summaryrefslogtreecommitdiff
path: root/changelogs
Commit message (Collapse)AuthorAgeFilesLines
* Add additional public note to project container registry settingNick Kipling2019-09-021-0/+6
|
* Merge branch 'update-workhorse' into 'master'Ash McKenzie2019-09-021-0/+5
|\ | | | | | | | | Update GitLab Workhorse to v8.10.0 See merge request gitlab-org/gitlab-ce!32501
| * Update GitLab Workhorse to v8.10.0Nick Thomas2019-09-011-0/+5
| |
* | Merge branch 'sh-fix-ci-lint-500-error' into 'master'Ash McKenzie2019-09-021-0/+5
|\ \ | | | | | | | | | | | | | | | | | | Fix 500 error in CI lint when included templates are an array Closes #66605 See merge request gitlab-org/gitlab-ce!32232
| * | Fix 500 error in CI lint when included templates are an arraysh-fix-ci-lint-500-errorStan Hu2019-08-311-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously the following syntax would fail in the linter with an error 500: ``` include: template: - License-Management.gitlab-ci.yml - Dependency-Scanning.gitlab-ci.yml - SAST.gitlab-ci.yml ``` Now the error will call out specifically that the value is not a string. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66605
* | | Merge branch 'improve-chatops-help' into 'master'Nick Thomas2019-09-011-0/+5
|\ \ \ | |_|/ |/| | | | | | | | Improve chatops help output See merge request gitlab-org/gitlab-ce!32208
| * | Improve chatops help outputimprove-chatops-helpYorick Peterse2019-08-291-0/+5
| | | | | | | | | | | | | | | | | | | | | This improves the output produced when running an unknown command, running the "help" command, and when trying to run a command you are not allowed to run. The new help output includes links to the project of the chatops integration, and a link to the chatops documentation.
* | | Merge branch 'refactor/showStagedIcon' into 'master'Paul Slaughter2019-09-011-0/+5
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Refactor showStagedIcon property's behavior to match its name Closes #66071 See merge request gitlab-org/gitlab-ce!32333
| * | | Refactor showStagedIcon property's behavior to match its nameArun Kumar Mohan2019-08-301-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, the `showStagedIcon` property was doing the opposite of what its name suggested. It was rendering the staged icon when `showStagedIcon` was `false` and rendering the regular icon when it was `true`.
* | | | Limit access request email to 10 most recently active owners/maintainersManoj MJ2019-08-301-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | This change limits the number of emails for new access requests notifications to 10 most recently active owners/maintainers
* | | | Fix for #56295, https://gitlab.com/gitlab-org/gitlab-ce/issues/56295.Jesse Hall2019-08-301-0/+5
| | | | | | | | | | | | | | | | All avatars now visible in commit trailers.
* | | | Merge branch 'fix-nil-deployable-exception-on-job-controller-show' into 'master'Grzegorz Bizon2019-08-301-0/+5
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix users cannot access job detail page when deployable does not exist Closes #65216 See merge request gitlab-org/gitlab-ce!32247
| * | | | Fix deployable nil exception on job controllerfix-nil-deployable-exception-on-job-controller-showShinya Maeda2019-08-301-0/+5
| | | | | | | | | | | | | | | | | | | | When deployable is nil, we gracefully take care of the case.
* | | | | Install cert-manager v0.9.1James Fargher2019-08-301-0/+5
| | | | | | | | | | | | | | | | | | | | This does not support upgrading from earlier versions
* | | | | Rename epic column state to state_idFelipe Artur2019-08-301-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | Rename epic column state to state_id to be consistent with issues and merge requests
* | | | | Improve search result labelsMarkus Koller2019-08-301-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Use "results" instead of "blobs", "wiki blobs", "snippet blobs" - Use "comments" instead of "notes" - Use correct pluralization - Don't add "1 - 10 of" if there's only one page
* | | | | Delete animation width on global search inputManeschi Romain2019-08-301-0/+5
| | | | |
* | | | | Revert "DB change, migratoin and changelog"Lee Tickett2019-08-301-0/+5
| | | | | | | | | | | | | | | | | | | | This reverts commit af5242ecb682189c5d8276e1ab1ffe5ce844f2e5.
* | | | | Resolve "Use "moved" instead of "closed" in issue references"Juliette de Rancourt2019-08-301-0/+5
| | | | |
* | | | | Merge branch ↔Ash McKenzie2019-08-301-0/+5
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | '65251-default-clusters-namespace_per_environment-column-to-true' into 'master' Default clusters namespace_per_environment to true See merge request gitlab-org/gitlab-ce!32139
| * | | | | Default clusters namespace_per_environment to trueTiger2019-08-301-0/+5
| |/ / / /
* | | | | URL-encode file links in find fileJan Beckmann2019-08-301-0/+5
|/ / / / | | | | | | | | | | | | Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/62055
* | | | Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhqRobert Speicher2019-08-2922-0/+110
|\ \ \ \
| * \ \ \ Merge branch 'security-enable-image-proxy' into 'master'GitLab Release Tools Bot2019-08-291-0/+5
| |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use image proxy to mitigate stealing ip addresses Closes #2812 See merge request gitlab/gitlabhq!2926
| | * | | | Add support for using a Camo proxy serverBrett Walker2019-08-231-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | User images and videos will get proxied through the Camo server in order to keep malicious sites from collecting the IP address of users.
| * | | | | Merge branch 'security-2853-prevent-comments-on-private-mrs' into 'master'GitLab Release Tools Bot2019-08-291-0/+3
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ensure only authorised users can create notes on merge requests and issues See merge request gitlab/gitlabhq!3137
| | * | | | | Prevent unauthorised comments on merge requestsAlex Kalderimis2019-08-071-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Prevent creating notes on inaccessible MRs This applies the notes rules at the MR scope. Rather than adding extra rules to the Project level policy, preventing :create_note here is better since it only prevents creating notes on MRs. * Prevent creating notes in inaccessible Issues without this policy, non-team-members are allowed to comment on issues even when the project has the private-issues policy set. This means that without this change, users are allowed to comment on issues that they cannot read. * Add CHANGELOG entry
| * | | | | | Merge branch 'security-epic-notes-api-reveals-historical-info-ce-master' ↔GitLab Release Tools Bot2019-08-291-0/+5
| |\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into 'master' Filter out old system notes for epics in notes api endpoint response See merge request gitlab/gitlabhq!3224
| | * | | | | | Filter out old system notes for epicsPatrick Derichs2019-08-281-0/+5
| | | | | | | |
| * | | | | | | Merge branch 'security-personal-snippets' into 'master'GitLab Release Tools Bot2019-08-291-0/+5
| |\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add direct upload support for personal snippets See merge request gitlab/gitlabhq!3226
| | * | | | | | | Add direct upload support for personal snippetsJan Provaznik2019-08-231-0/+5
| | | | | | | | |
| * | | | | | | | Merge branch 'security-fix-html-injection-for-label-description-ce-master' ↔GitLab Release Tools Bot2019-08-291-0/+5
| |\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into 'master' Fix HTML injection for label description See merge request gitlab/gitlabhq!3250
| | * | | | | | | | Fix HTML injection for label descriptionPatrick Derichs2019-08-051-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add changelog entry Add spec
| * | | | | | | | | Merge branch 'security-fix_jira_ssrf_vulnerability' into 'master'GitLab Release Tools Bot2019-08-291-0/+5
| |\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix DNS rebind vulnerability for JIRA integration See merge request gitlab/gitlabhq!3266
| | * | | | | | | | | Fix DNS rebind vulnerability for JIRA integrationFelipe Artur2019-08-081-0/+5
| | | |_|_|/ / / / / | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Uses Gitlab::HTTP for JIRA requests instead of Net::Http. Gitlab::Http comes with some built in SSRF protections.
| * | | | | | | | | Merge branch 'security-61974-limit-issue-comment-size' into 'master'GitLab Release Tools Bot2019-08-292-0/+10
| |\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Limit the size of issuable description and comments See merge request gitlab/gitlabhq!3267
| | * | | | | | | | | Limit the size of issuable description and commentsAlexandru Croitor2019-08-222-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Limiting the size of issuable description and comments to 1_000_000, which is close to ~1MB of ASCII characters, which represents 99.9% of all descriptions and comments we have in DB at the moment. This should help prevent DoS attacks when comments contain refference strings. Also this change updates regexp matching the namespaces paths by limiting the namespaces paths to Namespace::NUMBER_OF_ANCESTORS_ALLOWED, as we allow 20 levels deep groups. see https://gitlab.com/gitlab-org/gitlab-ce/issues/61974#note_191274234
| * | | | | | | | | | Merge branch 'security-59549-add-capcha-for-failed-logins' into 'master'GitLab Release Tools Bot2019-08-291-0/+5
| |\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Require a captcha after unique failed logins from the same IP See merge request gitlab/gitlabhq!3270
| | * | | | | | | | | | Add captcha if there are multiple failed login attemptsMaƂgorzata Ksionek2019-07-311-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add method to store session ids by ip Add new specs for storing session ids Add cleaning up records after login Add retrieving anonymous sessions Add login recaptcha setting Add new setting to sessions controller Add conditions for showing captcha Add sessions controller specs Add admin settings specs for login protection Add new settings to api Add stub to devise spec Add new translation key Add cr remarks Rename class call Add cr remarks Change if-clause for consistency Add cr remarks Add code review remarks Refactor AnonymousSession class Add changelog entry Move AnonymousSession class to lib Move store unauthenticated sessions to sessions controller Move link to recaptcha info Regenerate text file Improve copy on the spam page Change action filter for storing anonymous sessions Fix rubocop offences Add code review remarks
| * | | | | | | | | | | Merge branch 'security-mr-head-pipeline-leak' into 'master'GitLab Release Tools Bot2019-08-291-0/+5
| |\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Permission fix for MergeRequestsController#pipeline_status See merge request gitlab/gitlabhq!3274
| | * | | | | | | | | | | Permission fix for MergeRequestsController#pipeline_statusdrew cimino2019-08-121-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Use set_pipeline_variables to filter for visible pipelines - Mimic response of nonexistent pipeline if not found - Provide set_pipeline_variables as a before_filter for other actions
| * | | | | | | | | | | | Merge branch 'security-katex-dos-master' into 'master'GitLab Release Tools Bot2019-08-291-0/+5
| |\ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enforce max chars and max render time in markdown math See merge request gitlab/gitlabhq!3277
| | * | | | | | | | | | | | Enforce max chars and max render time in markdown mathMartin Hanzel2019-08-061-0/+5
| | | |_|_|/ / / / / / / / | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | KaTeX math will now render progressivly and asynchronously. There are upper limits on the character count of each formula, and on cumulative render time.
| * | | | | | | | | | | | Merge branch 'security-project-import-bypass' into 'master'GitLab Release Tools Bot2019-08-291-0/+5
| |\ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Project visibility restriction bypass See merge request gitlab/gitlabhq!3306
| | * | | | | | | | | | | | Fix project import restricted visibility bypassGeorge Koltsov2019-08-151-0/+5
| | |/ / / / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add Gitlab::VisibilityLevelChecker that verifies selected project visibility level (or overridden param) is not restricted when creating or importing a project
| * | | | | | | | | | | | Merge branch 'security-hide_merge_request_ids_on_emails' into 'master'GitLab Release Tools Bot2019-08-291-0/+5
| |\ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prevent disclosure of merge request id via email See merge request gitlab/gitlabhq!3313
| | * | | | | | | | | | | | Prevent disclosure of merge request id via emailFelipe Artur2019-08-191-0/+5
| | |/ / / / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not disclosure merge request id via email for unauthorized users when closing issues.
| * | | | | | | | | | | | Merge branch 'security-id-filter-timeline-activities-for-guests' into 'master'GitLab Release Tools Bot2019-08-291-0/+5
| |\ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add merge note type as cross reference See merge request gitlab/gitlabhq!3319
| | * | | | | | | | | | | | Add merge note type as cross referenceIgor Drozdov2019-08-131-0/+5
| | | | | | | | | | | | | |
| | * | | | | | | | | | | | Update CHANGELOG.md for 12.1.5GitLab Release Tools Bot2019-08-092-10/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [ci skip]
View Lorry Controller Status