summaryrefslogtreecommitdiff
path: root/changelogs
Commit message (Collapse)AuthorAgeFilesLines
...
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-041-0/+5
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-041-0/+5
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-034-0/+20
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-032-0/+10
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-032-0/+10
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-032-0/+10
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-031-0/+5
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-034-0/+20
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-023-10/+5
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-021-0/+5
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-024-0/+20
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-021-0/+5
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-022-0/+10
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-013-0/+15
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-011-0/+5
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-013-0/+15
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-015-5/+20
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-013-5/+10
|
* Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhqMarin Jankovski2019-10-011-0/+5
|\
| * Merge branch 'master' into dev-masterStan Hu2019-09-3034-0/+172
| |\
| * \ Merge branch 'security-sarcila-verify-saml-request-origin' into 'master'GitLab Release Tools Bot2019-09-271-0/+5
| |\ \ | | | | | | | | | | | | | | | | Check that SAML identity linking validates the origin of the request See merge request gitlab/gitlabhq!3337
| | * | Validate that SAML requests are originated from gitlabSebastian Arcila Valenzuela2019-09-211-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509
| * | | Merge branch ↵GitLab Release Tools Bot2019-09-271-0/+5
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'security-12717-fix-confidential-issue-assignee-visible-to-guests' into 'master' Display only participants that user has permission to see See merge request gitlab/gitlabhq!3401
| | * | | Display only participants that user has permission to seeAlexandru Croitor2019-09-231-0/+5
| | | | |
| * | | | Merge branch 'security-64938-dont-disclose-path' into 'master'GitLab Release Tools Bot2019-09-271-0/+6
| |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Redirect user to root path after unsubscribing from private resource See merge request gitlab/gitlabhq!3405
| | * | | | Redirect user to root path after unsubscribing from private resourceAlexandru Croitor2019-09-201-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If user unsubsrcribes from a resource that they no longer have access to they should not be revealed the resource path, but be redirected to app root instead. https://gitlab.com/gitlab-org/gitlab-ce/issues/64938
| * | | | | Merge branch 'security-fp-stop-jobs-when-blocking-user' into 'master'GitLab Release Tools Bot2019-09-271-0/+5
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Cancel all running CI jobs when user is blocked See merge request gitlab/gitlabhq!3410
| | * | | | | Cancel all running CI jobs when user is blockedFabio Pitino2019-09-241-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This prevents a MITM attack where attacker could still access Git repository if any jobs were running long enough.
| * | | | | | Merge branch 'security-12718-project-milestones-disclosed-via-groups-ce' ↵GitLab Release Tools Bot2019-09-271-0/+6
| |\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into 'master' Hide disabled project milestones in project settings on group level See merge request gitlab/gitlabhq!3414
| | * | | | | | Hide disabled project milestones in project settings on group levelAlexandru Croitor2019-09-231-0/+6
| | | |_|/ / / | | |/| | | |
| * | | | | | Merge branch 'security-bypass-email-verification-using-salesforce-main' into ↵GitLab Release Tools Bot2019-09-271-0/+5
| |\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'master' Prevent Bypassing Email Verification using Salesforce See merge request gitlab/gitlabhq!3422
| | * | | | | | Add checking for email_verified keyMałgorzata Ksionek2019-09-261-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix rubocop offences and add changelog Add email_verified key for feature specs Add code review remarks Add code review remarks Fix specs
| * | | | | | | Merge branch 'security-12630-private-system-note-disclosed-in-graphql-ce' ↵GitLab Release Tools Bot2019-09-271-0/+6
| |\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into 'master' Add policy check if cross reference system notes are accessible See merge request gitlab/gitlabhq!3425
| | * | | | | | | Add policy check if cross reference system notes are accessibleAlexandru Croitor2019-09-231-0/+6
| | | |/ / / / / | | |/| | | | |
| * | | | | | | Merge branch 'security-mermaid-block-12-4' into 'master'GitLab Release Tools Bot2019-09-271-0/+5
| |\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Only render fixed number of mermaid blocks See merge request gitlab/gitlabhq!3429
| | * | | | | | | Only render fixed number of mermaid blocksRajat Jain2019-09-231-0/+5
| | | | | | | | |
| * | | | | | | | Merge branch 'security-cross-reference-fix-ce' into 'master'GitLab Release Tools Bot2019-09-271-0/+5
| |\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Filter not accessible label events See merge request gitlab/gitlabhq!3439
| | * | | | | | | | Filter not accessible label eventsJan Provaznik2019-09-241-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Label events may use cross-project or cross-group references, if the projects are not accessible by user, we don't show these label events.
| * | | | | | | | | Merge branch 'security-gitalt-1-65-1-master' into 'master'GitLab Release Tools Bot2019-09-271-0/+5
| |\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix Gitaly SearchBlobs flag RPC injection [Gitaly v1.65.1] See merge request gitlab/gitlabhq!3443
| | * | | | | | | | | Fix Gitaly SearchBlobs flag RPC injectionPaul Okstad2019-09-251-0/+5
| | | | | | | | | | |
* | | | | | | | | | | Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-012-0/+10
| | | | | | | | | | |
* | | | | | | | | | | Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-09-302-0/+10
| |_|_|_|_|_|_|_|_|/ |/| | | | | | | | |
* | | | | | | | | | Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-09-307-0/+30
| | | | | | | | | |
* | | | | | | | | | Validate that SAML requests are originated from gitlabSebastian Arcila Valenzuela2019-09-301-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509
* | | | | | | | | | Display only participants that user has permission to seeAlexandru Croitor2019-09-301-0/+5
| | | | | | | | | |
* | | | | | | | | | Redirect user to root path after unsubscribing from private resourceAlexandru Croitor2019-09-301-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If user unsubsrcribes from a resource that they no longer have access to they should not be revealed the resource path, but be redirected to app root instead. https://gitlab.com/gitlab-org/gitlab-ce/issues/64938
* | | | | | | | | | Cancel all running CI jobs when user is blockedFabio Pitino2019-09-301-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This prevents a MITM attack where attacker could still access Git repository if any jobs were running long enough.
* | | | | | | | | | Hide disabled project milestones in project settings on group levelAlexandru Croitor2019-09-301-0/+6
| | | | | | | | | |
* | | | | | | | | | Add checking for email_verified keyMałgorzata Ksionek2019-09-301-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix rubocop offences and add changelog Add email_verified key for feature specs Add code review remarks Add code review remarks Fix specs
* | | | | | | | | | Add policy check if cross reference system notes are accessibleAlexandru Croitor2019-09-301-0/+6
| | | | | | | | | |
View Lorry Controller Status