summaryrefslogtreecommitdiff
path: root/spec
Commit message (Expand)AuthorAgeFilesLines
* Add latest changes from gitlab-org/security/gitlab@12-6-stable-eeGitLab Bot2020-01-101-2/+13
* Add latest changes from gitlab-org/gitlab@12-6-stable-eeGitLab Bot2020-01-0916-183/+169
* Add latest changes from gitlab-org/gitlab@12-6-stable-eeGitLab Bot2020-01-032-0/+23
* Add latest changes from gitlab-org/security/gitlab@12-6-stable-eeGitLab Bot2019-12-312-6/+36
* Add latest changes from gitlab-org/security/gitlab@12-6-stable-eeGitLab Bot2019-12-317-17/+192
* Add latest changes from gitlab-org/gitlab@12-6-stable-eeGitLab Bot2019-12-277-18/+115
* Add latest changes from gitlab-org/gitlab@12-6-stable-eeGitLab Bot2019-12-201424-142243/+33893
* Add latest changes from gitlab-org/gitlab@12-5-stable-eeGitLab Bot2019-12-164-17/+46
* Add latest changes from gitlab-org/gitlab@12-5-stable-eeGitLab Bot2019-12-052-4/+5
* Add latest changes from gitlab-org/gitlab@12-5-stable-eeGitLab Bot2019-12-038-23/+102
* Merge branch 'security-dos-issue-and-commit-comments-12-5' into '12-5-stable'GitLab Release Tools Bot2019-11-261-0/+5
|\
| * Fix invalid byte sequencePatrick Derichs2019-11-221-0/+5
* | Merge branch 'security-ag-cycle-analytics-guest-permissions-12-5' into '12-5-...GitLab Release Tools Bot2019-11-262-1/+32
|\ \
| * | Prevent guests from seeing commits for cycle analyticsAakriti Gupta2019-11-202-1/+32
| |/
* | Merge branch 'security-filter-related-branches-from-activity-feed-12.5' into ...GitLab Release Tools Bot2019-11-262-0/+101
|\ \
| * | Restrict branches visible to guests in Issue feedKerri Miller2019-11-202-0/+101
| |/
* | Merge branch 'security-2943-encrypt-plaintext-tokens-12-5' into '12-5-stable'GitLab Release Tools Bot2019-11-261-0/+58
|\ \
| * | Encrypt application settings with pre and post deploymentsArturo Herrero2019-11-252-46/+2
| * | Encrypt application setting tokensArturo Herrero2019-11-212-0/+102
| |/
* | Merge branch 'security-dns-rebind-ssrf-in-slack-notifications-12-5-ce' into '...GitLab Release Tools Bot2019-11-266-175/+232
|\ \
| * | Use Gitlab::HTTP for all chat notificationsHordur Freyr Yngvason2019-11-216-175/+232
| |/
* | Merge branch 'security-33712-ce-12-5' into '12-5-stable'GitLab Release Tools Bot2019-11-265-17/+327
|\ \
| * | Add search_helpers changes from security-33712Dylan Griffith2019-11-221-0/+6
| * | Fix group created from other test from pollutingMark Chao2019-11-221-2/+2
| * | Test admin for search accessibilityMark Chao2019-11-222-0/+36
| * | Internalize private project minimum access levelMark Chao2019-11-221-0/+24
| * | Fix scope to handle private guest permissionMark Chao2019-11-221-0/+74
| * | ES: update permission spec tableMark Chao2019-11-222-15/+185
| |/
* | Merge branch 'security-fix-xss-in-label-namespace-12-5' into '12-5-stable'GitLab Release Tools Bot2019-11-261-0/+9
|\ \
| * | Escape namespace in label referencesHeinrich Lee Yu2019-11-251-0/+9
* | | Merge branch 'security-28802-respect-fork-parent-visibility-12-5' into '12-5-...GitLab Release Tools Bot2019-11-264-2/+128
|\ \ \
| * | | Check permissions before showing a forked project's sourceNick Thomas2019-11-254-2/+128
| |/ /
* | | Spec to ensure `_ids` are cleaned by ImportExport::AttributeCleanerImre Farkas2019-11-261-1/+4
|/ /
* | Add latest changes from gitlab-org/gitlab@12-5-stable-eeGitLab Bot2019-11-228-37/+37
|/
* Add latest changes from gitlab-org/gitlab@12-5-stable-eeGitLab Bot2019-11-191153-10547/+33553
* Add latest changes from gitlab-org/gitlab@12-4-stable-eeGitLab Bot2019-11-0414-28/+92
* Merge branch 'security-mask-sentry-token-12-4-ce' into '12-4-stable'GitLab Release Tools Bot2019-10-252-0/+34
|\
| * Mask Sentry auth tokenRyan Cobb2019-10-242-0/+34
* | Merge branch 'security-remove-leaky-401-responses-12.4' into '12-4-stable'GitLab Release Tools Bot2019-10-2510-15/+32
|\ \
| * | Avoid #authenticate_user! in #route_not_foundKerri Miller2019-10-2210-15/+32
| |/
* | Return 404 on LFS request if project doesn't existIgor Drozdov2019-10-251-1/+42
* | Merge branch 'security-bvl-validate-force-remove-branch-on-mrs-12-4-ce' into ...GitLab Release Tools Bot2019-10-246-6/+133
|\ \
| * | Only assign merge params when allowedBob Van Landuyt2019-10-236-6/+133
| |/
* | Merge branch 'security-wiki-rdoc-content-12-4-ce' into '12-4-stable'GitLab Release Tools Bot2019-10-242-34/+61
|\ \
| * | Pass all wiki markup formats through pipelinesLuke Duncalfe2019-10-232-34/+61
| |/
* | Merge branch 'security-developer-transfer-project-12-4' into '12-4-stable'GitLab Release Tools Bot2019-10-244-1/+118
|\ \
| * | Require maintainer permission to transfer projectsmanojmj2019-10-234-1/+118
| |/
* | Merge branch 'security-open-redirect-internalredirect-12-4' into '12-4-stable'GitLab Release Tools Bot2019-10-241-1/+2
|\ \
| * | Use the '\A' and '\z' regex anchors in `InternalRedirect` to mitigate an Open...Joern Schneeweisz2019-10-221-1/+2
| |/
* | Merge branch 'security-2914-labels-visible-despite-no-access-to-issues-reposi...GitLab Release Tools Bot2019-10-242-2/+85
|\ \