- 30 Jun, 2016 2 commits
-
-
Douwe Maan authored
Ensure logged-out users can't see private refs https://gitlab.com/gitlab-org/gitlab-ce/issues/18033 I'm still not sure what to do about the CHANGELOG on security issues - should I add to a patch release? This issue was assigned to 8.10. See merge request !1974 (cherry picked from commit 3a6ebb1f)
-
Douwe Maan authored
Fix privilege escalation issue with OAuth external users Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/19312 This MR fixes a privilege escalation issue, where manually set external users would be reverted back to internal users if they logged in via OAuth and that provider was not in the `external_providers` list. /cc @douwe See merge request !1975 (cherry picked from commit 5e6342b7)
-
- 28 Jun, 2016 1 commit
-
-
Robert Speicher authored
-
- 27 Jun, 2016 2 commits
-
-
Robert Speicher authored
Fix visibility of snippets when searching Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18997 See merge request !1972 (cherry picked from commit 8a197c15)
-
Stan Hu authored
Update omniauth-saml to 1.6.0 to address a security vulnerability in ruby-saml Updates `omniauth-saml` to bring in the new `ruby-saml` dependency that addresses [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697) Fixes #19206 See merge request !4951 (cherry picked from commit c3a8b252)
-
- 15 Jun, 2016 1 commit
-
-
Tomasz Maczukin authored
-
- 14 Jun, 2016 4 commits
-
-
Robert Speicher authored
Only show notes through JSON on confidential issues that the user has access to Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18535 See merge request !1970
-
Tomasz Maczukin authored
-
Robert Speicher authored
Forbid scripting for wiki files Wiki files (not pages - files in the repo) are just sent to the browser with whatever content-type the mime_types gem assigns to them based on their extension. As this is from the same domain as the GitLab application, this is an XSS vulnerability. Set a CSP forbidding all sources for scripting, CSS, XHR, etc. on these files. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/17298. See merge request !1969
-
Douwe Maan authored
Remove 'unscoped' from project builds selection This is a fix for this security bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/18188 /cc @kamil @grzegorz @stanhu See merge request !1968
-
- 20 May, 2016 1 commit
-
-
Yorick Peterse authored
-
- 19 May, 2016 5 commits
-
-
Yorick Peterse authored
-
Yorick Peterse authored
-
Robert Speicher authored
fix typo making gitlab.com importing to fail Fixes https://gitlab.com/gitlab-org/gitlab-ee/issues/565 See merge request !4181
-
Rémy Coutable authored
Use the relative url prefix for links in Wiki Retry of gitlab-org/gitlab-ce!4026 @rymai !4050 solved all other problems how it looks like. I [tested](https://gitlab.com/artem-forks/gitlab-ce/commit/ff01eca7b559efa7cacf3412aa01cd8ae8a6db7e/builds) this with ruby22 Fixes #17071 See merge request !4131
-
Rémy Coutable authored
Create import data in service and fix timing issues when scheduling job Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/17401 Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/17376 See merge request !4106
-
- 12 May, 2016 6 commits
-
-
Yorick Peterse authored
-
Yorick Peterse authored
-
Robert Speicher authored
Fix an issue when filtering merge requests with more than one label Fixes #15529. See merge request !3886
-
Yorick Peterse authored
-
Stan Hu authored
Fix build notification on merge request page change even if the build status didn't change ## What does this MR do? This MR contains a bugfix for #17357 which was introduced by !3998. The notification are now only shown on status changes, and not when switching between different merge requests. ## Are there points in the code the reviewer needs to double check? Check implementation ## Why was this MR needed? Because auf a bug introduced in !3998. ## What are the relevant issue numbers? #17357 Closes #17357 See merge request !4086
-
Rémy Coutable authored
Relative Links in the Wiki Are Broken - [ ] #16568 (!4050) Relative links in wiki are broken - [x] Investigate issue - [x] Implementation / Fix - [x] Write (failing) tests for `WikiLinkFilter` - [x] Link to `./bar` should either get rewritten correctly or left alone - [x] Link to `./bar.md` should maybe get rewritten correctly (is left alone currently) - [x] Link to `bar.md` should get rewritten correctly - [x] Check if this indeed a bug - [x] Make sure CI is green - [x] Assign to endboss - [x] Wait for review - [x] Implement review feedback - [ ] Wait for merge See merge request !4050
-
- 11 May, 2016 15 commits
-
-
Yorick Peterse authored
This MR never made it into 8.7.4.
-
Yorick Peterse authored
-
Yorick Peterse authored
[ci skip]
-
Yorick Peterse authored
This reverts commit d1ba0986.
-
Yorick Peterse authored
[ci skip]
-
Yorick Peterse authored
-
Yorick Peterse authored
-
Robert Speicher authored
Use a case-insensitive check to compare URI schemes Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/17299 See merge request !1965
-
Robert Speicher authored
Add if exists to drop command Add `IF EXISTS` as a precaution. Related to gitlab-org/gitlab-ce!4020 See merge request !4100
-
Robert Speicher authored
Rake drop tables with cascade See merge request !4020
-
Stan Hu authored
Fix build notification on merge request page change even if the build status didn't change ## What does this MR do? This MR contains a bugfix for #17357 which was introduced by !3998. The notification are now only shown on status changes, and not when switching between different merge requests. ## Are there points in the code the reviewer needs to double check? Check implementation ## Why was this MR needed? Because auf a bug introduced in !3998. ## What are the relevant issue numbers? #17357 Closes #17357 See merge request !4086
-
Robert Speicher authored
Allow Redmine issue references to work as intended Closes #14527 and #14894 See merge request !4048
-
Robert Speicher authored
Use sign out path only if not empty Fixes: https://github.com/gitlabhq/gitlabhq/issues/10066 See merge request !3989
-
Rémy Coutable authored
Pass trusted_proxies to action_dispatch as IPAddrs instead of strings Without this setting your own trusted_proxies does not work. Fixes an issue introduce in: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3524 Fixes: https://gitlab.com/gitlab-org/gitlab-ce/issues/17004 See merge request !3970
-
Robert Speicher authored
Fix importer bug when throwing exceptions Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/15681 See merge request !3941
-
- 06 May, 2016 1 commit
-
-
Yorick Peterse authored
-
- 05 May, 2016 2 commits
-
-
Yorick Peterse authored
-
Yorick Peterse authored
-