| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | Merge dev.gitlab.org master into GitLab.com master | Yorick Peterse | 2019-03-05 | 2 | -2/+14 |
| |\ |
|
| | * | Display only informaton visible to current user | Jarka Košanová | 2019-03-05 | 2 | -2/+14 |
| * | | Fix large table horizontal scroll and prevent side-by-side tables | Dany Jupille | 2019-03-05 | 1 | -6/+1 |
| * | | Merge branch 'merge-dev-to-master' into 'master' | John Jarvis | 2019-03-05 | 29 | -58/+145 |
| |\ \ |
|
| | * | | Resolve conflicts in group policy | Małgorzata Ksionek | 2019-03-05 | 1 | -1/+0 |
| | * | | Resolve conflicts in app/policies/group_policy.rb | Stan Hu | 2019-03-04 | 1 | -3/+0 |
| | * | | Merge dev master into GitLab.com master | Yorick Peterse | 2019-03-04 | 29 | -57/+148 |
| | |\ \
| | |/ |
|
| | | * | Merge branch 'security-2773-milestones-fix' into 'master' | Yorick Peterse | 2019-03-04 | 5 | -5/+24 |
| | | |\ |
|
| | | | * | Check issue milestone availability | Jarka Košanová | 2019-02-14 | 5 | -5/+24 |
| | | * | | Merge branch 'security-commit-private-related-mr' into 'master' | Yorick Peterse | 2019-03-04 | 2 | -2/+13 |
| | | |\ \ |
|
| | | | * | | Modify MergeRequestsFinder to allow filtering by commit | Patrick Bajao | 2019-01-28 | 2 | -2/+13 |
| | | | * | | Merge branch 'fix/security-group-user-removal' into 'master' | Yorick Peterse | 2019-01-25 | 6 | -4/+50 |
| | | | |\ \ |
|
| | | | | * | | Add subresources removal to member destroy service | James Lopez | 2019-01-25 | 6 | -4/+50 |
| | | | * | | | Merge branch 'security-import-path-logging' into 'master' | Yorick Peterse | 2019-01-25 | 2 | -2/+24 |
| | | | |\ \ \ |
|
| | | | | * | | | Fix path disclosure on Project Import | James Lopez | 2019-01-07 | 2 | -2/+24 |
| | | | * | | | | Merge branch 'security-guests-can-see-list-of-merge-requests' into 'master' | Yorick Peterse | 2019-01-25 | 3 | -11/+38 |
| | | | |\ \ \ \ |
|
| | | | | * | | | | Group Guests are no longer able to see merge requests | Tiago Botelho | 2019-01-21 | 3 | -11/+38 |
| | | | * | | | | | Merge branch 'security-contributed-projects' into 'master' | Yorick Peterse | 2019-01-25 | 1 | -0/+7 |
| | | | |\ \ \ \ \ |
|
| | | | | * | | | | | Fix contributed projects finder shown private info | James Lopez | 2019-01-08 | 1 | -0/+7 |
| | | | * | | | | | | Merge branch 'security-do-not-process-mr-ref-for-guests' into 'master' | Yorick Peterse | 2019-01-25 | 1 | -1/+1 |
| | | | |\ \ \ \ \ \ |
|
| | | | | * | | | | | | Don't process MR refs for guests in the notes | Oswaldo Ferreira | 2019-01-10 | 1 | -1/+1 |
| | | | * | | | | | | | Merge branch 'security-22076-sanitize-url-in-names' into 'master' | Yorick Peterse | 2019-01-25 | 37 | -51/+59 |
| | | | |\ \ \ \ \ \ \ |
|
| | | | | * | | | | | | | Use `sanitize_name` to sanitize URL in user full name | Kushal Pandya | 2019-01-22 | 36 | -51/+51 |
| | | | | * | | | | | | | Add `sanitize_name` helper to sanitize URLs in user full name | Kushal Pandya | 2019-01-22 | 1 | -0/+8 |
| | | | * | | | | | | | | Merge branch 'sh-fix-import-redirect-vulnerability' into 'master' | Yorick Peterse | 2019-01-25 | 2 | -3/+3 |
| | | | |\ \ \ \ \ \ \ \ |
|
| | | | | * | | | | | | | | Alias GitHub and BitBucket OAuth2 callback URLs | Stan Hu | 2019-01-22 | 2 | -3/+3 |
| | | | * | | | | | | | | | [master] Check access rights when creating/updating ProtectedRefs | Francisco Javier López | 2019-01-25 | 1 | -8/+0 |
| | | | * | | | | | | | | | Merge branch 'security-55320-stored-xss-in-user-status' into 'master' | Tim Zallmann | 2019-01-25 | 1 | -4/+4 |
| | | | |\ \ \ \ \ \ \ \ \
| | | | |_|_|_|_|_|_|/ /
| | | |/| | | | | | | | |
|
| | | | | * | | | | | | | | Use sanitized user status message for user popover | Dennis Tang | 2019-01-23 | 1 | -4/+4 |
| | | | | |/ / / / / / / |
|
| | | | * | | | | | | | | Merge branch 'security-2767-verify-lfs-finalize-from-workhorse' into 'master' | Yorick Peterse | 2019-01-24 | 1 | -1/+1 |
| | | | |\ \ \ \ \ \ \ \ |
|
| | | | | * | | | | | | | | Verify that LFS upload requests are genuine | Nick Thomas | 2019-01-22 | 1 | -1/+1 |
| | | | | |/ / / / / / / |
|
| | | | * | | | | | | | | Merge branch 'security-project-move-users' into 'master' | Yorick Peterse | 2019-01-24 | 3 | -1/+16 |
| | | | |\ \ \ \ \ \ \ \ |
|
| | | | | * | | | | | | | | Sent notification only to authorized users | Jan Provaznik | 2019-01-23 | 3 | -1/+16 |
| | | | | |/ / / / / / / |
|
| | | | * | | | | | | | | Merge branch 'extract-pages-with-rubyzip' into 'master' | Yorick Peterse | 2019-01-24 | 1 | -16/+25 |
| | | | |\ \ \ \ \ \ \ \ |
|
| | | | | * | | | | | | | | Extract GitLab Pages using RubyZip | Kamil Trzciński | 2019-01-22 | 1 | -16/+25 |
| | | | * | | | | | | | | | Merge branch 'security-commit-status-shown-for-guest-user' into 'master' | Yorick Peterse | 2019-01-24 | 1 | -1/+1 |
| | | | |\ \ \ \ \ \ \ \ \ |
|
| | | | | * | | | | | | | | | Stop showing ci for guest users | Steve Azzopardi | 2019-01-23 | 1 | -1/+1 |
| | | | * | | | | | | | | | | Merge branch 'security-fix-lfs-import-project-ssrf-forgery' into 'master' | Yorick Peterse | 2019-01-24 | 4 | -45/+107 |
| | | | |\ \ \ \ \ \ \ \ \ \ |
|
| | | | | * | | | | | | | | | | Added validations to prevent LFS object forgery | Francisco Javier López | 2019-01-21 | 4 | -45/+107 |
| | | | | | |_|_|_|_|/ / / /
| | | | |/| | | | | | | | |
|
| | | | * | | | | | | | | | | Merge branch 'security-pipeline-trigger-tokens-exposure' into 'master' | Yorick Peterse | 2019-01-24 | 5 | -6/+27 |
| | | | |\ \ \ \ \ \ \ \ \ \ |
|
| | | | | * | | | | | | | | | | Present all pipeline triggers using trigger presenter | Grzegorz Bizon | 2019-01-15 | 2 | -1/+3 |
| | | | | * | | | | | | | | | | Do not expose trigger token when user should not see it | Grzegorz Bizon | 2019-01-15 | 4 | -5/+24 |
| | | | | | |_|_|_|/ / / / /
| | | | |/| | | | | | | | |
|
| | | | * | | | | | | | | | | Merge branch 'security-fix-regex-dos' into 'master' | Yorick Peterse | 2019-01-24 | 1 | -0/+1 |
| | | | |\ \ \ \ \ \ \ \ \ \ |
|
| | | | | * | | | | | | | | | | Fix slow project reference pattern regex | Heinrich Lee Yu | 2019-01-11 | 1 | -0/+1 |
| | | | | | |_|_|_|_|/ / / /
| | | | |/| | | | | | | | |
|
| | | | * | | | | | | | | | | Merge branch 'security-fix-wiki-access-rights-with-external-wiki-enabled' int... | Yorick Peterse | 2019-01-24 | 7 | -23/+31 |
| | | | |\ \ \ \ \ \ \ \ \ \ |
|
| | | | | * | | | | | | | | | | Fixed bug when external wiki is enabled | Francisco Javier López | 2019-01-18 | 7 | -23/+31 |
| | | | | | |_|/ / / / / / /
| | | | |/| | | | | | | | |
|
| | | | * | | | | | | | | | | Merge branch 'security-2769-idn-homograph-attack' into 'master' | Yorick Peterse | 2019-01-24 | 1 | -1/+1 |
| | | | |\ \ \ \ \ \ \ \ \ \ |
|
| | | | | * | | | | | | | | | | Bump the CACHE_COMMONMARK_VERSION | Brett Walker | 2019-01-21 | 1 | -1/+1 |
| | | | | | |_|_|_|_|_|/ / /
| | | | |/| | | | | | | | |
|
| | | | * | | | | | | | | | | Merge branch 'security-fix-new-issues-login-message' into 'master' | Yorick Peterse | 2019-01-24 | 1 | -9/+1 |
| | | | |\ \ \ \ \ \ \ \ \ \ |
|
| | | | | * | | | | | | | | | | Use common error for unauthenticated users | Heinrich Lee Yu | 2019-01-14 | 1 | -9/+1 |
| | | | | | |_|_|/ / / / / /
| | | | |/| | | | | | | | |
|
