summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'jej/fix-disabled-oauth-access-10-1' into 'security-10-1'Robert Speicher2018-01-092-5/+12
| | | | | | | | | [10.1] Prevent login with disabled OAuth providers See merge request gitlab/gitlabhq!2249 (cherry picked from commit e4951cc45f29a9ec1e07408102ab339444ff43e8) 71d8d00c Prevents login with disabled OAuth providers
* Merge branch ↵Robert Speicher2018-01-081-0/+4
| | | | | | | | | | | '41293-fix-command-injection-vulnerability-on-system_hook_push-queue-through-web-hook-10-1' into 'security-10-1' [10.1] Don't allow line breaks on HTTP headers See merge request gitlab/gitlabhq!2286 (cherry picked from commit 271ef222fa964481379a14a9c07805621a7d52a6) a30812d3 Don't allow line breaks on HTTP headers
* Merge branch 'fix/import-rce-10-1' into 'security-10-1'James Lopez2018-01-083-3/+19
| | | | | | | | | [10.1] Fix RCE via project import mechanism See merge request gitlab/gitlabhq!2292 (cherry picked from commit 9a399c554268f3ac9e9cd2340600c2df2f5dfa47) fdbd8d03 Fix RCE via project import mechanism
* Merge branch 'sh-migrate-can-push-to-deploy-keys-projects-10-1' into ↵Douwe Maan2018-01-083-33/+84
| | | | | | | | | | | 'security-10-1' [10.1] Migrate `can_push` column from `keys` to `deploy_keys_project` See merge request gitlab/gitlabhq!2274 (cherry picked from commit b8ed2ac5bf4a75d0787315e741d4c9aacd36e07e) 5f214517 Backport to 10.1
* Merge branch 'security-ac/fix-path-traversal-10-1' into 'security-10-1'Robert Speicher2018-01-081-1/+15
| | | | | | | | | [10.1] Fix path traversal in gitlab-ci.yml cache:key See merge request gitlab/gitlabhq!2272 (cherry picked from commit 991ae1d593e78e7c2484d5fe5b12dfce44a94bc8) 754c83ea Fix path traversal in gitlab-ci.yml cache:key
* Merge branch 'ac/41346-xss-ci-job-output-backport-10-1' into 'security-10-1'Robert Speicher2018-01-081-1/+1
| | | | | | | | | [10.1] Fix XSS vulnerability in Pipeline job trace - back port 10.1 See merge request gitlab/gitlabhq!2261 (cherry picked from commit ddb49b9053a31db0dfb93e02be1975549f991695) dc3d4676 Fix XSS vulnerability in Pipeline job trace
* Merge branch ↵Sean McGivern2018-01-084-10/+4
| | | | | | | | | | | 'security-10-1-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-1' Filter out sensitive fields from the project services API See merge request gitlab/gitlabhq!2283 (cherry picked from commit cde3ae62e8f602b8db4fbdd382fba1a90780be7f) c958086d Filter out sensitive fields from the project services API
* Merge branch 'bvl-fork-network-memberships-for-deleted-source' into 'master'Yorick Peterse2017-11-141-1/+11
| | | | | | | Don't try to create fork network memberships for forks of forks Closes #40072 See merge request gitlab-org/gitlab-ce!15366
* Merge branch 'fix/import-export-arguments' into 'master'Douwe Maan2017-11-101-1/+1
| | | | | | | Fix arguments error on Import/Export fetch_ref method Closes #39541 See merge request gitlab-org/gitlab-ce!15241
* Merge branch '10-1-stable' into 10-1-stable-patch-2Lin Jen-Shin2017-11-103-13/+26
|\ | | | | | | | | | | | | | | | | * 10-1-stable: Update VERSION to 10.1.2 Update CHANGELOG.md for 10.1.2 Merge branch 'fix-mysql-grant-check' into 'master' Merge branch '36099-api-responses-missing-x-content-type-options-header' into '10-1-stable' Merge branch 'ssrf-protections-round-2' into 'security-10-1'
| * Merge branch 'fix-mysql-grant-check' into 'master'Rémy Coutable2017-11-071-11/+19
| | | | | | | | | | | | | | | | | | | | Fix TRIGGER checks for MySQL Closes #38372 See merge request gitlab-org/gitlab-ce!15226 (cherry picked from commit d45fef88f7f0aa249893f9f151185eac5b9bb870)
| * Merge branch '36099-api-responses-missing-x-content-type-options-header' ↵Douwe Maan2017-11-071-1/+4
| | | | | | | | | | | | | | | | | | | | | | into '10-1-stable' Include X-Content-Type-Options (XCTO) header into API responses See merge request gitlab/gitlabhq!2211 (cherry picked from commit 6c818e77f2abeef2dd7b17a269611b018701fa79) e087e075 Include X-Content-Type-Options (XCTO) header into API responses
| * Merge branch 'ssrf-protections-round-2' into 'security-10-1'Douwe Maan2017-11-071-1/+3
| | | | | | | | | | | | | | | | | | Replace SSRF resolver with Addrinfo.getaddrinfo to include alternative localhost versions See merge request gitlab/gitlabhq!2219 (cherry picked from commit 4a1e73783d5480aa514db7b53e10c075f95580b5) 1bffa0c3 Replace SSRF resolver with Addrinfo.getaddrinfo to include alternative localhost versions
* | Merge branch 'fix_diff_parsing' into 'master'Sean McGivern2017-11-061-1/+3
| | | | | | | | | | | | | | Fix diff parser so it tolerates to diff special markers in the content Closes #34431 See merge request gitlab-org/gitlab-ce!14848
* | Merge branch 'gl-username-hook-fix' into 'master'Douwe Maan2017-11-061-1/+1
|/ | | | | Fix the incorrect value being used to set GL_USERNAME on hooks See merge request gitlab-org/gitlab-ce!15038
* Merge branch 'dm-ldap-identity-normalize-dn' into 'master'Sean McGivern2017-11-012-3/+4
| | | | | | | Normalize LDAP DN when looking up identity Closes #39559 See merge request gitlab-org/gitlab-ce!15103
* Merge branch 'fix/import-issue-assignees' into 'master'Sean McGivern2017-11-011-0/+1
| | | | | | | Fix missing issue assignees Closes #39170 See merge request gitlab-org/gitlab-ce!15109
* Merge branch 'fix_global_board_routes_39073' into 'master'Douwe Maan2017-10-311-1/+0
| | | | | | | Remove "boards" from TOP_LEVEL_ROUTES Closes #39073 See merge request gitlab-org/gitlab-ce!14861
* Merge branch 'bvl-circuitbreaker-backoff' into 'master'Sean McGivern2017-10-305-13/+54
| | | | | | | | Circuitbreaker backoff and retries Closes #37383 and #38231 See merge request gitlab-org/gitlab-ce!14933
* Merge branch 'bvl-circuitbreaker-improvements' into 'master'Douwe Maan2017-10-303-18/+36
| | | | | | Make the circuitbreaker configurable at runtime See merge request gitlab-org/gitlab-ce!14842
* Merge branch 'bvl-do-not-use-redis-keys' into 'master'Rémy Coutable2017-10-302-6/+16
| | | | | Avoid using `Redis#keys` See merge request gitlab-org/gitlab-ce!14889
* Merge branch 'fix/add-path-attr-to-wiki-file' into 'master'Sean McGivern2017-10-281-1/+2
| | | | | | | | | | | Add path attribute to WikiFile class Closes #39420 See merge request gitlab-org/gitlab-ce!15019 (cherry picked from commit 98c57e9a9f73409a912189064a7adf0431768b3a) 76becfb5 Add path attribute to WikiFile class
* Merge branch '39495-fix-bitbucket-login' into 'master'Rémy Coutable2017-10-271-0/+4
| | | | | | | | | | | Fix bitbucket login Closes #39495 See merge request gitlab-org/gitlab-ce!15051 (cherry picked from commit a1aa4f00c27afdd3faf5a551b24bfe1555533a4d) 7d8eb4dd Fix bitbucket login
* Merge branch 'performance-bar-sql' into 'master'Rémy Coutable2017-10-241-2/+2
| | | | | | | | | | | Remove Sherlock usage from the performance bar Closes #39351 See merge request gitlab-org/gitlab-ce!15000 (cherry picked from commit 057c81b168c2aea0b4277ec748ce59c195032eaf) 189b5c3c Remove Sherlock usage from the performance bar
* Merge branch 'encoding-helper-performance' into 'master'Rémy Coutable2017-10-191-2/+5
| | | | | | | | | | | Avoind unnecesary `force_encoding` operations Closes #39227 See merge request gitlab-org/gitlab-ce!12167 (cherry picked from commit 371eb62bc90a70f4a578303215e1d4dfc430ddbb) 520866a0 Avoind unnecesary `force_encoding` operations
* Merge branch ↵Rémy Coutable2017-10-181-0/+1
| | | | | | | | | | | | | '39181-gitlab-backgroundmigration-deserializemergerequestdiffsandcommits-error-nomethoderror-undefined-method-map-for-nil-nilclass' into 'master' Resolve "Gitlab::BackgroundMigration::DeserializeMergeRequestDiffsAndCommits::Error: #<NoMethodError: undefined method `map' for nil:NilClass" Closes #39181 See merge request gitlab-org/gitlab-ce!14907 (cherry picked from commit 526c47618e446bfec776b6e17462298f17fb24ee) 9245bfc2 Handle null serialised commits in background migration
* Merge branch 'an/popen-deadline' into 'master'Sean McGivern2017-10-182-0/+70
| | | | | | | | | | Popen with a timeout See merge request gitlab-org/gitlab-ce!14872 (cherry picked from commit 8aa6e7ef030a9e7522c533c7e177a618f37265ec) b88e8aae Popen with a timeout f09a7b3c Linter fixes
* Merge branch ↵Kamil Trzciński2017-10-181-0/+2
| | | | | | | | | | | | | 'fix/sm/38960-collect-usage-pings-gcp-cluster-enabled-and-gcp-cluster-disabled-instead-of-gcp-cluster-count' into 'master' Collect usage pings `Gcp::Cluster.enabled` and `Gcp::Cluster.disabled`, instead of `Gcp::Cluster.count` Closes #38960 See merge request gitlab-org/gitlab-ce!14807 (cherry picked from commit 076231798dd9716479d8eef118678eeb7c2c7b11) a6b2387d Collect usage pings `Gcp::Cluster.enabled` and `Gcp::Cluster.disabled`, instead…
* Merge branch 'rs-sanitize-unicode-in-protocol' into 'security-10-0'Douwe Maan2017-10-151-2/+12
| | | | | | [10.0] Prevent a persistent XSS in user-provided markup See merge request gitlab/gitlabhq!2199
* Merge branch 'cache-issuable-template-names' into 'master'Douwe Maan2017-10-131-14/+14
| | | | | Cache issuable template names See merge request gitlab-org/gitlab-ce!14823
* Merge branch '39032-improve-merge-ongoing-check-consistency' into 'master'Sean McGivern2017-10-131-0/+7
| | | | | | | Make "merge ongoing" check more consistent Closes #39032 See merge request gitlab-org/gitlab-ce!14825
* Merge branch '39028-repo-by-url-fields' into 'master'Tim Zallmann2017-10-131-3/+3
| | | | | | | Add project fields to import project by url Closes #39028 See merge request gitlab-org/gitlab-ce!14822
* Merge branch '37399-simplify-project-page' into 'master'Phil Hughes2017-10-131-6/+6
| | | | | | | Simplify project page Closes #37399 and #38839 See merge request gitlab-org/gitlab-ce!14669
* Merge branch '35580-cannot-import-project-with-milestones' into 'master'Sean McGivern2017-10-122-18/+35
| | | | | | | fix the import :milestone from adding the group_id Closes #35580 See merge request gitlab-org/gitlab-ce!14657
* Merge branch ↵Kamil Trzciński2017-10-111-1/+0
| | | | | | | | | 'fix/sm/move-callback-route-google_api-auth-callback-for-oauth-under' into 'master' Move callback route(`google_api/auth/callback`) for Oauth under `-` Closes #38911 See merge request gitlab-org/gitlab-ce!14802
* Don't create fork networks for root projects that are deletedbvl-fork-network-migrationsBob Van Landuyt2017-10-092-0/+10
|
* Merge branch '38890-fix-gpg-signature-updater-when-commit-is-missing' into ↵Stan Hu2017-10-071-1/+1
|\ | | | | | | | | | | | | | | | | 'master' Fix error with GPG signature updater when commit was deleted Closes #38890 See merge request gitlab-org/gitlab-ce!14749
| * Fix error with GPG signature updater when commit was deleted38890-fix-gpg-signature-updater-when-commit-is-missingRubén Dávila2017-10-071-1/+1
| |
* | Sync up hard coded DN class in migrationmk-normalize-ldap-user-dnsMichael Kozono2017-10-071-20/+28
| |
* | Redefine `respond_to?` in light of `method_missing`Michael Kozono2017-10-071-0/+6
| |
* | Make internal methods privateMichael Kozono2017-10-071-20/+22
| |
* | Leave bad DNs alone instead of raising errorsMichael Kozono2017-10-072-3/+10
| |
* | Refactor DN error classesMichael Kozono2017-10-073-28/+30
| |
* | Move migration to backgroundMichael Kozono2017-10-071-0/+304
| |
* | Normalize values, reusing DN normalization codeMichael Kozono2017-10-072-33/+8
| | | | | | | | I first attempted to extract logic from the code that normalizes DNs, but I was unsuccessful. This is a hack but it works.
* | Fix space strippingMichael Kozono2017-10-071-20/+24
| | | | | | | | Especially from the last attribute value.
* | Rename method to `to_normalized_s`Michael Kozono2017-10-073-3/+3
| |
* | Refactor initialize method for clarityMichael Kozono2017-10-071-11/+20
| |
* | Move downcasing to normalize methodMichael Kozono2017-10-071-10/+10
| |
* | Resolve Rubocop offensesMichael Kozono2017-10-071-17/+25
| | | | | | | | Disabling some for now since this is based on `Net::LDAP::DN`.
View Lorry Controller Status