summaryrefslogtreecommitdiff
path: root/lib
Commit message (Expand)AuthorAgeFilesLines
* Handle Stored XSS for Grafana URL in settingsDavid Wilkins2019-10-241-12/+32
* Merge branch 'security-sarcila-verify-saml-request-origin-12-1' into '12-1-st...GitLab Release Tools Bot2019-09-264-2/+97
|\
| * Validate that SAML requests are originated from gitlabSebastian Arcila Valenzuela2019-09-164-2/+97
* | Filter not accessible label eventsJan Provaznik2019-09-241-3/+5
|/
* Avoid exposing unaccessible repo data upon GFM processingOswaldo Ferreira2019-08-261-0/+16
* Add captcha if there are multiple failed login attemptsMałgorzata Ksionek2019-08-264-1/+50
* Merge branch 'security-12-1-enable-image-proxy' into '12-1-stable'GitLab Release Tools Bot2019-08-2611-7/+140
|\
| * Add support for using a Camo proxy serverBrett Walker2019-08-1511-7/+140
* | Merge branch 'security-61974-limit-issue-comment-size-12-1' into '12-1-stable'GitLab Release Tools Bot2019-08-262-1/+5
|\ \
| * | Limit the size of issuable description and commentsAlexandru Croitor2019-08-222-1/+5
* | | Merge branch 'security-epic-notes-api-reveals-historical-info-ce-12-1' into '...GitLab Release Tools Bot2019-08-263-6/+10
|\ \ \
| * | | Filter out old system notes for epicsPatrick Derichs2019-08-093-6/+10
| |/ /
* | | Merge branch 'security-fix_jira_ssrf_vulnerability-12-1' into '12-1-stable'GitLab Release Tools Bot2019-08-261-0/+66
|\ \ \
| * | | Fix DNS rebind vulnerability for JIRA integrationFelipe Artur2019-08-081-0/+66
| |/ /
* | | Merge branch 'security-project-import-bypass-12-1' into '12-1-stable'GitLab Release Tools Bot2019-08-261-0/+88
|\ \ \
| * | | Fix project import restricted visibility bypassGeorge Koltsov2019-08-151-0/+88
| |/ /
* | | Merge branch 'security-add-job-activity-limit-ce-12-1' into '12-1-stable'GitLab Release Tools Bot2019-08-261-0/+21
|\ \ \
| * | | Add active_jobs_limit to plans tableFabio Pitino2019-08-201-0/+21
| |/ /
* | | Merge branch 'security-personal-snippets-12-1' into '12-1-stable'GitLab Release Tools Bot2019-08-262-4/+9
|\ \ \
| * | | Add direct upload support for personal snippetsJan Provaznik2019-08-232-4/+9
| |/ /
* | | Re-escape whole HTML content instead of only matchJan Provaznik2019-08-234-13/+35
|/ /
* | Merge branch 'leipert-improve-ansi2html' into 'master'Fatih Acet2019-08-051-10/+17
* | Merge branch 'patch-72' into 'master'Thong Kuah2019-08-051-0/+1
* | Merge branch 'osw-avoid-errors-due-to-concurrent-calls' into 'master'12-1-stable-patch-4Douwe Maan2019-08-051-2/+3
|/
* Merge branch 'sh-fix-gitaly-access-control' into 'master'Douglas Barbosa Alexandre2019-07-301-1/+1
* Merge branch 'dm-submodule-links-nil' into 'master'Nick Thomas2019-07-301-3/+8
* Merge branch 'sh-support-docker-oci-images' into 'master'Dmitriy Zaporozhets2019-07-301-3/+6
* Merge branch '65019-job-templates-dind-tls-fix' into 'master'Thong Kuah2019-07-305-0/+7
* Merge branch '65019-auto-devops-dind-tls-fix' into 'master'Thong Kuah2019-07-301-0/+2
* Merge branch 'alhashash1-12-1-stable-patch-67177' into 'master'Stan Hu2019-07-301-4/+11
* Merge branch 'optimise-import-performance' into 'master'Stan Hu2019-07-304-4/+4
* Merge branch 'security-dns-ssrf-bypass-12-1' into '12-1-stable'GitLab Release Tools Bot2019-07-241-2/+11
|\
| * Fix Server Side Request Forgery mitigation bypassFrancisco Javier López2019-07-151-2/+11
* | Merge branch 'security-60143-patch-additional-xss-issue-12.1' into '12-1-stable'GitLab Release Tools Bot2019-07-246-50/+79
|\ \
| * | Extract SanitizeNodeLink and apply to WikiLinkFilterKerri Miller2019-07-166-50/+79
| |/
* | Merge branch 'security-github-ssrf-redirect-12-1' into '12-1-stable'GitLab Release Tools Bot2019-07-243-3/+26
|\ \
| * | Do not allow localhost url redirection in GitHub Integrationmanojmj2019-07-093-3/+26
* | | Merge branch 'security-remove-take-trigger-ownership-feature-12-1' into '12-1...GitLab Release Tools Bot2019-07-241-21/+0
|\ \ \
| * | | Drop feature to take ownership of a trigger tokenFabio Pitino2019-07-101-21/+0
| |/ /
* | | Merge branch 'sh-fix-gitaly-server-info-cache' into 'master'Mayra Cabrera2019-07-191-1/+1
* | | Merge branch 'ci_default_git_depth_only' into 'master'Douglas Barbosa Alexandre2019-07-181-0/+1
* | | Refactor RedisCounter and WebIdeCommitsCounterFrancisco Javier López2019-07-175-21/+25
* | | Merge branch 'jc-wrap-rugged-calls-with-disk-access' into 'master'Stan Hu2019-07-176-19/+24
|\ \ \
| * | | Wrap rugged calls with access disk blockjc-wrap-rugged-calls-with-disk-accessJohn Cai2019-07-166-19/+24
* | | | Merge branch 'issue-64645-asciidoctor-footnote-links' into 'master'Nick Thomas2019-07-171-5/+28
|\ \ \ \
| * | | | Preserve footnote link idsGuillaume Grossetie2019-07-171-5/+28
* | | | | Added submodule links to Submodule type in GraphQL APIIgor2019-07-173-3/+79
* | | | | Fix wrong pages access level defaultVladimir Shushlin2019-07-171-0/+128
* | | | | CE port of "Move external authorization service API management to EE"Imre Farkas2019-07-173-4/+6
* | | | | Fetch latest link in the description for zoom link, add more tests and remove...Rajendra kadam2019-07-171-0/+21