab-ce!22993
* | Merge branch 'sh-fix-refresh-service-deleted-branch' into 'master'Douwe Maan2018-11-121-1/+1
| | | | | | | | | | | | | | Fix MergeRequestService erroring out on deleted branch Closes #53853 See merge request gitlab-org/gitlab-ce!22989
* | Merge branch 'revert_issue_board_entity' into 'master'Stan Hu2018-11-091-0/+14
| | | | | | | | | | Revert "Extract code into IssueBoardEntity" See merge request gitlab-org/gitlab-ce!22928
* | Merge branch 'osw-revert-comment-in-any-diff-line' into 'master'Sean McGivern2018-11-081-28/+17
| | | | | | | | | | Revert "Merge branch 'osw-comment-on-any-line-on-diffs' into 'master'" See merge request gitlab-org/gitlab-ce!22891
* | Merge branch 'fix-stuck-import-jobs-query-performance-issue' into 'master'Douwe Maan2018-11-071-0/+13
|\ \ | | | | | | | | | | | | StuckImportJobsWorker query performance optimization See merge request gitlab-org/gitlab-ce!22879
| * | StuckImportJobsWorker query performance optimizationTiago Botelho2018-11-071-0/+13
| | | | | | | | | | | | | | | | | | Improves the performance of fetching the enqueued projects for StuckImportJobsWorker, preventing a statement timeout.
* | | Merge branch 'fj-41213-api-update-submodule-commit' into 'master'Sean McGivern2018-11-071-0/+12
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Add endpoint to update a git submodule reference Closes #41213 See merge request gitlab-org/gitlab-ce!20949
| * | | Add submodule update API endpointFrancisco Javier López2018-11-071-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This new endpoint allow users to update a submodule's reference. The MR involves adding a new operation RPC operation in gitaly-proto (see gitlab-org/gitaly-proto!233) and change Gitaly to use this new version (see gitlab-org/gitaly!936). See gitlab-org/gitlab-ce!20949
* | | | Merge branch 'max_retries_when' into 'master'Grzegorz Bizon2018-11-071-4/+22
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow to configure when to retry builds Closes gitlab-runner#3515 See merge request gitlab-org/gitlab-ce!21758
| * | | | amend method description a little bitMarkus Doits2018-11-071-6/+5
| | | | |
| * | | | fix failure in case of missing optionsMarkus Doits2018-11-071-1/+1
| | | | |
| * | | | one more refactor after feedbackMarkus Doits2018-11-071-13/+13
| | | | |
| * | | | handle old retry format in build (possibly saved in database)Markus Doits2018-11-071-2/+13
| | | | |
| * | | | refactoring after latest feedbackMarkus Doits2018-11-071-6/+2
| | | | |
| * | | | refactor retry logic to define any reason and more than one reason to retryMarkus Doits2018-11-071-9/+4
| | | | |
| * | | | add `retry_failure?` option and use it to decide if to retry a build failureMarkus Doits2018-11-071-3/+14
| | | | |
| * | | | add an option when to retry a build (unused yet)Markus Doits2018-11-071-0/+5
| | | | |
| * | | | allow retries to be a hashMarkus Doits2018-11-071-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | - when it is a hash, retries max count is assumed to be at hash[:max] - when it is an integer, this is the max count (as before)
* | | | | Merge branch 'triggermesh-phase1-knative' into 'master'Grzegorz Bizon2018-11-073-2/+62
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Allow to install Knative as cluster application See merge request gitlab-org/gitlab-ce!22593
| * | | | | Fix style with clusters_store.js and remove workaround for namespace role issuetriggermesh/dgriffith/gitlab-ce-triggermesh-phase1-knativeChris Baumbauer2018-11-061-47/+2
| | | | | |
View Lorry Controller Status