summaryrefslogtreecommitdiff
path: root/spec
Commit message (Expand)AuthorAgeFilesLines
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-3135-1457/+907
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-314-11/+79
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-3110-46/+289
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-3110-155/+188
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-316-376/+400
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-3114-416/+431
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-308-74/+96
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-3016-43/+1157
* Merge dev.gitlab.org@master into GitLab.com@masterYorick Peterse2019-10-3039-114/+959
|\
| * Merge branch 'security-ag-hide-private-members-in-project-member-autocomplete...GitLab Release Tools Bot2019-10-292-16/+123
| |\
| | * Pick only those groups that the viewing user has access to,Aakriti Gupta2019-09-252-16/+123
| * | Merge branch 'security-64519-nested-graphql-query-can-cause-denial-of-service...GitLab Release Tools Bot2019-10-295-7/+182
| |\ \
| | * | Tweak test to insulate against magic number changescharlieablett2019-10-231-0/+1
| | * | Allow tests to ignore recursioncharlieablett2019-10-231-0/+5
| | * | Check for recursion and fail if too recursivecharlieablett2019-10-235-7/+176
| * | | Improper access control allows the attacker to comment in internal commit aft...Charlie Ablett2019-10-291-12/+36
| * | | Merge branch 'security-2914-labels-visible-despite-no-access-to-issues-reposi...GitLab Release Tools Bot2019-10-292-2/+85
| |\ \ \
| | * | | Fix labels finder to filter visible issuablesEugenia Grieff2019-10-222-2/+85
| * | | | Merge branch 'security-2920-fix-notes-with-label-cross-reference' into 'master'GitLab Release Tools Bot2019-10-291-0/+57
| |\ \ \ \
| | * | | | Add specs to cover label and milestone notesEugenia Grieff2019-10-241-0/+57
| * | | | | Merge branch 'security-developer-transfer-project' into 'master'GitLab Release Tools Bot2019-10-294-1/+118
| |\ \ \ \ \
| | * | | | | Require maintainer permission to transfer projectsmanojmj2019-10-094-1/+118
| * | | | | | Merge branch 'security-stored-xss-using-find-file' into 'master'GitLab Release Tools Bot2019-10-291-12/+25
| |\ \ \ \ \ \
| | * | | | | | Sanitize search text to prevent XSSsamantha-dev2019-10-021-12/+25
| * | | | | | | Merge branch 'security-remove-leaky-401-responses-master' into 'master'GitLab Release Tools Bot2019-10-2910-15/+32
| |\ \ \ \ \ \ \
| | * | | | | | | Avoid #authenticate_user! in #route_not_foundKerri Miller2019-10-0910-15/+32
| | | |/ / / / / | | |/| | | | |
| * | | | | | | Merge branch 'security-bvl-validate-force-remove-branch-on-mrs-ce' into 'master'GitLab Release Tools Bot2019-10-296-6/+133
| |\ \ \ \ \ \ \
| | * | | | | | | Only assign merge params when allowedBob Van Landuyt2019-10-246-6/+133
| * | | | | | | | Merge branch 'security-wiki-rdoc-content-ce' into 'master'GitLab Release Tools Bot2019-10-292-34/+61
| |\ \ \ \ \ \ \ \
| | * | | | | | | | Pass all wiki markup formats through pipelinesLuke Duncalfe2019-10-232-34/+61
| * | | | | | | | | Merge branch 'security-mask-sentry-token-ce' into 'master'GitLab Release Tools Bot2019-10-292-0/+34
| |\ \ \ \ \ \ \ \ \
| | * | | | | | | | | Mask Sentry auth tokenRyan Cobb2019-10-162-0/+34
| | | |_|/ / / / / / | | |/| | | | | | |
| * | | | | | | | | Merge branch 'security-open-redirect-internalredirect' into 'master'GitLab Release Tools Bot2019-10-291-1/+2
| |\ \ \ \ \ \ \ \ \
| | * | | | | | | | | Use the '\A' and '\z' regex anchors in `InternalRedirect` to mitigate an Open...Joern Schneeweisz2019-10-081-1/+2
| | |/ / / / / / / /
| * | | | | | | | | Merge branch 'security-33689-post-filter-search-results-ce' into 'master'GitLab Release Tools Bot2019-10-293-7/+29
| |\ \ \ \ \ \ \ \ \
| | * | | | | | | | | Add #to_ability_name to Project & MilestoneDylan Griffith2019-10-232-0/+16
| | * | | | | | | | | Change Note#to_ability_name to 'note'Dylan Griffith2019-10-231-7/+13
| | | |_|_|_|_|_|/ / | | |/| | | | | | |
| * | | | | | | | | Return 404 on LFS request if project doesn't existIgor Drozdov2019-10-251-1/+42
* | | | | | | | | | Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-309-5/+314
* | | | | | | | | | Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-305-24/+67
* | | | | | | | | | Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-3011-38/+357
* | | | | | | | | | Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-299-58/+519
* | | | | | | | | | Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-2910-54/+160
* | | | | | | | | | Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-2950-187/+1015
* | | | | | | | | | Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-293-408/+267
* | | | | | | | | | Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-298-0/+16
* | | | | | | | | | Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-2988-1/+277
* | | | | | | | | | Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-289-66/+198
* | | | | | | | | | Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-2826-717/+687
* | | | | | | | | | Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-2810-50/+144
View Lorry Controller Status