- 27 May, 2019 1 commit
-
-
Kerri Miller authored
First reported: https://gitlab.com/gitlab-org/gitlab-ce/issues/60143 When the page slug is "javascript:" and we attempt to link to a relative path (using `.` or `..`) the code will concatenate the slug and the uri. This MR adds a guard to that concat step that will return `nil` if the incoming slug matches against any of the "unsafe" slug regexes; currently this is only for the slug "javascript:" but can be extended if needed. Manually tested against a non-exhaustive list from OWASP of common javascript XSS exploits that have to to with mangling the "javascript:" method, and all are caught by this change or by existing code that ingests the user-specified slug.
-
- 24 May, 2019 1 commit
-
-
Filipa Lacerda authored
Replaces a hard-coded date in the job app spec Closes #62283 See merge request gitlab-org/gitlab-ce!28709
-
- 22 May, 2019 2 commits
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
- 21 May, 2019 13 commits
-
-
GitLab Release Tools Bot authored
-
Yorick Peterse authored
Prepare 11.11.0-rc5 release See merge request gitlab-org/gitlab-ce!28537
-
Achilleas Pipinellis authored
Slight edit of text from earlier merge Closes #61447 See merge request gitlab-org/gitlab-ce!28511 (cherry picked from commit 890fe4ea) 208dc117 Slight edit of text from earlier merge
-
Achilleas Pipinellis authored
Add to docs sentence about alertbot opening issues See merge request gitlab-org/gitlab-ce!28503 (cherry picked from commit 5396b2a8) afcbebd9 Add to docs sentence about alertbot opening issues
-
Achilleas Pipinellis authored
Adds documentation for 'Play all manual' button See merge request gitlab-org/gitlab-ce!28502 (cherry picked from commit 7a9a65e5) 32a99c6c Adds documentation for stage button 4ec9f042 Apply suggestion to doc/ci/pipelines.md 062844cc Apply suggestion to doc/ci/pipelines.md ecc7b72a Apply suggestion to doc/ci/pipelines.md c4bcf858 Apply suggestion to doc/ci/pipelines.md b0b16210 Apply suggestion to doc/ci/pipelines.md
-
Douglas Barbosa Alexandre authored
API: Fix recursive flag not working with Rugged get_tree_entries flag Closes #61979 See merge request gitlab-org/gitlab-ce!28494 (cherry picked from commit d951f047) c1827f1c API: Fix recursive flag not working with Rugged get_tree_entries flag
-
Grzegorz Bizon authored
Revert "Merge branch '55127-add-delay-after-mr-creation-for-async-tasks-to-complete' into 'master'" See merge request gitlab-org/gitlab-ce!28492 (cherry picked from commit a5f810c9) c04ea583 Revert "Merge branch '55127-add-delay-after-mr-creation-for-async-tasks-to-complete' into 'master'"
-
Phil Hughes authored
Adds arrow icons to select menu in CI/CD settings Closes #62038 See merge request gitlab-org/gitlab-ce!28476 (cherry picked from commit 3c8bc807) 64f040e2 Adds arrow icons to select option in CI/CD settings
-
Achilleas Pipinellis authored
Update group security dashboard docs - CE backport See merge request gitlab-org/gitlab-ce!28471 (cherry picked from commit d9877120) 6afda6d6 Update group security dashboard screenshot
-
Achilleas Pipinellis authored
Fix content to not contradict Closes #61270 See merge request gitlab-org/gitlab-ce!28456 (cherry picked from commit 0bf8204a) ec3e0da8 Fix content to not contradict 19b05a42 Apply suggestion to doc/ci/merge_request_pipelines/index.md
-
Evan Read authored
Initial instance level cluster docs See merge request gitlab-org/gitlab-ce!27873 (cherry picked from commit 961a5f72) 96cec8bf Initial instance level cluster docs a951adb6 Apply suggestion to doc/user/project/clusters/index.md 719b7a07 Apply suggestion to doc/user/group/clusters/index.md
-
Yorick Peterse authored
Port for RC5 of Next badge must be visible when canary flag is true See merge request gitlab-org/gitlab-ce!28540
-
Filipa Lacerda authored
-
- 20 May, 2019 11 commits
-
-
GitLab Release Tools Bot authored
-
Robert Speicher authored
Prepare 11.11.0-rc4 release See merge request gitlab-org/gitlab-ce!28479
-
Yorick Peterse authored
Revert "Merge branch '56850-add-new-unicorn-metrics' into 'master'" See merge request gitlab-org/gitlab-ce!28483 (cherry picked from commit c775e88c) 2334b077 Revert "Merge branch '56850-add-new-unicorn-metrics' into 'master'"
-
Sean McGivern authored
Add extra checks for ci_id migration See merge request gitlab-org/gitlab-ce!28404 (cherry picked from commit 30a60ee4) 5786de36 Add extra checks for ci_id migration
-
James Lopez authored
SSO enforcement docs details added from 11.11 See merge request gitlab-org/gitlab-ce!28394 (cherry picked from commit 64a17ba8) 23cfce3e SSO enforcement docs details added from 11.11
-
Sean McGivern authored
Fix incorrect prefix used in new uploads for personal snippets Closes #61671 See merge request gitlab-org/gitlab-ce!28337 (cherry picked from commit f38265da) a1f44c1b Fix incorrect prefix used in new uploads for personal snippets
-
Achilleas Pipinellis authored
Update CI minutes docs regarding transferring of minutes and billing See merge request gitlab-org/gitlab-ce!28293 (cherry picked from commit ac232949) 6a2875e1 Update extra CI minutes docs
-
Achilleas Pipinellis authored
Merge branch '61376-add-documentation-about-how-to-enable-puma-web-server-for-installations-from-source' into 'master' Add documentation about how to enable Puma web server for installations from source Closes #61376 See merge request gitlab-org/gitlab-ce!28235 (cherry picked from commit 5ec40522) c06dfd9d Replace Unicorn with web server in the init.d script [ci skip] 95afca31 Add puma example for production [ci skip] f2c6bfbe Add using Puma section to install from source [ci skip] 5ebf0492 Add Puma web server support to init.d file aa7b053c Minor doc improvements to Puma instructions 29e49b45 Apply suggestion to doc/install/installation.md 6a691fa7 Apply suggestion to doc/install/installation.md
-
Rémy Coutable authored
Fix Error 500 when inviting user already present Closes #61574 See merge request gitlab-org/gitlab-ce!28198 (cherry picked from commit a0da5e08) f1640616 Fix Error 500 when inviting user already present
-
Achilleas Pipinellis authored
Add documentation for dependency proxy feature See merge request gitlab-org/gitlab-ce!28096 (cherry picked from commit f4dfbb68) 516344b9 Add documentation for dependency proxy feature 084fee73 Merge branch 'master' into docs/dependency-proxy-ce 14b9e8a5 Copyedit Dependency Proxy docs 10811da0 Link dependency proxy to the group index page 900d40ab Add example of a namespaced Docker image d7e2b4a7 Add link to Puma for source installations 18e68c5e Merge branch 'master' into docs/dependency-proxy-ce ac62bff2 Add note about data retention and fix heading
-
- 16 May, 2019 5 commits
-
-
GitLab Release Tools Bot authored
-
Marin Jankovski authored
Prepare 11.11.0-rc3 release See merge request gitlab-org/gitlab-ce!28313
-
Phil Hughes authored
Adds header column to variables list Closes #46806 See merge request gitlab-org/gitlab-ce!28060 (cherry picked from commit 69cfdfae) 31861b0f Adds header column to variables list
-
- 14 May, 2019 7 commits
-
-
Phil Hughes authored
Fixes next badge being always visible Closes #61550 See merge request gitlab-org/gitlab-ce!28249 (cherry picked from commit 3ec966ad) f769f539 Fixes next badge being always visible
-
Rémy Coutable authored
Don't run full gc in AfterImportService Closes gitlab-ee#11556 See merge request gitlab-org/gitlab-ce!28239 (cherry picked from commit 4c16ce11) 36b1a2d7 Don't run full gc in AfterImportService
-
Achilleas Pipinellis authored
Update CI minutes docs to reflect this is available to all plans See merge request gitlab-org/gitlab-ce!28237 (cherry picked from commit 3f29c2b5) fca1835b Update CI minutes docs
-
Douglas Barbosa Alexandre authored
Properly handle LFS Batch API response in project import Closes #61624 See merge request gitlab-org/gitlab-ce!28223 (cherry picked from commit 9dc41a09) e67481e0 Properly handle LFS Batch API response in project import
-
Nick Thomas authored
CE Changes for SSO enforcement in ProjectPolicy See merge request gitlab-org/gitlab-ce!28208 (cherry picked from commit 1a90a9bb) b95a0690 SSO enforcement for project resources
-
Kushal Pandya authored
CE backport: Remove non-semantic use of `.row` in member listing controls See merge request gitlab-org/gitlab-ce!28204 (cherry picked from commit 505ffe56) 9674ed71 Remove non-semantic use of `.row` in member listing controls