summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* Add latest changes from gitlab-org/security/gitlab@12-8-stable-eeGitLab Bot2020-03-261-1/+1
|
* Add latest changes from gitlab-org/security/gitlab@12-8-stable-eeGitLab Bot2020-03-253-0/+58
|
* Add latest changes from gitlab-org/security/gitlab@12-8-stable-eeGitLab Bot2020-03-241-1/+8
|
* Add latest changes from gitlab-org/security/gitlab@12-8-stable-eeGitLab Bot2020-03-245-1/+19
|
* Add latest changes from gitlab-org/gitlab@12-8-stable-eeGitLab Bot2020-03-162-10/+25
|
* Add latest changes from gitlab-org/gitlab@12-8-stable-eeGitLab Bot2020-03-053-3/+5
|
* Add latest changes from gitlab-org/security/gitlab@12-8-stable-eeGitLab Bot2020-02-285-3/+66
|
* Add latest changes from gitlab-org/security/gitlab@12-8-stable-eeGitLab Bot2020-02-282-0/+42
|
* Add latest changes from gitlab-org/gitlab@12-8-stable-eeGitLab Bot2020-02-241-1/+2
|
* Add latest changes from gitlab-org/gitlab@12-8-stable-eeGitLab Bot2020-02-20473-3424/+8291
|
* Add latest changes from gitlab-org/security/gitlab@12-7-stable-eeGitLab Bot2020-02-122-6/+48
|
* Add latest changes from gitlab-org/gitlab@12-7-stable-eeGitLab Bot2020-01-311-8/+3
|
* Add latest changes from gitlab-org/security/gitlab@12-7-stable-eeGitLab Bot2020-01-282-2/+11
|
* Add latest changes from gitlab-org/security/gitlab@12-7-stable-eeGitLab Bot2020-01-282-11/+2
|
* Add latest changes from gitlab-org/security/gitlab@12-7-stable-eeGitLab Bot2020-01-285-32/+73
|
* Add latest changes from gitlab-org/security/gitlab@12-7-stable-eeGitLab Bot2020-01-288-6/+60
|
* Add latest changes from gitlab-org/gitlab@12-7-stable-eeGitLab Bot2020-01-243-2/+14
|
* Add latest changes from gitlab-org/gitlab@12-7-stable-eeGitLab Bot2020-01-21244-1359/+4359
|
* Add latest changes from gitlab-org/security/gitlab@12-6-stable-eeGitLab Bot2020-01-101-2/+2
|
* Add latest changes from gitlab-org/gitlab@12-6-stable-eeGitLab Bot2020-01-097-62/+38
|
* Add latest changes from gitlab-org/gitlab@12-6-stable-eeGitLab Bot2020-01-031-0/+6
|
* Add latest changes from gitlab-org/security/gitlab@12-6-stable-eeGitLab Bot2019-12-312-4/+14
|
* Add latest changes from gitlab-org/gitlab@12-6-stable-eeGitLab Bot2019-12-271-1/+7
|
* Add latest changes from gitlab-org/gitlab@12-6-stable-eeGitLab Bot2019-12-20227-1215/+3675
|
* Add latest changes from gitlab-org/gitlab@12-5-stable-eeGitLab Bot2019-12-035-12/+38
|
* Merge branch 'security-dos-issue-and-commit-comments-12-5' into '12-5-stable'GitLab Release Tools Bot2019-11-261-1/+1
|\ | | | | | | | | Fix invalid byte sequence See merge request gitlab/gitlabhq!3547
| * Fix invalid byte sequencePatrick Derichs2019-11-221-1/+1
| |
* | Merge branch 'security-ag-cycle-analytics-guest-permissions-12-5' into ↵GitLab Release Tools Bot2019-11-261-3/+19
|\ \ | | | | | | | | | | | | | | | | | | '12-5-stable' Prevent guests from seeing commits for cycle analytics See merge request gitlab/gitlabhq!3534
| * | Prevent guests from seeing commits for cycle analyticsAakriti Gupta2019-11-201-3/+19
| |/ | | | | | | | | - if the user has access level lower than REPORTER, don't include commit count in summary
* | Merge branch 'security-dns-rebind-ssrf-in-slack-notifications-12-5-ce' into ↵GitLab Release Tools Bot2019-11-261-1/+0
|\ \ | | | | | | | | | | | | | | | | | | '12-5-stable' Use Gitlab::HTTP for all chat notifications See merge request gitlab/gitlabhq!3544
| * | Use Gitlab::HTTP for all chat notificationsHordur Freyr Yngvason2019-11-211-1/+0
| |/
* | Merge branch 'security-fix-xss-in-label-namespace-12-5' into '12-5-stable'GitLab Release Tools Bot2019-11-261-1/+1
|\ \ | | | | | | | | | | | | Escape namespace in label references See merge request gitlab/gitlabhq!3550
| * | Escape namespace in label referencesHeinrich Lee Yu2019-11-251-1/+1
| |/ | | | | | | | | | | | | When referencing cross-namespace labels, we append the namespace name to the rendered label. This MR escapes the name to prevent XSS attacks.
* | Merge branch 'security-28802-respect-fork-parent-visibility-12-5' into ↵GitLab Release Tools Bot2019-11-261-1/+3
|\ \ | | | | | | | | | | | | | | | | | | '12-5-stable' Check permissions before showing a forked project's source See merge request gitlab/gitlabhq!3555
| * | Check permissions before showing a forked project's sourceNick Thomas2019-11-251-1/+3
| |/
* | Ensure attributes that end in `_ids` are cleanedDJ Mountney2019-11-261-1/+1
|/ | | | | This prevents an issue where you can steal other projects objects by asking for ids that don't belong to you in import.
* Add latest changes from gitlab-org/gitlab@12-5-stable-eeGitLab Bot2019-11-19237-1446/+4050
|
* Add latest changes from gitlab-org/gitlab@12-4-stable-eeGitLab Bot2019-11-045-10/+16
|
* Merge branch 'security-wiki-rdoc-content-12-4-ce' into '12-4-stable'GitLab Release Tools Bot2019-10-241-1/+1
|\ | | | | | | | | Pass all wiki markup formats through our Banzai pipeline filters See merge request gitlab/gitlabhq!3485
| * Pass all wiki markup formats through pipelinesLuke Duncalfe2019-10-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, when the wiki page format was anything other than `markdown` or `asciidoc` the formatted content would be returned though a Gitaly call. Gitaly in turn would delegate formatting to the gitlab-gollum-lib gem, which in turn would delegate that to various gems (like RDoc for `rdoc`) and then apply some very liberal sanitization. It was too liberal! This change brings our wiki content formatting in line with how we format other markdown at GitLab, so we have a SSOT for sanitization. https://gitlab.com/gitlab-org/gitlab/issues/30540
* | Merge branch ↵GitLab Release Tools Bot2019-10-241-1/+1
|\ \ | | | | | | | | | | | | | | | | | | 'security-2914-labels-visible-despite-no-access-to-issues-repositories-12-4' into '12-4-stable' Labels visible despite no access to issues & repositories See merge request gitlab/gitlabhq!3489
| * | Fix labels finder to filter issuablesEugenia Grieff2019-10-221-1/+1
| |/ | | | | | | Use project scopes to filter project labels that are visible for user
* | Allow tests to ignore recursioncharlieablett2019-10-231-1/+5
| |
* | Check for recursion and fail if too recursivecharlieablett2019-10-231-0/+58
|/ | | | | | | | | | - List all overly-recursive fields - Reduce recursion threshold to 2 - Add test for not-recursive-enough query - Use reusable methods in tests - Add changelog - Set changeable acceptable recursion level - Add error check test helpers
* Add latest changes from gitlab-org/gitlab@12-4-stable-eeGitLab Bot2019-10-22275-1520/+5495
|
* Merge branch 'security-sarcila-verify-saml-request-origin-12-3' into ↵GitLab Release Tools Bot2019-09-264-2/+97
|\ | | | | | | | | | | | | '12-3-stable' Check that SAML identity linking validates the origin of the request See merge request gitlab/gitlabhq!3396
| * Validate that SAML requests are originated from gitlabSebastian Arcila Valenzuela2019-09-204-2/+97
| | | | | | | | | | | | | | | | If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509
* | Filter not accessible label eventsJan Provaznik2019-09-241-3/+5
|/ | | | | | Label events may use cross-project or cross-group references, if the projects are not accessible by user, we don't show these label events.
* Add latest changes from gitlab-org/gitlab@12-3-stableGitLab Bot2019-09-2046-804/+206
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-09-207-84/+157
|
View Lorry Controller Status