- 22 Nov, 2019 9 commits
-
-
Dylan Griffith authored
-
Mark Chao authored
-
Mark Chao authored
Disabled features are ignored as they are grey areas
-
Mark Chao authored
Some feature allows GUEST to access only if project is not private. This method returns access level when targeting private projects.
-
Mark Chao authored
Guest are blocked to certain feature when project is private, therefore the scope would filter additionally with REPORTER level.
-
Mark Chao authored
Remove impossible cases due to private project's features can only be private or disabled. Fix spec due to sidekiq indexing not triggered. Update guest use cases: some features has additional constraint that "Guest users are able to perform action on public/internal projects, but not private ones."
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Bot authored
-
- 20 Nov, 2019 4 commits
-
-
GitLab Bot authored
-
GitLab Bot authored
-
GitLab Bot authored
-
GitLab Bot authored
-
- 19 Nov, 2019 3 commits
-
-
GitLab Bot authored
-
GitLab Release Tools Bot authored
-
GitLab Bot authored
-
- 18 Nov, 2019 2 commits
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
- 15 Nov, 2019 1 commit
-
-
GitLab Bot authored
-
- 04 Nov, 2019 3 commits
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Bot authored
-
- 30 Oct, 2019 1 commit
-
-
GitLab Release Tools Bot authored
-
- 28 Oct, 2019 2 commits
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
- 25 Oct, 2019 4 commits
-
-
GitLab Release Tools Bot authored
Mask Sentry auth token See merge request gitlab/gitlabhq!3504
-
GitLab Release Tools Bot authored
Private/internal repository enumeration via bruteforce on a vulnerable URL See merge request gitlab/gitlabhq!3491
-
GitLab Release Tools Bot authored
Return 404 on LFS request if project doesn't exist See merge request gitlab/gitlabhq!3506
-
Igor Drozdov authored
-
- 24 Oct, 2019 11 commits
-
-
GitLab Release Tools Bot authored
Only assign merge params when allowed See merge request gitlab/gitlabhq!3487
-
GitLab Release Tools Bot authored
Pass all wiki markup formats through our Banzai pipeline filters See merge request gitlab/gitlabhq!3485
-
GitLab Release Tools Bot authored
Require Maintainer permission on group where project is transferred to See merge request gitlab/gitlabhq!3486
-
GitLab Release Tools Bot authored
Use the '\A' and '\z' regex anchors in `InternalRedirect` to mitigate an Open Redirect issue. See merge request gitlab/gitlabhq!3488
-
GitLab Release Tools Bot authored
Merge branch 'security-2914-labels-visible-despite-no-access-to-issues-repositories-12-4' into '12-4-stable' Labels visible despite no access to issues & repositories See merge request gitlab/gitlabhq!3489
-
GitLab Release Tools Bot authored
Project path reveals labels from Private project if the issue is moved to public project See merge request gitlab/gitlabhq!3490
-
GitLab Release Tools Bot authored
Nested GraphQL query with circular relationship can cause Denial of Service See merge request gitlab/gitlabhq!3492
-
GitLab Release Tools Bot authored
Filter out search results based on permissions to avoid bugs leaking data See merge request gitlab/gitlabhq!3496
-
GitLab Release Tools Bot authored
Merge branch 'security-65756-ex-admin-attacker-can-comment-in-internalsecurity-65756-ex-admin-attacker-can-comment-in-internal-12-4' into '12-4-stable' Improper access control allows the attacker to comment in internal commit after they are no longer admin See merge request gitlab/gitlabhq!3497
-
GitLab Release Tools Bot authored
Merge branch 'security-ag-hide-private-members-in-project-member-autocomplete-12-4' into '12-4-stable' Hide private members in project member autocomplete See merge request gitlab/gitlabhq!3503
-
Ryan Cobb authored
This makes it so we mask Sentry's auth token. This mask only occurs in the UI.
-