| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| |
| | |
'12-3-stable'
Use Gitlab::HTTP for all chat notifications
See merge request gitlab/gitlabhq!3515
|
| | | |
|
| |\ \
| | |
| | |
| | |
| | | |
Fix private comment Elasticsearch leak
See merge request gitlab/gitlabhq!3523
|
| | | |
| | |
| | |
| | |
| | | |
Some feature allows GUEST to access only if project is not private.
This method returns access level when targeting private projects.
|
| | | |
| | |
| | |
| | |
| | | |
Guest are blocked to certain feature when project is private,
therefore the scope would filter additionally with REPORTER level.
|
| | | | |
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
'12-3-stable'
Prevent guests from seeing commits for cycle analytics
See merge request gitlab/gitlabhq!3535
|
| | |/ /
| | |
| | |
| | |
| | |
| | | |
Default number of items is 3. If this is not the case,
then increase the column width of the summary items
to cater for 2 items plus the date filter.
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
'12-3-stable'
Related Branches Visible to Guests in Issue Activity
See merge request gitlab/gitlabhq!3540
|
| | |/ /
| | |
| | |
| | |
| | | |
Notes related to branch creation should not be shown in an issue's
activity feed when the user doesn't have access to :download_code.
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
GitLab stores AWS, Slack, Askimet, reCaptcha tokens in plaintext
See merge request gitlab/gitlabhq!3541
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We had concerns about the cached values on Redis with the previous two
releases strategy:
First release (this commit):
- Create new encrypted fields in the database.
- Start populating new encrypted fields, read the encrypted fields or
fallback to the plaintext fields.
- Backfill the data removing the plaintext fields to the encrypted
fields.
Second release:
- Remove the virtual attribute (created in step 2).
- Drop plaintext columns from the database (empty columns after
step 3).
We end up with a better strategy only using migration scripts in one
release:
- Pre-deployment migration: Add columns required for storing encrypted
values.
- Pre-deployment migration: Store the encrypted values in the new
columns.
- Post-deployment migration: Remove the old unencrypted columns
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is the plan to encrypt the plaintext tokens:
First release (this commit):
1. Create new encrypted fields in the database.
2. Start populating new encrypted fields, read the encrypted fields or
fallback to the plaintext fields.
3. Backfill the data removing the plaintext fields to the encrypted fields.
Second release:
4. Remove the virtual attribute (created in step 2).
5. Drop plaintext columns from the database (empty columns after step 3).
|
| |/ / |
|
| |/ |
|
| |\
| |
| |
| |
| |
| |
| | |
into '12-3-stable'
Improper access control allows the attacker to comment in internal commit after they are no longer admin
See merge request gitlab/gitlabhq!3498
|
| | | |
|
| | | |
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | | |
'12-3-stable'
Only assign merge params when allowed
See merge request gitlab/gitlabhq!3459
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| | |
When a user updates a merge request coming from a fork, they should
not be able to set `force_remove_source_branch` if they cannot push
code to the source project.
Otherwise developers of the target project could remove the source
branch of the source project by setting this flag through the API.
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | | |
'security-2914-labels-visible-despite-no-access-to-issues-repositories-12-3' into '12-3-stable'
Labels visible despite no access to issues & repositories
See merge request gitlab/gitlabhq!3430
|
| | | |
| | |
| | |
| | | |
https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/3409
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
'12-3-stable'
Project path reveals labels from Private project if the issue is moved to public project
See merge request gitlab/gitlabhq!3446
|
| | |/ /
| | |
| | |
| | | |
https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/3419
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
'security-ag-hide-private-members-in-project-member-autocomplete-12-3' into '12-3-stable'
Hide private members in project member autocomplete
See merge request gitlab/gitlabhq!3447
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
in a project members' list. Add tests for possible scenarios
Re-factor and remove N + 1 queries
Remove author from changelog
Don't use memoisation when not needed
Include users part of parents of project's group
Re-factor tests
Create and add users according to roles
Re-use group created earlier
Add incomplete test for ancestoral groups
Rename method to clarify category of groups
Skip pending test, remove comments not needed
Remove extra line
Include ancestors from invited groups as well
Add specs for participants service
Add more specs
Add more specs
use instead of
Use public group owner instead of project maintainer to test owner acess
Remove tests that have now been moved into participants_service_spec
Use :context instead of :all
Create nested group instead of creating an ancestor separately
Add comment explaining doubt on the failing spec
Imrpove test setup
Optimize sql queries
Refactor specs file
Add rubocop disablement
Add special case for project owners
Add small refactor
Add explanation to the docs
Fix wording
Refactor group check
Add small changes in specs
Add cr remarks
Add cr remarks
Add specs
Add small refactor
Add code review remarks
Refactor for better database usage
Fix failing spec
Remove rubocop offences
Add cr remarks
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Private/internal repository enumeration via bruteforce on a vulnerable URL
See merge request gitlab/gitlabhq!3455
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This method, #route_not_found, is executed as the final fallback for
unrecognized routes (as the name might imply.) We want to avoid
`#authenticate_user!` when calling `#route_not_found`;
`#authenticate_user!` can, depending on the request format, return a 401
instead of redirecting to a login page. This opens a subtle security
exploit where anonymous users will receive a 401 response when
attempting to access a private repo, while a recognized user will
receive a 404, exposing the existence of the private, hidden repo.
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Mask sentry auth token
See merge request gitlab/gitlabhq!3463
|
| | |/ / /
| | | |
| | | |
| | | |
| | | | |
This makes it so we mask Sentry's auth token. This mask only occurs in
the UI.
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Nested GraphQL query with circular relationship can cause Denial of Service
See merge request gitlab/gitlabhq!3467
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- List all overly-recursive fields
- Reduce recursion threshold to 2
- Add test for not-recursive-enough query
- Use reusable methods in tests
- Add changelog
- Set changeable acceptable recursion level
- Add error check test helpers
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Sanitize search text to prevent XSS
See merge request gitlab/gitlabhq!3468
|
| | |/ / / |
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Require Maintainer permission on group where project is transferred to
See merge request gitlab/gitlabhq!3472
|
| | |/ / / |
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Use the '\A' and '\z' regex anchors in `InternalRedirect` to mitigate an Open Redirect issue.
See merge request gitlab/gitlabhq!3475
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
Open Redirect issue.
Fixes https://dev.gitlab.org/gitlab/gitlabhq/issues/2934 and https://gitlab.com/gitlab-org/gitlab/issues/33569
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Pass all wiki markup formats through our Banzai pipeline filters
See merge request gitlab/gitlabhq!3478
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously, when the wiki page format was anything other than `markdown`
or `asciidoc` the formatted content would be returned though a Gitaly
call. Gitaly in turn would delegate formatting to the gitlab-gollum-lib
gem, which in turn would delegate that to various gems (like RDoc for
`rdoc`) and then apply some very liberal sanitization.
It was too liberal!
This change brings our wiki content formatting in line with how we
format other markdown at GitLab, so we have a SSOT for sanitization.
https://gitlab.com/gitlab-org/gitlab/issues/30540
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Extend Gitlab::UrlBlocker to allow relative urls (require_absolute
setting). The new `require_absolute` setting defaults to true,
which is the existing behavior.
- Extend AddressableUrlValidator to accept `require_abosolute` and
default to the existing behavior
- Add validation for ApplicationSetting#grafana_url to validate that
the URL does not contain XSS but can be a valid relative or absolute
url.
- In the case of existing stored URLs, validate the stored URL does
not contain XSS. If the stored URL contains stored XSS or is an
otherwise invalid URL, return the default database column value.
- Add tests for Gitlab::UrlBlocker to test require_absolute setting
- Add tests for AddressableUrlValidator
- Add tests for ApplicationSetting#grafana_url
|
| | | | |
| | | |
| | | |
| | | | |
This will be used later for search filtering.
|
| |/ / /
| | |
| | |
| | |
| | |
| | | |
This is to be more consistent as there is already a :read_note policy in
NotePolicy. To keep other behaviour the same we've introduced a
Note#noteable_ability_name that is used anywhere this was expected.
|
| | |/
|/|
| |
| |
| |
| | |
Add spec to test different combinations.
Accept string for required_minimum_access_level
Allow more flexible project membership query
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | | |
'12-3-stable'
Prevent Bypassing Email Verification using Salesforce
See merge request gitlab/gitlabhq!3395
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix rubocop offences and add changelog
Add email_verified key for feature specs
Add code review remarks
Add code review remarks
Fix specs
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
'12-3-stable'
Check that SAML identity linking validates the origin of the request
See merge request gitlab/gitlabhq!3396
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If the request wasn't initiated by gitlab we shouldn't add the new
identity to the user, and instead show that we weren't able to link
the identity to the user.
This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
Only render fixed number of mermaid blocks
See merge request gitlab/gitlabhq!3411
|
| | | | | |
|
