| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
[10.1] Prevent login with disabled OAuth providers
See merge request gitlab/gitlabhq!2249
(cherry picked from commit e4951cc45f29a9ec1e07408102ab339444ff43e8)
71d8d00c Prevents login with disabled OAuth providers
|
|
|
|
|
|
|
|
|
|
|
| |
'41293-fix-command-injection-vulnerability-on-system_hook_push-queue-through-web-hook-10-1' into 'security-10-1'
[10.1] Don't allow line breaks on HTTP headers
See merge request gitlab/gitlabhq!2286
(cherry picked from commit 271ef222fa964481379a14a9c07805621a7d52a6)
a30812d3 Don't allow line breaks on HTTP headers
|
|
|
|
|
|
|
|
|
| |
[10.1] Fix RCE via project import mechanism
See merge request gitlab/gitlabhq!2292
(cherry picked from commit 9a399c554268f3ac9e9cd2340600c2df2f5dfa47)
fdbd8d03 Fix RCE via project import mechanism
|
|
|
|
|
|
|
|
|
|
|
| |
'security-10-1'
[10.1] Migrate `can_push` column from `keys` to `deploy_keys_project`
See merge request gitlab/gitlabhq!2274
(cherry picked from commit b8ed2ac5bf4a75d0787315e741d4c9aacd36e07e)
5f214517 Backport to 10.1
|
|
|
|
|
|
|
|
|
| |
[10.1] Fix path traversal in gitlab-ci.yml cache:key
See merge request gitlab/gitlabhq!2272
(cherry picked from commit 991ae1d593e78e7c2484d5fe5b12dfce44a94bc8)
754c83ea Fix path traversal in gitlab-ci.yml cache:key
|
|
|
|
|
|
|
|
|
| |
[10.1] Fix XSS vulnerability in Pipeline job trace - back port 10.1
See merge request gitlab/gitlabhq!2261
(cherry picked from commit ddb49b9053a31db0dfb93e02be1975549f991695)
dc3d4676 Fix XSS vulnerability in Pipeline job trace
|
|
|
|
|
|
|
|
|
|
|
| |
'security-10-1-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-1'
Filter out sensitive fields from the project services API
See merge request gitlab/gitlabhq!2283
(cherry picked from commit cde3ae62e8f602b8db4fbdd382fba1a90780be7f)
c958086d Filter out sensitive fields from the project services API
|
|
|
|
|
|
|
| |
Don't try to create fork network memberships for forks of forks
Closes #40072
See merge request gitlab-org/gitlab-ce!15366
|
|
|
|
|
|
|
| |
Fix arguments error on Import/Export fetch_ref method
Closes #39541
See merge request gitlab-org/gitlab-ce!15241
|
|\
| |
| |
| |
| |
| |
| |
| |
| | |
* 10-1-stable:
Update VERSION to 10.1.2
Update CHANGELOG.md for 10.1.2
Merge branch 'fix-mysql-grant-check' into 'master'
Merge branch '36099-api-responses-missing-x-content-type-options-header' into '10-1-stable'
Merge branch 'ssrf-protections-round-2' into 'security-10-1'
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix TRIGGER checks for MySQL
Closes #38372
See merge request gitlab-org/gitlab-ce!15226
(cherry picked from commit d45fef88f7f0aa249893f9f151185eac5b9bb870)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
into '10-1-stable'
Include X-Content-Type-Options (XCTO) header into API responses
See merge request gitlab/gitlabhq!2211
(cherry picked from commit 6c818e77f2abeef2dd7b17a269611b018701fa79)
e087e075 Include X-Content-Type-Options (XCTO) header into API responses
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Replace SSRF resolver with Addrinfo.getaddrinfo to include alternative localhost versions
See merge request gitlab/gitlabhq!2219
(cherry picked from commit 4a1e73783d5480aa514db7b53e10c075f95580b5)
1bffa0c3 Replace SSRF resolver with Addrinfo.getaddrinfo to include alternative localhost versions
|
| |
| |
| |
| |
| |
| |
| | |
Fix diff parser so it tolerates to diff special markers in the content
Closes #34431
See merge request gitlab-org/gitlab-ce!14848
|
|/
|
|
|
| |
Fix the incorrect value being used to set GL_USERNAME on hooks
See merge request gitlab-org/gitlab-ce!15038
|
|
|
|
|
|
|
| |
Normalize LDAP DN when looking up identity
Closes #39559
See merge request gitlab-org/gitlab-ce!15103
|
|
|
|
|
|
|
| |
Fix missing issue assignees
Closes #39170
See merge request gitlab-org/gitlab-ce!15109
|
|
|
|
|
|
|
| |
Remove "boards" from TOP_LEVEL_ROUTES
Closes #39073
See merge request gitlab-org/gitlab-ce!14861
|
|
|
|
|
|
|
|
| |
Circuitbreaker backoff and retries
Closes #37383 and #38231
See merge request gitlab-org/gitlab-ce!14933
|
|
|
|
|
|
| |
Make the circuitbreaker configurable at runtime
See merge request gitlab-org/gitlab-ce!14842
|
|
|
|
|
| |
Avoid using `Redis#keys`
See merge request gitlab-org/gitlab-ce!14889
|
|
|
|
|
|
|
|
|
|
|
| |
Add path attribute to WikiFile class
Closes #39420
See merge request gitlab-org/gitlab-ce!15019
(cherry picked from commit 98c57e9a9f73409a912189064a7adf0431768b3a)
76becfb5 Add path attribute to WikiFile class
|
|
|
|
|
|
|
|
|
|
|
| |
Fix bitbucket login
Closes #39495
See merge request gitlab-org/gitlab-ce!15051
(cherry picked from commit a1aa4f00c27afdd3faf5a551b24bfe1555533a4d)
7d8eb4dd Fix bitbucket login
|
|
|
|
|
|
|
|
|
|
|
| |
Remove Sherlock usage from the performance bar
Closes #39351
See merge request gitlab-org/gitlab-ce!15000
(cherry picked from commit 057c81b168c2aea0b4277ec748ce59c195032eaf)
189b5c3c Remove Sherlock usage from the performance bar
|
|
|
|
|
|
|
|
|
|
|
| |
Avoind unnecesary `force_encoding` operations
Closes #39227
See merge request gitlab-org/gitlab-ce!12167
(cherry picked from commit 371eb62bc90a70f4a578303215e1d4dfc430ddbb)
520866a0 Avoind unnecesary `force_encoding` operations
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
'39181-gitlab-backgroundmigration-deserializemergerequestdiffsandcommits-error-nomethoderror-undefined-method-map-for-nil-nilclass' into 'master'
Resolve "Gitlab::BackgroundMigration::DeserializeMergeRequestDiffsAndCommits::Error: #<NoMethodError: undefined method `map' for nil:NilClass"
Closes #39181
See merge request gitlab-org/gitlab-ce!14907
(cherry picked from commit 526c47618e446bfec776b6e17462298f17fb24ee)
9245bfc2 Handle null serialised commits in background migration
|
|
|
|
|
|
|
|
|
|
| |
Popen with a timeout
See merge request gitlab-org/gitlab-ce!14872
(cherry picked from commit 8aa6e7ef030a9e7522c533c7e177a618f37265ec)
b88e8aae Popen with a timeout
f09a7b3c Linter fixes
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
'fix/sm/38960-collect-usage-pings-gcp-cluster-enabled-and-gcp-cluster-disabled-instead-of-gcp-cluster-count' into 'master'
Collect usage pings `Gcp::Cluster.enabled` and `Gcp::Cluster.disabled`, instead of `Gcp::Cluster.count`
Closes #38960
See merge request gitlab-org/gitlab-ce!14807
(cherry picked from commit 076231798dd9716479d8eef118678eeb7c2c7b11)
a6b2387d Collect usage pings `Gcp::Cluster.enabled` and `Gcp::Cluster.disabled`, instead…
|
|
|
|
|
|
| |
[10.0] Prevent a persistent XSS in user-provided markup
See merge request gitlab/gitlabhq!2199
|
|
|
|
|
| |
Cache issuable template names
See merge request gitlab-org/gitlab-ce!14823
|
|
|
|
|
|
|
| |
Make "merge ongoing" check more consistent
Closes #39032
See merge request gitlab-org/gitlab-ce!14825
|
|
|
|
|
|
|
| |
Add project fields to import project by url
Closes #39028
See merge request gitlab-org/gitlab-ce!14822
|
|
|
|
|
|
|
| |
Simplify project page
Closes #37399 and #38839
See merge request gitlab-org/gitlab-ce!14669
|
|
|
|
|
|
|
| |
fix the import :milestone from adding the group_id
Closes #35580
See merge request gitlab-org/gitlab-ce!14657
|
|
|
|
|
|
|
|
|
| |
'fix/sm/move-callback-route-google_api-auth-callback-for-oauth-under' into 'master'
Move callback route(`google_api/auth/callback`) for Oauth under `-`
Closes #38911
See merge request gitlab-org/gitlab-ce!14802
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| | |
'master'
Fix error with GPG signature updater when commit was deleted
Closes #38890
See merge request gitlab-org/gitlab-ce!14749
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
I first attempted to extract logic from the code that normalizes DNs, but I was unsuccessful. This is a hack but it works.
|
| |
| |
| |
| | |
Especially from the last attribute value.
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
Disabling some for now since this is based on `Net::LDAP::DN`.
|