- 10 Jun, 2019 2 commits
-
-
Achilleas Pipinellis authored
Update Docs for Chat Notifications Closes #61867 See merge request gitlab-org/gitlab-ce!28510 (cherry picked from commit f66aa212) 2770302d Update documentation for chat notifications on deployment events
-
John Jarvis authored
Update Gitaly to 1.42.4 See merge request gitlab-org/gitlab-ce!29310
-
- 06 Jun, 2019 1 commit
-
-
John Cai authored
This patch of Gitaly includes a fix of the stderr logger writer to fix a panic that occured during an edge case.
-
- 04 Jun, 2019 5 commits
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
John Skarbek authored
Prepare 11.11.2 release See merge request gitlab-org/gitlab-ce!28679
-
Thong Kuah authored
Fix project settings not being able to update Closes #62708 See merge request gitlab-org/gitlab-ce!29097
-
Stan Hu authored
-
- 03 Jun, 2019 10 commits
-
-
John T Skarbek authored
-
Yorick Peterse authored
Fix migration failure when groups are missing route Closes #58714 See merge request gitlab-org/gitlab-ce!29022 (cherry picked from commit 0488c26e) a52cbf6b Fix migration failure when groups are missing route
-
Mayra Cabrera authored
Stop two-step rebase from hanging when errors occur See merge request gitlab-org/gitlab-ce!29060
-
Zeger-Jan van de Weg authored
This change makes sure Gitaly includes a fix to make rebase work again properly. Part of: https://gitlab.com/gitlab-org/gitlab-ce/issues/62353
-
Mayra Cabrera authored
Disable two_step_rebase feature flag See merge request gitlab-org/gitlab-ce!28778 (cherry picked from commit 715d1057) 8104eef0 Disable two_step_rebase feature flag dd1fa0c2 Apply suggestion to changelogs/unreleased/dm-disable-two-step-rebase.yml
-
Ash McKenzie authored
Use source ref in pipeline webhook Closes #61553 See merge request gitlab-org/gitlab-ce!28772 (cherry picked from commit 2714f85c) 7e05f3b7 Use source ref for pipeline webhook
-
Douglas Barbosa Alexandre authored
Fix OmniAuth OAuth2Generic strategy not loading Closes #62216 See merge request gitlab-org/gitlab-ce!28680 (cherry picked from commit 7b5cc7b4) bf8f4c13 Fix OmniAuth OAuth2Generic strategy not loading
-
Lin Jen-Shin authored
Fix display of promote to group label Closes #62200 See merge request gitlab-org/gitlab-ce!28637 (cherry picked from commit 9c2d0d87) f9a55f93 Fix display of promote to group label 52764ec5 Apply suggestion to spec/helpers/labels_helper_spec.rb 58dc21e7 Apply suggestion to spec/features/projects/labels/user_promotes_label_spec.rb
-
Kamil Trzciński authored
Update SAST.gitlab-ci.yml - Add SAST_GITLEAKS_ENTROPY_LEVEL Closes #62179 See merge request gitlab-org/gitlab-ce!28607 (cherry picked from commit 2ae642f8) 31e181f8 Update SAST.gitlab-ci.yml - Add SAST_GITLEAKS_ENTROPY_LEVEL
-
Filipa Lacerda authored
Fix height of input groups Closes #61304, #61303, #59254, and #60778 See merge request gitlab-org/gitlab-ce!28495 (cherry picked from commit 52758b92) 360646ea Fix height of input groups
-
- 30 May, 2019 4 commits
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
Add DNS rebinding protection settings See merge request gitlab/gitlabhq!3130
-
Oswaldo Ferreira authored
-
- 29 May, 2019 3 commits
-
-
Oswaldo Ferreira authored
-
Yorick Peterse authored
Fix the overriding of EE import params See merge request gitlab/gitlabhq!3129
-
Igor Drozdov authored
-
- 28 May, 2019 12 commits
-
-
GitLab Release Tools Bot authored
Reject slug+uri concat if slug is deemed unsafe See merge request gitlab/gitlabhq!3105
-
Robert Speicher authored
Persistent XSS in note objects See merge request gitlab/gitlabhq!3127
-
Tiger authored
-
GitLab Release Tools Bot authored
Fix url redaction for issue links See merge request gitlab/gitlabhq!3092
-
GitLab Release Tools Bot authored
Disallow invalid MR branch name See merge request gitlab/gitlabhq!3095
-
GitLab Release Tools Bot authored
Hide issue title on unsubscribe for anonymous users See merge request gitlab/gitlabhq!3099
-
GitLab Release Tools Bot authored
Fix confidential issue label disclosure on milestone view See merge request gitlab/gitlabhq!3102
-
GitLab Release Tools Bot authored
Handling password on import by url page See merge request gitlab/gitlabhq!3109
-
GitLab Release Tools Bot authored
Resolve: Milestones leaked via search API See merge request gitlab/gitlabhq!3110
-
GitLab Release Tools Bot authored
Protect Gitlab::HTTP against DNS rebinding attack See merge request gitlab/gitlabhq!3113
-
GitLab Release Tools Bot authored
Update Gitaly to fix GetArchive vulnerability See merge request gitlab/gitlabhq!3118
-
GitLab Release Tools Bot authored
Prevent password sign in restriction bypass See merge request gitlab/gitlabhq!3121
-
- 27 May, 2019 1 commit
-
-
Kerri Miller authored
First reported: https://gitlab.com/gitlab-org/gitlab-ce/issues/60143 When the page slug is "javascript:" and we attempt to link to a relative path (using `.` or `..`) the code will concatenate the slug and the uri. This MR adds a guard to that concat step that will return `nil` if the incoming slug matches against any of the "unsafe" slug regexes; currently this is only for the slug "javascript:" but can be extended if needed. Manually tested against a non-exhaustive list from OWASP of common javascript XSS exploits that have to to with mangling the "javascript:" method, and all are caught by this change or by existing code that ingests the user-specified slug.
-
- 24 May, 2019 1 commit
-
-
Filipa Lacerda authored
Replaces a hard-coded date in the job app spec Closes #62283 See merge request gitlab-org/gitlab-ce!28709
-
- 23 May, 2019 1 commit
-
-
James Edwards-Jones authored
-