| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| | |
Persistent XSS in note objects CE
See merge request gitlab/gitlabhq!3075
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Resolve: Milestones leaked via search API
Closes #2822
See merge request gitlab/gitlabhq!2997
|
| | |
| | |
| | |
| | |
| | | |
Fix milestone titles being leaked using search API
when users cannot read milestones
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Disallow invalid MR branch name
See merge request gitlab/gitlabhq!3052
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Prevents refspec as branch name, which would bypass branch protection
when used in conjunction with rebase.
HEAD seems to be a special case with lots of occurrence,
so it is considered valid for now.
Another special case is `refs/head/*`, which can be imported.
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Handling password on import by url page
See merge request gitlab/gitlabhq!3061
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Gitlab::HTTP now resolves the hostname only once, verifies the IP is not
blocked, and then uses the same IP to perform the actual request, while
passing the original hostname in the `Host` header and SSL SNI field.
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Use source ref in pipeline webhook
Closes #61553
See merge request gitlab-org/gitlab-ce!28772
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When user uses Pipelines for merge requests, the pipeline is a run on
a merge request ref instead of branch ref. However, we should send
source ref as a webhook in order to respect the original behavior.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Before this fix, a suggestion which just removes
an empty line wasn't appliable
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Storing this key in secrets.yml was a bad idea,
it would require users using HA setups to manually
replicate secrets across nodes during update,
it also needed support from omnibus package
* Revert "Generate Let's Encrypt private key"
This reverts commit 444959bfa0b79e827a2a1a7a314acac19390f976.
* Add Let's Encrypt private key to settings
as encrypted attribute
* Generate Let's Encrypt private key
in database migration
|
|/ / / /
| | | |
| | | |
| | | | |
If the postgres image version isn't passed to upgrades, helm will revert to the default postgres version. If it crosses incompatible version boundaries, this will break postgres horribly, as it won't be able to read the data files.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Add .no-tabs to login-box
- Externalize strings in common signup box
- Leverage render_if_exists
- Update PO file
|
| | | |
| | | |
| | | |
| | | | |
Added a changelog entry for the feature
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
This env was missing, causing the variable to not
be propagated to child containers and thus, be ineffective
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Drop support for AUTO_DEVOPS_DOMAIN
See merge request gitlab-org/gitlab-ce!28460
|
| | | | |
| | | | |
| | | | |
| | | | | |
Update documentation to reflect removal
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Creates a new filename to register auth logs.
This change should allow SRE's queries to make better queries
through logging infrastructure.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54528
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In https://github.com/rails/rails/commit/83b767ce, Rails 5.1 removed
support for using a String to specify a middleware. When the
strategy_class argument is passed from the GitLab YAML config to Devise,
Devise passes the string value straight through to Rails, and GitLab
would crash with a NoMethodError inside ActionDispatch::MiddlewareStack.
To make this OmniAuth strategy work again, we normalize the arguments by
converting the strategy_class value into an actual Class.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62216
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This resolves an "ArgumentError: comparison of String with 0 failed"
issue where the visibility_level is stored as a string in the project
import data because the value comes directly from the Web form. This
problem happened upon creating a project from a template or restoring a
project.
We now cast the value to an integer to guard against these kinds of
failures.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/61692
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
'61935-remove-code-left-over-from-when-clusters-were-always-project-specific' into 'master'
remove `Clusters::Platforms::Kubernetes#actual_namespace`
Closes #61935
See merge request gitlab-org/gitlab-ce!28391
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When Kubernetes clusters were originally built they could only
exist at the project level, and so there was logic included
that assumed there would only ever be a single Kubernetes
namespace per cluster. We now support clusters at the group
and instance level, which allows multiple namespaces.
This change consolidates various project-specific fallbacks to
generate namespaces, and hands all responsibility to the
Clusters::KubernetesNamespace model. There is now no concept of
a single namespace for a Clusters::Platforms::Kubernetes; to
retrieve a namespace a project must now be supplied in all cases.
This simplifies upcoming work to use a separate Kubernetes
namespace per project environment (instead of a namespace
per project).
|
|/ / / /
| | | |
| | | |
| | | | |
We kept it for smooth update only
|
| | | |
| | | |
| | | |
| | | | |
`before_script` statements.
|
| | | |
| | | |
| | | |
| | | | |
`DAST_TARGET_AVAILABILITY_TIMEOUT` already defaults to 60 in `analyze`
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Resolve "Cert Manager problems with Group/Instance cluster"
Closes #61697
See merge request gitlab-org/gitlab-ce!28373
|
| | |/ /
| |/| | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
API: Fix recursive flag not working with Rugged get_tree_entries flag
Closes #61979
See merge request gitlab-org/gitlab-ce!28494
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Attempting to use the API endpoint
/projects/:id/repository/tree?recursive=true would only return a subset
of the results since the full recursive list wasn't actually being
returned.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/61979
|
| | | | |
| | | | |
| | | | | |
This reverts merge request !27474
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Include type to notes import / export
Closes #49517
See merge request gitlab-org/gitlab-ce!28401
|
| | | | | | |
|
|\ \ \ \ \ \
| |_|/ / / /
|/| | | | |
| | | | | |
| | | | | | |
Auto-DevOps: allow to disable rollout status check
See merge request gitlab-org/gitlab-ce!28130
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
More aligned design. More functionality.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
PoolRepository is a relatively new model of which the counts could help
to further determine the priority of new features. Also gives some
insight into the number of forks customers have.
|
| |/ / / /
|/| | | | |
|