summaryrefslogtreecommitdiff
path: root/spec
Commit message (Expand)AuthorAgeFilesLines
* Merge dev master into GitLab.com masterYorick Peterse2019-03-0457-301/+1096
|\
| * Merge branch 'security-2773-milestones-fix' into 'master'Yorick Peterse2019-03-0413-68/+158
| |\
| | * Check issue milestone availabilityJarka Košanová2019-02-1413-68/+158
| * | Merge branch 'security-commit-private-related-mr' into 'master'Yorick Peterse2019-03-042-3/+38
| |\ \
| | * | Modify MergeRequestsFinder to allow filtering by commitPatrick Bajao2019-01-281-1/+25
| | * | Respond with 403 when non-member requests for private MRsPatrick Bajao2019-01-281-2/+13
| * | | Forbid creating discussions for users with restricted accessIgor Drozdov2019-03-043-49/+129
| * | | Merge branch 'security-protect-private-repo-information' into 'master'Yorick Peterse2019-03-041-2/+57
| |\ \ \
| | * | | Prevent leaking of private repo data through APILuke Duncalfe2019-02-181-2/+57
| * | | | Merge branch 'security-tags-oracle' into 'master'Yorick Peterse2019-03-041-0/+16
| |\ \ \ \
| | * | | | Prevent Releases links API to leak tag existanceAlessio Caiazza2019-02-081-0/+16
| * | | | | Merge branch 'security-2798-fix-boards-policy' into 'master'Yorick Peterse2019-03-041-8/+12
| |\ \ \ \ \
| | * | | | | Disable board policies when issues are disabledHeinrich Lee Yu2019-02-111-8/+12
| * | | | | | Merge branch 'security-2797-milestone-mrs' into 'master'Yorick Peterse2019-03-041-1/+46
| |\ \ \ \ \ \
| | * | | | | | Show only MRs visible to user on milestone detailJarka Košanová2019-02-141-1/+46
| | | |_|_|_|/ | | |/| | | |
| * | | | | | Merge branch 'security-shared-project-private-group' into 'master'Yorick Peterse2019-03-042-10/+62
| |\ \ \ \ \ \
| | * | | | | | Secure vulerability and add specsMałgorzata Ksionek2019-02-283-10/+64
| * | | | | | | Merge branch '2802-security-add-public-internal-groups-as-members-to-your-pro...Yorick Peterse2019-03-046-0/+62
| |\ \ \ \ \ \ \
| | * | | | | | | Change policy regarding group visibilityMałgorzata Ksionek2019-02-206-0/+62
| * | | | | | | | Merge branch 'security-kubernetes-local-ssrf' into 'master'Yorick Peterse2019-03-042-0/+46
| |\ \ \ \ \ \ \ \
| | * | | | | | | | Do not allow local urls in Kubernetes formThong Kuah2019-02-212-0/+46
| | | |_|/ / / / / | | |/| | | | | |
| * | | | | | | | Merge branch 'security-kubernetes-google-login-csrf' into 'master'Yorick Peterse2019-03-041-19/+41
| |\ \ \ \ \ \ \ \
| | * | | | | | | | Validate session key when authorizing with GCP to create a clusterTiger2019-02-191-19/+41
| * | | | | | | | | Merge branch 'security-56348' into 'master'Yorick Peterse2019-03-043-2/+47
| |\ \ \ \ \ \ \ \ \
| | * | | | | | | | | Check snippet attached file to be moved is within designated directoryMark Chao2019-02-213-0/+46
| | * | | | | | | | | Align spec with actual usageMark Chao2019-02-131-2/+1
| | |/ / / / / / / /
| * | | | | | | | | Check validity of prometheus_service before queryReuben Pereira2019-03-041-18/+43
| * | | | | | | | | Merge branch 'security-2799-emails' into 'master'Yorick Peterse2019-03-041-13/+43
| |\ \ \ \ \ \ \ \ \
| | * | | | | | | | | Remove link after issue move when no permissionsJarka Košanová2019-02-201-13/+43
| | | |/ / / / / / / | | |/| | | | | | |
| * | | | | | | | | Merge branch 'security-osw-stop-linking-to-packages' into 'master'Yorick Peterse2019-03-048-19/+72
| |\ \ \ \ \ \ \ \ \
| | * | | | | | | | | Stop linking to unrecognized package sourcesOswaldo Ferreira2019-02-218-19/+72
| | |/ / / / / / / /
| * | | | | | | | | Merge branch 'security-50334' into 'master'Yorick Peterse2019-03-042-64/+74
| |\ \ \ \ \ \ \ \ \
| | * | | | | | | | | Fix git clone revealing private repo's presenceMark Chao2019-02-192-64/+74
| * | | | | | | | | | Arbitrary file read via MergeRequestDiffFrancisco Javier López2019-03-045-3/+75
| * | | | | | | | | | Merge branch 'security-issue_54789_2' into 'master'Yorick Peterse2019-03-041-0/+31
| |\ \ \ \ \ \ \ \ \ \
| | * | | | | | | | | | Prevent disclosing project milestone titlesFelipe Artur2019-02-251-0/+31
| * | | | | | | | | | | Merge branch 'security-2818_filter_impersonated_sessions' into 'master'Yorick Peterse2019-03-042-27/+26
| |\ \ \ \ \ \ \ \ \ \ \
| | * | | | | | | | | | | Remove ability to revoke active sessionImre Farkas2019-02-271-27/+0
| | * | | | | | | | | | | Filter active sessions belonging to an admin impersonating the userImre Farkas2019-02-272-1/+27
| | |/ / / / / / / / / /
| * | | | | | | | | | | Merge branch 'ce-security-jej/group-saml-link-origin-verification' into 'master'Yorick Peterse2019-03-042-6/+9
| |\ \ \ \ \ \ \ \ \ \ \ | | |_|_|_|_|_|/ / / / / | |/| | | | | | | | | |
| | * | | | | | | | | | Backport EE GroupSAML origin verification changesJames Edwards-Jones2019-01-232-6/+9
* | | | | | | | | | | | Merge branch '40396-sidekiq-in-process-group' into 'master'Stan Hu2019-03-042-1/+81
|\ \ \ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | | | sidekiq: terminate child processes at shutdownNick Thomas2019-03-042-1/+81
* | | | | | | | | | | | | Fixed mutation for rootNatalia Tepluhina2019-03-043-9/+88
* | | | | | | | | | | | | Fix username escaping when clicking 'assign to me'Ezekiel Kigbo2019-03-041-0/+18
* | | | | | | | | | | | | CE backport of batch-comments-ee-store-modulePhil Hughes2019-03-044-4/+8
* | | | | | | | | | | | | Merge branch 'winh-import_projects_table_spec' into 'master'Fatih Acet2019-03-043-5/+13
|\ \ \ \ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | | | | Use factory method for import_projects storeWinnie Hellmann2019-03-013-5/+13
* | | | | | | | | | | | | | Merge branch 'sh-rugged-find-commit' into 'master'Sean McGivern2019-03-043-2/+33
|\ \ \ \ \ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | | | | | Bring back Rugged implementation of find_commitStan Hu2019-03-013-2/+33
View Lorry Controller Status