Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add latest changes from gitlab-org/security/gitlab@12-8-stable-ee | GitLab Bot | 2020-03-26 | 1 | -1/+1 |
| | |||||
* | Add latest changes from gitlab-org/security/gitlab@12-8-stable-ee | GitLab Bot | 2020-03-25 | 3 | -0/+58 |
| | |||||
* | Add latest changes from gitlab-org/security/gitlab@12-8-stable-ee | GitLab Bot | 2020-03-24 | 1 | -1/+8 |
| | |||||
* | Add latest changes from gitlab-org/security/gitlab@12-8-stable-ee | GitLab Bot | 2020-03-24 | 5 | -1/+19 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@12-8-stable-ee | GitLab Bot | 2020-03-16 | 2 | -10/+25 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@12-8-stable-ee | GitLab Bot | 2020-03-05 | 3 | -3/+5 |
| | |||||
* | Add latest changes from gitlab-org/security/gitlab@12-8-stable-ee | GitLab Bot | 2020-02-28 | 5 | -3/+66 |
| | |||||
* | Add latest changes from gitlab-org/security/gitlab@12-8-stable-ee | GitLab Bot | 2020-02-28 | 2 | -0/+42 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@12-8-stable-ee | GitLab Bot | 2020-02-24 | 1 | -1/+2 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@12-8-stable-ee | GitLab Bot | 2020-02-20 | 473 | -3424/+8291 |
| | |||||
* | Add latest changes from gitlab-org/security/gitlab@12-7-stable-ee | GitLab Bot | 2020-02-12 | 2 | -6/+48 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@12-7-stable-ee | GitLab Bot | 2020-01-31 | 1 | -8/+3 |
| | |||||
* | Add latest changes from gitlab-org/security/gitlab@12-7-stable-ee | GitLab Bot | 2020-01-28 | 2 | -2/+11 |
| | |||||
* | Add latest changes from gitlab-org/security/gitlab@12-7-stable-ee | GitLab Bot | 2020-01-28 | 2 | -11/+2 |
| | |||||
* | Add latest changes from gitlab-org/security/gitlab@12-7-stable-ee | GitLab Bot | 2020-01-28 | 5 | -32/+73 |
| | |||||
* | Add latest changes from gitlab-org/security/gitlab@12-7-stable-ee | GitLab Bot | 2020-01-28 | 8 | -6/+60 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@12-7-stable-ee | GitLab Bot | 2020-01-24 | 3 | -2/+14 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@12-7-stable-ee | GitLab Bot | 2020-01-21 | 244 | -1359/+4359 |
| | |||||
* | Add latest changes from gitlab-org/security/gitlab@12-6-stable-ee | GitLab Bot | 2020-01-10 | 1 | -2/+2 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@12-6-stable-ee | GitLab Bot | 2020-01-09 | 7 | -62/+38 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@12-6-stable-ee | GitLab Bot | 2020-01-03 | 1 | -0/+6 |
| | |||||
* | Add latest changes from gitlab-org/security/gitlab@12-6-stable-ee | GitLab Bot | 2019-12-31 | 2 | -4/+14 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@12-6-stable-ee | GitLab Bot | 2019-12-27 | 1 | -1/+7 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@12-6-stable-ee | GitLab Bot | 2019-12-20 | 227 | -1215/+3675 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | 2019-12-03 | 5 | -12/+38 |
| | |||||
* | Merge branch 'security-dos-issue-and-commit-comments-12-5' into '12-5-stable' | GitLab Release Tools Bot | 2019-11-26 | 1 | -1/+1 |
|\ | | | | | | | | | Fix invalid byte sequence See merge request gitlab/gitlabhq!3547 | ||||
| * | Fix invalid byte sequence | Patrick Derichs | 2019-11-22 | 1 | -1/+1 |
| | | |||||
* | | Merge branch 'security-ag-cycle-analytics-guest-permissions-12-5' into ↵ | GitLab Release Tools Bot | 2019-11-26 | 1 | -3/+19 |
|\ \ | | | | | | | | | | | | | | | | | | | '12-5-stable' Prevent guests from seeing commits for cycle analytics See merge request gitlab/gitlabhq!3534 | ||||
| * | | Prevent guests from seeing commits for cycle analytics | Aakriti Gupta | 2019-11-20 | 1 | -3/+19 |
| |/ | | | | | | | | | - if the user has access level lower than REPORTER, don't include commit count in summary | ||||
* | | Merge branch 'security-dns-rebind-ssrf-in-slack-notifications-12-5-ce' into ↵ | GitLab Release Tools Bot | 2019-11-26 | 1 | -1/+0 |
|\ \ | | | | | | | | | | | | | | | | | | | '12-5-stable' Use Gitlab::HTTP for all chat notifications See merge request gitlab/gitlabhq!3544 | ||||
| * | | Use Gitlab::HTTP for all chat notifications | Hordur Freyr Yngvason | 2019-11-21 | 1 | -1/+0 |
| |/ | |||||
* | | Merge branch 'security-fix-xss-in-label-namespace-12-5' into '12-5-stable' | GitLab Release Tools Bot | 2019-11-26 | 1 | -1/+1 |
|\ \ | | | | | | | | | | | | | Escape namespace in label references See merge request gitlab/gitlabhq!3550 | ||||
| * | | Escape namespace in label references | Heinrich Lee Yu | 2019-11-25 | 1 | -1/+1 |
| |/ | | | | | | | | | | | | | When referencing cross-namespace labels, we append the namespace name to the rendered label. This MR escapes the name to prevent XSS attacks. | ||||
* | | Merge branch 'security-28802-respect-fork-parent-visibility-12-5' into ↵ | GitLab Release Tools Bot | 2019-11-26 | 1 | -1/+3 |
|\ \ | | | | | | | | | | | | | | | | | | | '12-5-stable' Check permissions before showing a forked project's source See merge request gitlab/gitlabhq!3555 | ||||
| * | | Check permissions before showing a forked project's source | Nick Thomas | 2019-11-25 | 1 | -1/+3 |
| |/ | |||||
* | | Ensure attributes that end in `_ids` are cleaned | DJ Mountney | 2019-11-26 | 1 | -1/+1 |
|/ | | | | | This prevents an issue where you can steal other projects objects by asking for ids that don't belong to you in import. | ||||
* | Add latest changes from gitlab-org/gitlab@12-5-stable-ee | GitLab Bot | 2019-11-19 | 237 | -1446/+4050 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@12-4-stable-ee | GitLab Bot | 2019-11-04 | 5 | -10/+16 |
| | |||||
* | Merge branch 'security-wiki-rdoc-content-12-4-ce' into '12-4-stable' | GitLab Release Tools Bot | 2019-10-24 | 1 | -1/+1 |
|\ | | | | | | | | | Pass all wiki markup formats through our Banzai pipeline filters See merge request gitlab/gitlabhq!3485 | ||||
| * | Pass all wiki markup formats through pipelines | Luke Duncalfe | 2019-10-23 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, when the wiki page format was anything other than `markdown` or `asciidoc` the formatted content would be returned though a Gitaly call. Gitaly in turn would delegate formatting to the gitlab-gollum-lib gem, which in turn would delegate that to various gems (like RDoc for `rdoc`) and then apply some very liberal sanitization. It was too liberal! This change brings our wiki content formatting in line with how we format other markdown at GitLab, so we have a SSOT for sanitization. https://gitlab.com/gitlab-org/gitlab/issues/30540 | ||||
* | | Merge branch ↵ | GitLab Release Tools Bot | 2019-10-24 | 1 | -1/+1 |
|\ \ | | | | | | | | | | | | | | | | | | | 'security-2914-labels-visible-despite-no-access-to-issues-repositories-12-4' into '12-4-stable' Labels visible despite no access to issues & repositories See merge request gitlab/gitlabhq!3489 | ||||
| * | | Fix labels finder to filter issuables | Eugenia Grieff | 2019-10-22 | 1 | -1/+1 |
| |/ | | | | | | | Use project scopes to filter project labels that are visible for user | ||||
* | | Allow tests to ignore recursion | charlieablett | 2019-10-23 | 1 | -1/+5 |
| | | |||||
* | | Check for recursion and fail if too recursive | charlieablett | 2019-10-23 | 1 | -0/+58 |
|/ | | | | | | | | | | - List all overly-recursive fields - Reduce recursion threshold to 2 - Add test for not-recursive-enough query - Use reusable methods in tests - Add changelog - Set changeable acceptable recursion level - Add error check test helpers | ||||
* | Add latest changes from gitlab-org/gitlab@12-4-stable-ee | GitLab Bot | 2019-10-22 | 275 | -1520/+5495 |
| | |||||
* | Merge branch 'security-sarcila-verify-saml-request-origin-12-3' into ↵ | GitLab Release Tools Bot | 2019-09-26 | 4 | -2/+97 |
|\ | | | | | | | | | | | | | '12-3-stable' Check that SAML identity linking validates the origin of the request See merge request gitlab/gitlabhq!3396 | ||||
| * | Validate that SAML requests are originated from gitlab | Sebastian Arcila Valenzuela | 2019-09-20 | 4 | -2/+97 |
| | | | | | | | | | | | | | | | | If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509 | ||||
* | | Filter not accessible label events | Jan Provaznik | 2019-09-24 | 1 | -3/+5 |
|/ | | | | | | Label events may use cross-project or cross-group references, if the projects are not accessible by user, we don't show these label events. | ||||
* | Add latest changes from gitlab-org/gitlab@12-3-stable | GitLab Bot | 2019-09-20 | 46 | -804/+206 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | 2019-09-20 | 7 | -84/+157 |
| |