- 14 Jun, 2016 3 commits
-
-
Tomasz Maczukin authored
-
Robert Speicher authored
Forbid scripting for wiki files Wiki files (not pages - files in the repo) are just sent to the browser with whatever content-type the mime_types gem assigns to them based on their extension. As this is from the same domain as the GitLab application, this is an XSS vulnerability. Set a CSP forbidding all sources for scripting, CSS, XHR, etc. on these files. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/17298. See merge request !1969
-
Douwe Maan authored
Remove 'unscoped' from project builds selection This is a fix for this security bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/18188 /cc @kamil @grzegorz @stanhu See merge request !1968
-
- 27 Apr, 2016 1 commit
-
-
Robert Speicher authored
-
- 26 Apr, 2016 8 commits
-
-
Robert Speicher authored
[ci skip]
-
Robert Speicher authored
Prevent privilege escalation via notes API Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15577 See merge request !1964
-
Douwe Maan authored
-
Douwe Maan authored
This reverts commit 550f9a74.
-
Grzegorz Bizon authored
Fix vulnerability that leaks private labels and milestones This fixes vulnerability that leaks information about private labels and milestones because of insecure direct object reference in issueable create service. This affects merge requests and issues. See https://gitlab.com/gitlab-org/gitlab-ce/issues/15439 This MR introduces additional check that rejects labels and milestone that does not belong to the same project issue/merg request does. `IssuableBaseService` may benefit from encapsulating filters in separate class/module, which then may improve coherency in this class. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15439 See merge request !1954 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Rémy Coutable authored
Prevent users from deleting Webhooks via API they do not own Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15576 See merge request !1959 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Robert Speicher authored
Prevent XSS via custom issue tracker URL Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/15437 See merge request !1955 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Robert Speicher authored
Prevent information disclosure via milestone API Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15579 See merge request !1961
-
- 25 Apr, 2016 5 commits
-
-
Robert Speicher authored
Prevent information disclosure via new merge request page Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15591. See merge request !1963
-
Robert Speicher authored
Prevent privilege escalation via "impersonate" feature Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15548 See merge request !1956
-
Robert Speicher authored
Prevent information disclosure via snippet API Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15580 See merge request !1958
-
Jacob Schatz authored
Fixes XSS injection REF: https://gitlab.com/gitlab-org/gitlab-ce/issues/15434 **Without the fix** ![xss1](/uploads/0a7b0b15fb87066965a7c73f1dbaa815/xss1.gif) **With the fix** ![xss2](/uploads/473cfa0aa80656f24c58aebf1fd97fff/xss2.gif) See merge request !1952
-
Robert Speicher authored
Fixes window.opener bug Adds `noreferrer` value to rel attribute for external links REF: https://gitlab.com/gitlab-org/gitlab-ce/issues/15331 See merge request !1953
-
- 20 Apr, 2016 1 commit
-
-
Rémy Coutable authored
-
- 19 Apr, 2016 2 commits
-
-
Robert Speicher authored
-
-
- 07 Apr, 2016 2 commits
-
-
Robert Speicher authored
-
Rémy Coutable authored
Fix 2FA authentication spoofing Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 05 Apr, 2016 3 commits
-
-
Rémy Coutable authored
-
Rémy Coutable authored
[ci skip] Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Stan Hu authored
Closes #13957
-
- 17 Mar, 2016 3 commits
-
-
Robert Speicher authored
-
Robert Speicher authored
Bump Git version requirement to 2.7.4 (for 8.4) [ci skip] See merge request !3283
-
Douwe Maan authored
-
- 25 Feb, 2016 2 commits
-
-
Robert Speicher authored
-
Robert Speicher authored
[ci skip]
-
- 15 Feb, 2016 1 commit
-
-
Robert Speicher authored
Fix missing gitlab_git version bump Closes #13430 See merge request !2811
-
- 14 Feb, 2016 1 commit
-
-
Stan Hu authored
Closes #13430
-
- 10 Feb, 2016 2 commits
-
-
Robert Speicher authored
Bump gitlab_git to ~> 7.2.24 bump gitlab_git to ~> 7.2.24 (closes: #13245) See merge request !2772
-
Robert Speicher authored
-
- 09 Feb, 2016 4 commits
-
-
Robert Speicher authored
Add notice about variables in build log Related to: https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/1942 [ci skip] See merge request !2761
-
Robert Speicher authored
[ci skip]
-
Robert Speicher authored
Fix timeout issue for rake task gitlab:backup:create This is a fix for a database timeout which can occur when the backup create task is taking very long (1-2 hours). It seems that ActiveRecord is loosing the connection after a hour idleness and need to be reconnected before use. See merge request !2757
-
Pirate Praveen authored
-
- 08 Feb, 2016 2 commits
-
-
Robert Speicher authored
Limit guest access builds This is https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/1942 for ce-stable See merge request !1943
-
Kamil Trzcinski authored
-