summaryrefslogtreecommitdiff
path: root/changelogs
Commit message (Expand)AuthorAgeFilesLines
* Update CHANGELOG.md for 12.0.8GitLab Release Tools Bot2019-08-2822-110/+0
* Revert "Update CHANGELOG.md for 12.0.7"John Jarvis2019-08-2822-0/+110
* Update CHANGELOG.md for 12.0.7GitLab Release Tools Bot2019-08-2722-110/+0
* Avoid exposing unaccessible repo data upon GFM processingOswaldo Ferreira2019-08-261-0/+5
* Merge branch 'security-hide_merge_request_ids_on_emails-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-261-0/+5
|\
| * Prevent disclosure of merge request id via emailFelipe Artur2019-08-211-0/+5
* | Merge branch 'security-64711-fix-commit-todos-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-261-0/+5
|\ \
| * | Send TODOs for comments on commits correctlyNick Thomas2019-08-231-0/+5
| |/
* | Add captcha if there are multiple failed login attemptsMaƂgorzata Ksionek2019-08-261-0/+5
* | Merge branch 'security-12-0-enable-image-proxy' into '12-0-stable'GitLab Release Tools Bot2019-08-261-0/+5
|\ \
| * | Add support for using a Camo proxy serverBrett Walker2019-08-151-0/+5
* | | Merge branch 'security-60551-fix-upload-scope-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-261-0/+5
|\ \ \
| * | | Queries for Upload should be scoped by modelAdam Hegyi2019-07-111-0/+5
* | | | Merge branch 'security-epic-notes-api-reveals-historical-info-ce-12-0' into '...GitLab Release Tools Bot2019-08-261-0/+5
|\ \ \ \
| * | | | Filter out old system notes for epicsPatrick Derichs2019-08-091-0/+5
| | |/ / | |/| |
* | | | Merge branch 'security-fix-html-injection-for-label-description-ce-12-0' into...GitLab Release Tools Bot2019-08-261-0/+5
|\ \ \ \
| * | | | Fix HTML injection for label descriptionPatrick Derichs2019-08-061-0/+5
| |/ / /
* | | | Merge branch 'security-61974-limit-issue-comment-size-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-262-0/+10
|\ \ \ \
| * | | | Limit the size of issuable description and commentsAlexandru Croitor2019-08-222-0/+10
| | |_|/ | |/| |
* | | | Merge branch 'security-mr-head-pipeline-leak-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-261-0/+5
|\ \ \ \
| * | | | Permission fix for MergeRequestsController#pipeline_statusdrew cimino2019-08-121-0/+5
| |/ / /
* | | | Merge branch 'security-katex-dos-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-261-0/+5
|\ \ \ \
| * | | | Enforce max chars and max render time in markdown mathMartin Hanzel2019-08-061-0/+5
| | |/ / | |/| |
* | | | Merge branch 'security-ssrf-kubernetes-dns-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-261-0/+5
|\ \ \ \
| * | | | Override hostname when connecting via KubeclientThong Kuah2019-08-041-0/+5
| |/ / /
* | | | Merge branch 'security-2853-prevent-comments-on-private-mrs-12-0' into '12-0-...GitLab Release Tools Bot2019-08-261-0/+3
|\ \ \ \
| * | | | Prevent unauthorised comments on merge requestsAlex Kalderimis2019-08-071-0/+3
| |/ / /
* | | | Merge branch 'security-fix_jira_ssrf_vulnerability-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-261-0/+5
|\ \ \ \
| * | | | Fix DNS rebind vulnerability for JIRA integrationFelipe Artur2019-08-081-0/+5
| |/ / /
* | | | Merge branch 'security-id-filter-timeline-activities-for-guests-12-0' into '1...GitLab Release Tools Bot2019-08-261-0/+5
|\ \ \ \
| * | | | Add merge note type as cross referenceIgor Drozdov2019-08-211-0/+5
| | |/ / | |/| |
* | | | Merge branch 'security-project-import-bypass-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-261-0/+5
|\ \ \ \
| * | | | Fix project import restricted visibility bypassGeorge Koltsov2019-08-151-0/+5
| |/ / /
* | | | Merge branch 'security-sarcila-fix-weak-session-management-12-0' into '12-0-s...GitLab Release Tools Bot2019-08-261-0/+6
|\ \ \ \
| * | | | Add User#will_save_change_to_login? to clear reset_password_tokensSebastian Arcila Valenzuela2019-08-211-0/+6
| |/ / /
* | | | Merge branch 'security-ci-metrics-permissions-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-261-0/+6
|\ \ \ \
| * | | | Restrict MergeRequests#test_reports to authenticated users with read-access o...drew cimino2019-08-221-0/+6
| |/ / /
* | | | Merge branch 'security-personal-snippets-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-261-0/+5
|\ \ \ \
| * | | | Add direct upload support for personal snippetsJan Provaznik2019-08-231-0/+5
| |/ / /
* | | | Merge branch 'security-group-runners-permissions-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-261-0/+5
|\ \ \ \
| * | | | admin_group authorization for Groups::RunnersControllerdrew cimino2019-08-221-0/+5
| |/ / /
* | | | Re-escape whole HTML content instead of only matchJan Provaznik2019-08-231-0/+5
|/ / /
* | | Update CHANGELOG.md for 12.0.5GitLab Release Tools Bot2019-08-092-10/+0
* | | Update Gitaly to v1.47.2 for security fixPaul Okstad2019-08-091-0/+5
* | | Upgrade pages version to 1.6.2Vladimir Shushlin2019-08-021-0/+5
|/ /
* | Update CHANGELOG.md for 12.0.4GitLab Release Tools Bot2019-07-259-45/+0
* | Merge branch 'security-fix-badges-leaked-to-unauthorized-users-12-0' into '12...GitLab Release Tools Bot2019-07-241-0/+5
|\ \
| * | Don't display badges when builds are restrictedFabio Pitino2019-06-271-0/+5
* | | Merge branch 'security-github-ssrf-redirect-12-0' into '12-0-stable'GitLab Release Tools Bot2019-07-241-0/+5
|\ \ \
| * | | Do not allow localhost url redirection in GitHub Integrationmanojmj2019-07-091-0/+5
| | |/ | |/|