summaryrefslogtreecommitdiff
path: root/app
Commit message (Expand)AuthorAgeFilesLines
* Display only informaton visible to current userJarka Košanová2019-02-272-2/+14
* Display the correct number of MRs a user has access toIgor Drozdov2019-02-275-14/+21
* Merge branch 'security-2818_filter_impersonated_sessions-11-6' into '11-6-sta...Yorick Peterse2019-02-273-18/+5
|\
| * Remove ability to revoke active sessionImre Farkas2019-02-272-15/+0
| * Filter active sessions belonging to an admin impersonating the userImre Farkas2019-02-272-3/+5
* | Merge branch '11-6-security-2773-milestones-fix' into '11-6-stable'Yorick Peterse2019-02-275-5/+24
|\ \
| * | Check issue milestone availabilityJarka Košanová2019-02-135-5/+24
| |/
* | Merge branch 'security-2798-fix-boards-policy-11-6' into '11-6-stable'Yorick Peterse2019-02-271-0/+2
|\ \
| * | Disable board policies when issues are disabledHeinrich Lee Yu2019-02-141-0/+2
| |/
* | Merge branch '11-6-security-2797-milestone-mrs' into '11-6-stable'Yorick Peterse2019-02-275-3/+21
|\ \
| * | Show only MRs visible to user on milestone detailJarka Košanová2019-02-195-3/+21
| |/
* | Merge branch 'security-commit-private-related-mr-11-6' into '11-6-stable'Yorick Peterse2019-02-272-2/+13
|\ \
| * | Don't allow non-members to see private related MRsPatrick Bajao2019-02-152-2/+13
| |/
* | Merge branch 'security-kubernetes-google-login-csrf-11-6' into '11-6-stable'Yorick Peterse2019-02-271-11/+21
|\ \
| * | Validate session key when authorizing with GCP to create a clusterTiger2019-02-191-11/+21
| |/
* | Merge branch 'security-56348-11-6' into '11-6-stable'Yorick Peterse2019-02-271-0/+8
|\ \
| * | Check snippet attached file to be moved is within designated directoryMark Chao2019-02-211-0/+8
| |/
* | Check validity of prometheus_service before queryReuben Pereira2019-02-271-1/+5
* | Merge branch 'security-protect-private-repo-information-11-6' into '11-6-stable'Yorick Peterse2019-02-271-2/+0
|\ \
| * | Removing sensitive properties from ProjectTypeLuke Duncalfe2019-02-201-2/+0
| |/
* | Arbitrary file read via MergeRequestDiffFrancisco Javier López2019-02-273-1/+12
* | Merge branch '11-6-security-2799-emails' into '11-6-stable'Yorick Peterse2019-02-273-4/+12
|\ \
| * | Remove link after issue move when no permissionsJarka Košanová2019-02-203-4/+12
| |/
* | Merge branch 'security-add-public-internal-groups-as-members-to-your-project-...Yorick Peterse2019-02-272-4/+11
|\ \
| * | Fix conflictMałgorzata Ksionek2019-02-202-4/+11
| |/
* | Merge branch 'security-kubernetes-local-ssrf-11-6' into '11-6-stable'Yorick Peterse2019-02-271-1/+1
|\ \
| * | Do not allow local urls in Kubernetes formThong Kuah2019-02-211-1/+1
| |/
* | Merge branch 'security-osw-stop-linking-to-packages-11-6' into '11-6-stable'Yorick Peterse2019-02-271-5/+0
|\ \
| * | Stop linking to unrecognized package sourcesOswaldo Ferreira2019-02-241-5/+0
| |/
* | Merge branch 'security-issue_54789_2-11-6' into '11-6-stable'Yorick Peterse2019-02-271-0/+2
|\ \
| * | Prevent disclosing project milestone titlesFelipe Artur2019-02-261-0/+2
| |/
* | Limit number of characters allowed in mermaidjsRajat Jain2019-02-271-0/+19
|/
* Merge branch 'security-11-6-55320-stored-xss-in-user-status' into 'security-1...Tim Zallmann2019-02-041-4/+4
* Merge branch 'security-11-6-22076-sanitize-url-in-names' into 'security-11-6'Yorick Peterse2019-01-2537-51/+59
* Merge branch 'security-project-move-users-11-6' into 'security-11-6'Yorick Peterse2019-01-253-1/+23
* Merge branch 'sh-fix-issue-56663-11-6' into 'security-11-6'Yorick Peterse2019-01-242-3/+3
* Merge branch 'security-import-path-logging-11-6' into 'security-11-6'Yorick Peterse2019-01-242-2/+24
* Merge branch 'security-contributed-projects-11-6' into 'security-11-6'Yorick Peterse2019-01-241-0/+7
* Merge branch 'security-11-6-2769-idn-homograph-attack' into '11-6-stable'Yorick Peterse2019-01-241-1/+1
|\
| * Show tooltip for malicious looking linksBrett Walker2019-01-211-1/+1
* | Merge branch 'security-pipeline-trigger-tokens-exposure-11-6' into 'security-...Yorick Peterse2019-01-245-6/+27
* | Merge branch 'security-fix-regex-dos-11-6' into 'security-11-6'Yorick Peterse2019-01-241-0/+1
* | Merge branch 'security-do-not-process-mr-ref-for-guests-11-6' into 'security-...Yorick Peterse2019-01-241-1/+1
* | Merge branch 'security-bump-rails-version-11-6' into 'security-11-6'Yorick Peterse2019-01-243-4/+27
* | Merge branch 'security-fix-wiki-access-rights-with-external-wiki-enabled-11-6...Yorick Peterse2019-01-247-23/+31
* | Merge branch 'security-11-6-test-permissions' into 'security-11-6'Yorick Peterse2019-01-2418-39/+93
* | Merge branch 'security-fix-new-issues-login-message-11-6' into 'security-11-6'Yorick Peterse2019-01-241-9/+1
* | Merge branch 'security-guests-can-see-list-of-merge-requests-11-6' into 'secu...Yorick Peterse2019-01-243-11/+38
* | Merge branch 'security-fix-lfs-import-project-ssrf-forgery-11-6' into 'securi...Yorick Peterse2019-01-244-45/+107
* | Merge branch 'security-2779-fix-email-comment-permissions-check-11-6' into 's...Yorick Peterse2019-01-244-14/+9