summaryrefslogtreecommitdiff
path: root/changelogs
Commit message (Expand)AuthorAgeFilesLines
* Merge branch 'security-commit-private-related-mr' into 'master'Yorick Peterse2019-03-041-0/+5
|\
| * Add changelog for security fixPatrick Bajao2019-01-281-0/+5
| * Merge branch 'fix/security-group-user-removal' into 'master'Yorick Peterse2019-01-251-0/+5
| |\
| | * Add subresources removal to member destroy serviceJames Lopez2019-01-251-0/+5
| * | Merge branch 'security-import-path-logging' into 'master'Yorick Peterse2019-01-251-0/+5
| |\ \
| | * | Fix path disclosure on Project ImportJames Lopez2019-01-071-0/+5
| * | | Merge branch 'security-guests-can-see-list-of-merge-requests' into 'master'Yorick Peterse2019-01-251-0/+6
| |\ \ \
| | * | | Group Guests are no longer able to see merge requestsTiago Botelho2019-01-211-0/+6
| * | | | Merge branch 'security-import-project-visibility' into 'master'Yorick Peterse2019-01-251-0/+5
| |\ \ \ \
| | * | | | Fix tree restorer visibility levelJames Lopez2019-01-241-0/+5
| * | | | | Merge branch 'security-contributed-projects' into 'master'Yorick Peterse2019-01-251-0/+5
| |\ \ \ \ \
| | * | | | | Fix contributed projects finder shown private infoJames Lopez2019-01-081-0/+5
| * | | | | | Merge branch 'security-do-not-process-mr-ref-for-guests' into 'master'Yorick Peterse2019-01-251-0/+5
| |\ \ \ \ \ \
| | * | | | | | Don't process MR refs for guests in the notesOswaldo Ferreira2019-01-101-0/+5
| * | | | | | | Merge branch 'security-22076-sanitize-url-in-names' into 'master'Yorick Peterse2019-01-251-0/+6
| |\ \ \ \ \ \ \
| | * | | | | | | Add changelog entryKushal Pandya2019-01-221-0/+6
| * | | | | | | | Merge branch 'sh-fix-import-redirect-vulnerability' into 'master'Yorick Peterse2019-01-251-0/+5
| |\ \ \ \ \ \ \ \
| | * | | | | | | | Alias GitHub and BitBucket OAuth2 callback URLsStan Hu2019-01-221-0/+5
| * | | | | | | | | Merge branch 'security-2780-disable-git-v2-protocol' into 'master'Yorick Peterse2019-01-251-0/+5
| |\ \ \ \ \ \ \ \ \
| | * | | | | | | | | Disable git v2 protocol temporarilyNick Thomas2019-01-241-0/+5
| * | | | | | | | | | Merge branch 'security-55320-stored-xss-in-user-status' into 'master'Tim Zallmann2019-01-251-0/+5
| |\ \ \ \ \ \ \ \ \ \ | | |_|_|_|_|_|_|_|_|/ | |/| | | | | | | | |
| | * | | | | | | | | Use sanitized user status message for user popoverDennis Tang2019-01-231-0/+5
| | | |/ / / / / / / | | |/| | | | | | |
| * | | | | | | | | Merge branch 'security-2767-verify-lfs-finalize-from-workhorse' into 'master'Yorick Peterse2019-01-241-0/+5
| |\ \ \ \ \ \ \ \ \
| | * | | | | | | | | Verify that LFS upload requests are genuineNick Thomas2019-01-221-0/+5
| | |/ / / / / / / /
| * | | | | | | | | Merge branch 'security-project-move-users' into 'master'Yorick Peterse2019-01-241-0/+5
| |\ \ \ \ \ \ \ \ \
| | * | | | | | | | | Sent notification only to authorized usersJan Provaznik2019-01-231-0/+5
| | |/ / / / / / / /
| * | | | | | | | | Merge branch 'security-fix-user-email-tag-push-leak' into 'master'Yorick Peterse2019-01-241-0/+5
| |\ \ \ \ \ \ \ \ \
| | * | | | | | | | | Fix private user email being visible in tag webhooksLuke Duncalfe2019-01-181-0/+5
| | | |_|/ / / / / / | | |/| | | | | | |
| * | | | | | | | | [master] Resolve "[Security] Stored XSS via KaTeX"Constance Okoghenun2019-01-241-0/+5
| * | | | | | | | | Merge branch 'extract-pages-with-rubyzip' into 'master'Yorick Peterse2019-01-241-0/+5
| |\ \ \ \ \ \ \ \ \
| | * | | | | | | | | Extract GitLab Pages using RubyZipKamil Trzciński2019-01-221-0/+5
| * | | | | | | | | | Merge branch 'security-commit-status-shown-for-guest-user' into 'master'Yorick Peterse2019-01-241-0/+5
| |\ \ \ \ \ \ \ \ \ \
| | * | | | | | | | | | Stop showing ci for guest usersSteve Azzopardi2019-01-231-0/+5
| | | |_|_|_|_|_|/ / / | | |/| | | | | | | |
| * | | | | | | | | | Merge branch 'security-fix-lfs-import-project-ssrf-forgery' into 'master'Yorick Peterse2019-01-241-0/+5
| |\ \ \ \ \ \ \ \ \ \
| | * | | | | | | | | | Added validations to prevent LFS object forgeryFrancisco Javier López2019-01-211-0/+5
| | | |_|_|_|_|_|/ / / | | |/| | | | | | | |
| * | | | | | | | | | Merge branch 'security-pipeline-trigger-tokens-exposure' into 'master'Yorick Peterse2019-01-241-0/+5
| |\ \ \ \ \ \ \ \ \ \
| | * | | | | | | | | | Add changelog for trigger token exposure fixGrzegorz Bizon2019-01-151-0/+5
| | | |_|_|/ / / / / / | | |/| | | | | | | |
| * | | | | | | | | | Merge branch 'security-fix-regex-dos' into 'master'Yorick Peterse2019-01-241-0/+5
| |\ \ \ \ \ \ \ \ \ \
| | * | | | | | | | | | Fix slow project reference pattern regexHeinrich Lee Yu2019-01-111-0/+5
| | | |_|_|_|_|_|/ / / | | |/| | | | | | | |
| * | | | | | | | | | Merge branch 'security-fix-wiki-access-rights-with-external-wiki-enabled' int...Yorick Peterse2019-01-241-0/+5
| |\ \ \ \ \ \ \ \ \ \
| | * | | | | | | | | | Fixed bug when external wiki is enabledFrancisco Javier López2019-01-181-0/+5
| | | |_|/ / / / / / / | | |/| | | | | | | |
| * | | | | | | | | | Merge branch 'security-2769-idn-homograph-attack' into 'master'Yorick Peterse2019-01-241-0/+5
| |\ \ \ \ \ \ \ \ \ \
| | * | | | | | | | | | Show tooltip for malicious looking linksBrett Walker2019-01-211-0/+5
| | | |_|_|_|_|_|_|/ / | | |/| | | | | | | |
| * | | | | | | | | | Merge branch 'security-fix-new-issues-login-message' into 'master'Yorick Peterse2019-01-241-0/+5
| |\ \ \ \ \ \ \ \ \ \
| | * | | | | | | | | | Use common error for unauthenticated usersHeinrich Lee Yu2019-01-141-0/+5
| | | |_|_|/ / / / / / | | |/| | | | | | | |
| * | | | | | | | | | Merge branch 'security-2776-fix-add-reaction-permissions' into 'master'Yorick Peterse2019-01-241-0/+5
| |\ \ \ \ \ \ \ \ \ \
| | * | | | | | | | | | Prevent award_emoji to notes not visible to userHeinrich Lee Yu2019-01-151-0/+5
| | |/ / / / / / / / /
| * | | | | | | | | | Merge branch 'security-2779-fix-email-comment-permissions-check' into 'master'Yorick Peterse2019-01-241-0/+5
| |\ \ \ \ \ \ \ \ \ \ | | |_|_|_|_|_|_|_|/ / | |/| | | | | | | | |
| | * | | | | | | | | Prevent comments by email when issue is lockedHeinrich Lee Yu2019-01-221-0/+5
| | | |_|_|_|_|/ / / | | |/| | | | | | |
* | | | | | | | | | Forbid creating discussions for users with restricted accessIgor Drozdov2019-03-041-0/+5
View Lorry Controller Status