Commit message (Expand) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Merge branch 'fix/security-group-user-removal' into 'master' | Yorick Peterse | 2019-01-25 | 1 | -0/+5 |
|\ | |||||
| * | Add subresources removal to member destroy service | James Lopez | 2019-01-25 | 1 | -0/+5 |
* | | Merge branch 'security-import-path-logging' into 'master' | Yorick Peterse | 2019-01-25 | 1 | -0/+5 |
|\ \ | |||||
| * | | Fix path disclosure on Project Import | James Lopez | 2019-01-07 | 1 | -0/+5 |
* | | | Merge branch 'security-guests-can-see-list-of-merge-requests' into 'master' | Yorick Peterse | 2019-01-25 | 1 | -0/+6 |
|\ \ \ | |||||
| * | | | Group Guests are no longer able to see merge requests | Tiago Botelho | 2019-01-21 | 1 | -0/+6 |
* | | | | Merge branch 'security-import-project-visibility' into 'master' | Yorick Peterse | 2019-01-25 | 1 | -0/+5 |
|\ \ \ \ | |||||
| * | | | | Fix tree restorer visibility level | James Lopez | 2019-01-24 | 1 | -0/+5 |
* | | | | | Merge branch 'security-contributed-projects' into 'master' | Yorick Peterse | 2019-01-25 | 1 | -0/+5 |
|\ \ \ \ \ | |||||
| * | | | | | Fix contributed projects finder shown private info | James Lopez | 2019-01-08 | 1 | -0/+5 |
* | | | | | | Merge branch 'security-do-not-process-mr-ref-for-guests' into 'master' | Yorick Peterse | 2019-01-25 | 1 | -0/+5 |
|\ \ \ \ \ \ | |||||
| * | | | | | | Don't process MR refs for guests in the notes | Oswaldo Ferreira | 2019-01-10 | 1 | -0/+5 |
* | | | | | | | Merge branch 'security-22076-sanitize-url-in-names' into 'master' | Yorick Peterse | 2019-01-25 | 1 | -0/+6 |
|\ \ \ \ \ \ \ | |||||
| * | | | | | | | Add changelog entry | Kushal Pandya | 2019-01-22 | 1 | -0/+6 |
* | | | | | | | | Merge branch 'sh-fix-import-redirect-vulnerability' into 'master' | Yorick Peterse | 2019-01-25 | 1 | -0/+5 |
|\ \ \ \ \ \ \ \ | |||||
| * | | | | | | | | Alias GitHub and BitBucket OAuth2 callback URLs | Stan Hu | 2019-01-22 | 1 | -0/+5 |
* | | | | | | | | | Merge branch 'security-2780-disable-git-v2-protocol' into 'master' | Yorick Peterse | 2019-01-25 | 1 | -0/+5 |
|\ \ \ \ \ \ \ \ \ | |||||
| * | | | | | | | | | Disable git v2 protocol temporarily | Nick Thomas | 2019-01-24 | 1 | -0/+5 |
* | | | | | | | | | | Merge branch 'security-55320-stored-xss-in-user-status' into 'master' | Tim Zallmann | 2019-01-25 | 1 | -0/+5 |
|\ \ \ \ \ \ \ \ \ \ | |_|_|_|_|_|_|_|_|/ |/| | | | | | | | | | |||||
| * | | | | | | | | | Use sanitized user status message for user popover | Dennis Tang | 2019-01-23 | 1 | -0/+5 |
| | |/ / / / / / / | |/| | | | | | | | |||||
* | | | | | | | | | Merge branch 'security-2767-verify-lfs-finalize-from-workhorse' into 'master' | Yorick Peterse | 2019-01-24 | 1 | -0/+5 |
|\ \ \ \ \ \ \ \ \ | |||||
| * | | | | | | | | | Verify that LFS upload requests are genuine | Nick Thomas | 2019-01-22 | 1 | -0/+5 |
| |/ / / / / / / / | |||||
* | | | | | | | | | Merge branch 'security-project-move-users' into 'master' | Yorick Peterse | 2019-01-24 | 1 | -0/+5 |
|\ \ \ \ \ \ \ \ \ | |||||
| * | | | | | | | | | Sent notification only to authorized users | Jan Provaznik | 2019-01-23 | 1 | -0/+5 |
| |/ / / / / / / / | |||||
* | | | | | | | | | Merge branch 'security-fix-user-email-tag-push-leak' into 'master' | Yorick Peterse | 2019-01-24 | 1 | -0/+5 |
|\ \ \ \ \ \ \ \ \ | |||||
| * | | | | | | | | | Fix private user email being visible in tag webhooks | Luke Duncalfe | 2019-01-18 | 1 | -0/+5 |
| | |_|/ / / / / / | |/| | | | | | | | |||||
* | | | | | | | | | [master] Resolve "[Security] Stored XSS via KaTeX" | Constance Okoghenun | 2019-01-24 | 1 | -0/+5 |
* | | | | | | | | | Merge branch 'extract-pages-with-rubyzip' into 'master' | Yorick Peterse | 2019-01-24 | 1 | -0/+5 |
|\ \ \ \ \ \ \ \ \ | |||||
| * | | | | | | | | | Extract GitLab Pages using RubyZip | Kamil Trzciński | 2019-01-22 | 1 | -0/+5 |
* | | | | | | | | | | Merge branch 'security-commit-status-shown-for-guest-user' into 'master' | Yorick Peterse | 2019-01-24 | 1 | -0/+5 |
|\ \ \ \ \ \ \ \ \ \ | |||||
| * | | | | | | | | | | Stop showing ci for guest users | Steve Azzopardi | 2019-01-23 | 1 | -0/+5 |
| | |_|_|_|_|_|/ / / | |/| | | | | | | | | |||||
* | | | | | | | | | | Merge branch 'security-fix-lfs-import-project-ssrf-forgery' into 'master' | Yorick Peterse | 2019-01-24 | 1 | -0/+5 |
|\ \ \ \ \ \ \ \ \ \ | |||||
| * | | | | | | | | | | Added validations to prevent LFS object forgery | Francisco Javier López | 2019-01-21 | 1 | -0/+5 |
| | |_|_|_|_|_|/ / / | |/| | | | | | | | | |||||
* | | | | | | | | | | Merge branch 'security-pipeline-trigger-tokens-exposure' into 'master' | Yorick Peterse | 2019-01-24 | 1 | -0/+5 |
|\ \ \ \ \ \ \ \ \ \ | |||||
| * | | | | | | | | | | Add changelog for trigger token exposure fix | Grzegorz Bizon | 2019-01-15 | 1 | -0/+5 |
| | |_|_|/ / / / / / | |/| | | | | | | | | |||||
* | | | | | | | | | | Merge branch 'security-fix-regex-dos' into 'master' | Yorick Peterse | 2019-01-24 | 1 | -0/+5 |
|\ \ \ \ \ \ \ \ \ \ | |||||
| * | | | | | | | | | | Fix slow project reference pattern regex | Heinrich Lee Yu | 2019-01-11 | 1 | -0/+5 |
| | |_|_|_|_|_|/ / / | |/| | | | | | | | | |||||
* | | | | | | | | | | Merge branch 'security-fix-wiki-access-rights-with-external-wiki-enabled' int... | Yorick Peterse | 2019-01-24 | 1 | -0/+5 |
|\ \ \ \ \ \ \ \ \ \ | |||||
| * | | | | | | | | | | Fixed bug when external wiki is enabled | Francisco Javier López | 2019-01-18 | 1 | -0/+5 |
| | |_|/ / / / / / / | |/| | | | | | | | | |||||
* | | | | | | | | | | Merge branch 'security-2769-idn-homograph-attack' into 'master' | Yorick Peterse | 2019-01-24 | 1 | -0/+5 |
|\ \ \ \ \ \ \ \ \ \ | |||||
| * | | | | | | | | | | Show tooltip for malicious looking links | Brett Walker | 2019-01-21 | 1 | -0/+5 |
| | |_|_|_|_|_|_|/ / | |/| | | | | | | | | |||||
* | | | | | | | | | | Merge branch 'security-fix-new-issues-login-message' into 'master' | Yorick Peterse | 2019-01-24 | 1 | -0/+5 |
|\ \ \ \ \ \ \ \ \ \ | |||||
| * | | | | | | | | | | Use common error for unauthenticated users | Heinrich Lee Yu | 2019-01-14 | 1 | -0/+5 |
| | |_|_|/ / / / / / | |/| | | | | | | | | |||||
* | | | | | | | | | | Merge branch 'security-2776-fix-add-reaction-permissions' into 'master' | Yorick Peterse | 2019-01-24 | 1 | -0/+5 |
|\ \ \ \ \ \ \ \ \ \ | |||||
| * | | | | | | | | | | Prevent award_emoji to notes not visible to user | Heinrich Lee Yu | 2019-01-15 | 1 | -0/+5 |
| |/ / / / / / / / / | |||||
* | | | | | | | | | | Merge branch 'security-2779-fix-email-comment-permissions-check' into 'master' | Yorick Peterse | 2019-01-24 | 1 | -0/+5 |
|\ \ \ \ \ \ \ \ \ \ | |_|_|_|_|_|_|_|/ / |/| | | | | | | | | | |||||
| * | | | | | | | | | Prevent comments by email when issue is locked | Heinrich Lee Yu | 2019-01-22 | 1 | -0/+5 |
| | |_|_|_|_|/ / / | |/| | | | | | | | |||||
* | | | | | | | | | Fix markdown table border | Jacques Erasmus | 2019-01-24 | 1 | -0/+5 |
* | | | | | | | | | Merge branch 'docs-push-mirror-GitLab-GitHub' into 'master' | Evan Read | 2019-01-24 | 1 | -0/+5 |
|\ \ \ \ \ \ \ \ \ | |||||
| * | | | | | | | | | Added changelog | Joseph Yu | 2019-01-22 | 1 | -0/+5 |