summaryrefslogtreecommitdiff
path: root/spec
Commit message (Expand)AuthorAgeFilesLines
* Add latest changes from gitlab-org/gitlab@12-4-stable-eeGitLab Bot2019-12-062-4/+5
* Merge branch 'security-dos-issue-and-commit-comments-12-4' into '12-4-stable'GitLab Release Tools Bot2019-11-261-0/+5
|\
| * Fix invalid byte sequencePatrick Derichs2019-11-221-0/+5
* | Merge branch 'security-dns-rebind-ssrf-in-slack-notifications-12-4-ce' into '...GitLab Release Tools Bot2019-11-266-175/+232
|\ \
| * | Use Gitlab::HTTP for all chat notificationsHordur Freyr Yngvason2019-11-046-175/+232
| |/
* | Merge branch 'security-33712-ce-12-4' into '12-4-stable'GitLab Release Tools Bot2019-11-265-17/+327
|\ \
| * | Add search_helpers changes from security-33712Dylan Griffith2019-11-151-0/+6
| * | Fix group created from other test from pollutingMark Chao2019-11-151-2/+2
| * | Test admin for search accessibilityMark Chao2019-11-152-0/+36
| * | Internalize private project minimum access levelMark Chao2019-11-151-0/+24
| * | Fix scope to handle private guest permissionMark Chao2019-11-151-0/+74
| * | ES: update permission spec tableMark Chao2019-11-152-15/+185
| |/
* | Merge branch 'security-ag-cycle-analytics-guest-permissions-12-4' into '12-4-...GitLab Release Tools Bot2019-11-262-1/+32
|\ \
| * | Prevent guests from seeing commits for cycle analyticsAakriti Gupta2019-11-202-1/+32
| |/
* | Merge branch 'security-filter-related-branches-from-activity-feed-12.4' into ...GitLab Release Tools Bot2019-11-262-0/+101
|\ \
| * | Restrict branches visible to guests in Issue feedKerri Miller2019-11-202-0/+101
| |/
* | Merge branch 'security-2943-encrypt-plaintext-tokens-12-4' into '12-4-stable'GitLab Release Tools Bot2019-11-261-0/+58
|\ \
| * | Encrypt application settings with pre and post deploymentsArturo Herrero2019-11-252-46/+2
| * | Encrypt application setting tokensArturo Herrero2019-11-212-0/+102
| |/
* | Merge branch 'security-fix-xss-in-label-namespace-12-4' into '12-4-stable'GitLab Release Tools Bot2019-11-261-0/+9
|\ \
| * | Escape namespace in label referencesHeinrich Lee Yu2019-11-251-0/+9
| |/
* | Merge branch 'security-28802-respect-fork-parent-visibility-12-4' into '12-4-...GitLab Release Tools Bot2019-11-264-2/+128
|\ \
| * | Check permissions before showing a forked project's sourceNick Thomas2019-11-254-2/+128
| |/
* | Spec to ensure `_ids` are cleaned by ImportExport::AttributeCleanerImre Farkas2019-11-261-1/+4
* | Add latest changes from gitlab-org/gitlab@12-4-stable-eeGitLab Bot2019-11-2612-113/+164
|/
* Add latest changes from gitlab-org/gitlab@12-4-stable-eeGitLab Bot2019-11-0414-28/+92
* Merge branch 'security-mask-sentry-token-12-4-ce' into '12-4-stable'GitLab Release Tools Bot2019-10-252-0/+34
|\
| * Mask Sentry auth tokenRyan Cobb2019-10-242-0/+34
* | Merge branch 'security-remove-leaky-401-responses-12.4' into '12-4-stable'GitLab Release Tools Bot2019-10-2510-15/+32
|\ \
| * | Avoid #authenticate_user! in #route_not_foundKerri Miller2019-10-2210-15/+32
| |/
* | Return 404 on LFS request if project doesn't existIgor Drozdov2019-10-251-1/+42
* | Merge branch 'security-bvl-validate-force-remove-branch-on-mrs-12-4-ce' into ...GitLab Release Tools Bot2019-10-246-6/+133
|\ \
| * | Only assign merge params when allowedBob Van Landuyt2019-10-236-6/+133
| |/
* | Merge branch 'security-wiki-rdoc-content-12-4-ce' into '12-4-stable'GitLab Release Tools Bot2019-10-242-34/+61
|\ \
| * | Pass all wiki markup formats through pipelinesLuke Duncalfe2019-10-232-34/+61
| |/
* | Merge branch 'security-developer-transfer-project-12-4' into '12-4-stable'GitLab Release Tools Bot2019-10-244-1/+118
|\ \
| * | Require maintainer permission to transfer projectsmanojmj2019-10-234-1/+118
| |/
* | Merge branch 'security-open-redirect-internalredirect-12-4' into '12-4-stable'GitLab Release Tools Bot2019-10-241-1/+2
|\ \
| * | Use the '\A' and '\z' regex anchors in `InternalRedirect` to mitigate an Open...Joern Schneeweisz2019-10-221-1/+2
| |/
* | Merge branch 'security-2914-labels-visible-despite-no-access-to-issues-reposi...GitLab Release Tools Bot2019-10-242-2/+85
|\ \
| * | Fix labels finder to filter issuablesEugenia Grieff2019-10-222-2/+85
| |/
* | Merge branch 'security-2920-fix-notes-with-label-cross-reference-12-4' into '...GitLab Release Tools Bot2019-10-241-0/+57
|\ \
| * | Add milestone and label note types to cross refsEugenia Grieff2019-10-241-0/+57
| |/
* | Merge branch 'security-64519-circular-graphql-queries-12-4' into '12-4-stable'GitLab Release Tools Bot2019-10-245-7/+182
|\ \
| * | Tweak test to insulate against magic number changescharlieablett2019-10-231-0/+1
| * | Allow tests to ignore recursioncharlieablett2019-10-231-0/+5
| * | Check for recursion and fail if too recursivecharlieablett2019-10-235-7/+176
| |/
* | Merge branch 'security-33689-post-filter-search-results-ce-12-4' into '12-4-s...GitLab Release Tools Bot2019-10-243-7/+29
|\ \
| * | Add #to_ability_name to Project & MilestoneDylan Griffith2019-10-232-0/+16
| * | Change Note#to_ability_name to 'note'Dylan Griffith2019-10-231-7/+13
| |/