summaryrefslogtreecommitdiff
path: root/spec
Commit message (Expand)AuthorAgeFilesLines
...
| * | | Check permissions before showing a forked project's sourceNick Thomas2019-11-254-2/+128
| |/ /
* | | Spec to ensure `_ids` are cleaned by ImportExport::AttributeCleanerImre Farkas2019-11-261-1/+4
|/ /
* | Add latest changes from gitlab-org/gitlab@12-5-stable-eeGitLab Bot2019-11-228-37/+37
|/
* Add latest changes from gitlab-org/gitlab@12-5-stable-eeGitLab Bot2019-11-191153-10547/+33553
* Add latest changes from gitlab-org/gitlab@12-4-stable-eeGitLab Bot2019-11-0414-28/+92
* Merge branch 'security-mask-sentry-token-12-4-ce' into '12-4-stable'GitLab Release Tools Bot2019-10-252-0/+34
|\
| * Mask Sentry auth tokenRyan Cobb2019-10-242-0/+34
* | Merge branch 'security-remove-leaky-401-responses-12.4' into '12-4-stable'GitLab Release Tools Bot2019-10-2510-15/+32
|\ \
| * | Avoid #authenticate_user! in #route_not_foundKerri Miller2019-10-2210-15/+32
| |/
* | Return 404 on LFS request if project doesn't existIgor Drozdov2019-10-251-1/+42
* | Merge branch 'security-bvl-validate-force-remove-branch-on-mrs-12-4-ce' into ...GitLab Release Tools Bot2019-10-246-6/+133
|\ \
| * | Only assign merge params when allowedBob Van Landuyt2019-10-236-6/+133
| |/
* | Merge branch 'security-wiki-rdoc-content-12-4-ce' into '12-4-stable'GitLab Release Tools Bot2019-10-242-34/+61
|\ \
| * | Pass all wiki markup formats through pipelinesLuke Duncalfe2019-10-232-34/+61
| |/
* | Merge branch 'security-developer-transfer-project-12-4' into '12-4-stable'GitLab Release Tools Bot2019-10-244-1/+118
|\ \
| * | Require maintainer permission to transfer projectsmanojmj2019-10-234-1/+118
| |/
* | Merge branch 'security-open-redirect-internalredirect-12-4' into '12-4-stable'GitLab Release Tools Bot2019-10-241-1/+2
|\ \
| * | Use the '\A' and '\z' regex anchors in `InternalRedirect` to mitigate an Open...Joern Schneeweisz2019-10-221-1/+2
| |/
* | Merge branch 'security-2914-labels-visible-despite-no-access-to-issues-reposi...GitLab Release Tools Bot2019-10-242-2/+85
|\ \
| * | Fix labels finder to filter issuablesEugenia Grieff2019-10-222-2/+85
| |/
* | Merge branch 'security-2920-fix-notes-with-label-cross-reference-12-4' into '...GitLab Release Tools Bot2019-10-241-0/+57
|\ \
| * | Add milestone and label note types to cross refsEugenia Grieff2019-10-241-0/+57
| |/
* | Merge branch 'security-64519-circular-graphql-queries-12-4' into '12-4-stable'GitLab Release Tools Bot2019-10-245-7/+182
|\ \
| * | Tweak test to insulate against magic number changescharlieablett2019-10-231-0/+1
| * | Allow tests to ignore recursioncharlieablett2019-10-231-0/+5
| * | Check for recursion and fail if too recursivecharlieablett2019-10-235-7/+176
| |/
* | Merge branch 'security-33689-post-filter-search-results-ce-12-4' into '12-4-s...GitLab Release Tools Bot2019-10-243-7/+29
|\ \
| * | Add #to_ability_name to Project & MilestoneDylan Griffith2019-10-232-0/+16
| * | Change Note#to_ability_name to 'note'Dylan Griffith2019-10-231-7/+13
| |/
* | Merge branch 'security-65756-ex-admin-attacker-can-comment-in-internalsecurit...GitLab Release Tools Bot2019-10-241-12/+36
|\ \
| * | Users without commit access cannot create notescharlieablett2019-10-231-12/+36
| |/
* | Pick only those groups that the viewing user has access to,Aakriti Gupta2019-10-242-16/+123
|/
* Add latest changes from gitlab-org/gitlab@12-4-stable-eeGitLab Bot2019-10-221288-9397/+39381
* Merge branch '33216-quarantine-ECDSA' into 'master'Rémy Coutable2019-10-022-2/+2
* EE port: Fix private feature Elasticsearch leakMark Chao2019-10-014-0/+197
* Merge branch 'fix_expired_gpg_key_specs' into 'master'Stan Hu2019-09-302-151/+270
* Merge branch 'security-bypass-email-verification-using-salesforce' into '12-3...GitLab Release Tools Bot2019-09-263-25/+55
|\
| * Add checking for email_verified keyMałgorzata Ksionek2019-09-233-25/+55
* | Merge branch 'security-sarcila-verify-saml-request-origin-12-3' into '12-3-st...GitLab Release Tools Bot2019-09-265-36/+191
|\ \
| * | Validate that SAML requests are originated from gitlabSebastian Arcila Valenzuela2019-09-205-36/+191
| |/
* | Merge branch 'security-mermaid-block' into '12-3-stable'GitLab Release Tools Bot2019-09-261-0/+39
|\ \
| * | Only render fixed number of mermaid blocksRajat Jain2019-09-131-0/+39
* | | Merge branch 'security-12717-fix-confidential-issue-assignee-visible-to-guest...GitLab Release Tools Bot2019-09-261-0/+41
|\ \ \
| * | | Display only participants that user has permission to seeAlexandru Croitor2019-09-231-0/+41
| | |/ | |/|
* | | Merge branch 'security-64938-dont-disclose-path-12-3-ce' into '12-3-stable'GitLab Release Tools Bot2019-09-261-0/+29
|\ \ \
| * | | Redirect user to root path after unsubscribing from private resourceAlexandru Croitor2019-09-231-0/+29
| |/ /
* | | Merge branch 'security-12718-project-milestones-disclosed-via-groups-12-3-ce'...GitLab Release Tools Bot2019-09-262-2/+101
|\ \ \
| * | | Hide disabled project milestones in project settings on group levelAlexandru Croitor2019-09-232-2/+101
| |/ /
* | | Merge branch 'security-12630-private-system-note-disclosed-in-graphql-12-3-ce...GitLab Release Tools Bot2019-09-262-0/+162
|\ \ \
| * | | Add policy check if cross reference system notes are accessibleAlexandru Croitor2019-09-232-0/+162
| |/ /