summaryrefslogtreecommitdiff
path: root/spec
Commit message (Expand)AuthorAgeFilesLines
* Merge branch 'security-55503-fix-pdf-js-11-7' into '11-7-stable'Yorick Peterse2019-03-262-3/+3
|\
| * Updated PDF.js to 2.0.943Natalia Tepluhina2019-03-202-3/+3
* | Merge branch 'security-mass-assignment-on-project-update-11-7' into '11-7-sta...Yorick Peterse2019-03-261-0/+17
|\ \
| * | Refactor specs according to the code reviewMałgorzata Ksionek2019-03-261-1/+1
| * | Add cr remarksMałgorzata Ksionek2019-03-251-1/+1
| * | Disallow changing namespace of a project in update methodMałgorzata Ksionek2019-03-211-0/+17
* | | Merge branch 'security-milestone-labels-11-7' into '11-7-stable'GitLab Release Tools Bot2019-03-261-0/+86
|\ \ \
| * | | Check if labels are available for target issuableJarka Košanová2019-03-251-0/+86
| | |/ | |/|
* | | Merge branch 'security-use-untrusted-regexp-11-7' into '11-7-stable'GitLab Release Tools Bot2019-03-267-47/+121
|\ \ \
| * | | Make CI refs matching to to use UntrustedRegexpKamil Trzciński2019-03-157-47/+121
* | | | Merge branch 'security-exif-migration-11-7' into '11-7-stable'GitLab Release Tools Bot2019-03-261-0/+120
|\ \ \ \
| * | | | Rake task for removing exif from uploadsJan Provaznik2019-03-251-0/+120
| |/ / /
* | | | Merge branch 'security-2819-xss-resolve-conflicts-branch-name-11-7' into '11-...GitLab Release Tools Bot2019-03-261-0/+15
|\ \ \ \
| * | | | Fix XSS in resolve conflicts formPaul Slaughter2019-03-041-0/+15
| |/ / /
* | | | Merge branch 'security-56224-11-7' into '11-7-stable'GitLab Release Tools Bot2019-03-261-1/+35
|\ \ \ \
| * | | | Hide related branches when user does not have permissionMark Chao2019-03-201-1/+35
| | |/ / | |/| |
* | | | Disallow guest users from accessing ReleasesShinya Maeda2019-03-262-2/+40
|/ / /
* | | Only return `commands_changes` used in frontendHeinrich Lee Yu2019-03-181-0/+31
|/ /
* | Secure vulerability and add specsMałgorzata Ksionek2019-02-282-10/+62
|/
* Display only informaton visible to current userJarka Košanová2019-02-271-2/+93
* Display the correct number of MRs a user has access toIgor Drozdov2019-02-271-199/+309
* Merge branch 'security-2818_filter_impersonated_sessions-11-7' into '11-7-sta...Yorick Peterse2019-02-272-27/+26
|\
| * Remove ability to revoke active sessionImre Farkas2019-02-271-27/+0
| * Filter active sessions belonging to an admin impersonating the userImre Farkas2019-02-272-1/+27
* | Merge branch 'security-id-restricted-access-to-private-repo-11-7' into '11-7-...Yorick Peterse2019-02-273-49/+129
|\ \
| * | Forbid creating discussions for users with restricted accessIgor Drozdov2019-02-073-49/+129
| |/
* | Merge branch '11-7-security-2773-milestones-fix' into '11-7-stable'Yorick Peterse2019-02-2713-68/+158
|\ \
| * | Check issue milestone availabilityJarka Košanová2019-02-1313-68/+158
| |/
* | Merge branch 'security-tags-oracle-11-7' into '11-7-stable'Yorick Peterse2019-02-271-0/+16
|\ \
| * | Prevent Releases links API to leak tag existanceAlessio Caiazza2019-02-131-0/+16
| |/
* | Merge branch 'security-2798-fix-boards-policy-11-7' into '11-7-stable'Yorick Peterse2019-02-271-8/+12
|\ \
| * | Disable board policies when issues are disabledHeinrich Lee Yu2019-02-141-8/+12
| |/
* | Merge branch '11-7-security-2797-milestone-mrs' into '11-7-stable'Yorick Peterse2019-02-271-1/+46
|\ \
| * | Show only MRs visible to user on milestone detailJarka Košanová2019-02-141-1/+46
| |/
* | Merge branch 'security-commit-private-related-mr-11-7' into '11-7-stable'Yorick Peterse2019-02-272-3/+38
|\ \
| * | Don't allow non-members to see private related MRsPatrick Bajao2019-02-152-3/+38
| |/
* | Merge branch 'security-kubernetes-google-login-csrf-11-7' into '11-7-stable'Yorick Peterse2019-02-271-19/+41
|\ \
| * | Validate session key when authorizing with GCP to create a clusterTiger2019-02-191-19/+41
| |/
* | Merge branch 'security-50334-11-7' into '11-7-stable'Yorick Peterse2019-02-272-64/+74
|\ \
| * | Fix git clone revealing private repo's presenceMark Chao2019-02-192-64/+74
| |/
* | Merge branch 'security-56348-11-7' into '11-7-stable'Yorick Peterse2019-02-273-2/+47
|\ \
| * | Check snippet attached file to be moved is within designated directoryMark Chao2019-02-213-2/+47
| |/
* | Check validity of prometheus_service before queryReuben Pereira2019-02-271-18/+43
* | Merge branch 'security-protect-private-repo-information-11-7' into '11-7-stable'Yorick Peterse2019-02-271-2/+57
|\ \
| * | Prevent leaking of private repo data through APILuke Duncalfe2019-02-201-2/+57
| |/
* | Arbitrary file read via MergeRequestDiffFrancisco Javier López2019-02-275-3/+75
* | Merge branch '11-7-security-2799-emails' into '11-7-stable'Yorick Peterse2019-02-271-13/+43
|\ \
| * | Remove link after issue move when no permissionsJarka Košanová2019-02-201-13/+43
| |/
* | Merge branch 'security-kubernetes-local-ssrf-11-7' into '11-7-stable'Yorick Peterse2019-02-272-0/+46
|\ \
| * | Do not allow local urls in Kubernetes formThong Kuah2019-02-212-0/+46
| |/