Commits · 54636e1d4293a8465a772020a54b6193d7df9878 · nexedi / gitlab-ce

17 Jan, 2018 11 commits

Merge branch 'fl-ipythin-10-3' into 'security-10-3' · 54636e1d

Phil Hughes authored Jan 09, 2018

Port of [10.2] Sanitizes IPython notebook output

See merge request gitlab/gitlabhq!2285

(cherry picked from commit 1c46e031c70706450a8e0ae730f4c323b72f9e4c)

aac035fe Port of [10.2] Sanitizes IPython notebook output

54636e1d

Merge branch 'fix/import-rce-10-3' into 'security-10-3' · 532a0b60

James Lopez authored Jan 08, 2018

[10.3] Fix RCE via project import mechanism

See merge request gitlab/gitlabhq!2294

(cherry picked from commit dcfec507d6f9ee119d65a832393e7c593af1d3b2)

86d75812 Fix RCE via project import mechanism

532a0b60

Merge branch... · 791ca43f

Robert Speicher authored Jan 05, 2018

Merge branch '41293-fix-command-injection-vulnerability-on-system_hook_push-queue-through-web-hook' into 'security-10-3'

Don't allow line breaks on HTTP headers

See merge request gitlab/gitlabhq!2277

(cherry picked from commit 7fc0a6fc096768a5604d6dd24d7d952e53300c82)

073b8f9c Don't allow line breaks on HTTP headers

791ca43f

Merge branch 'sh-migrate-can-push-to-deploy-keys-projects-10-3' into 'security-10-3' · 536a47b4

Douwe Maan authored Jan 05, 2018

[10.3] Migrate `can_push` column from `keys` to `deploy_keys_project`

See merge request gitlab/gitlabhq!2276

(cherry picked from commit f6ca52d31bac350a23938e0aebf717c767b4710c)

1f2bd3c0 Backport to 10.3

536a47b4

Merge branch '41567-projectfix' into 'security-10-3' · 3fc0564a

Sean McGivern authored Jan 05, 2018

check project access on MR create

See merge request gitlab/gitlabhq!2273

(cherry picked from commit 1fe2325d6ef2bced4c5e97b57691c894f38b2834)

43e85f49 check project access on MR create

3fc0564a

Merge branch 'ac/fix-path-traversal' into 'security-10-3' · 954a4457

Robert Speicher authored Jan 03, 2018

[10.3] Fix path traversal in gitlab-ci.yml cache:key

See merge request gitlab/gitlabhq!2270

(cherry picked from commit c32d0c6807dfd41d7838a35742e6d0986871b389)

df29094a Fix path traversal in gitlab-ci.yml cache:key

954a4457

Merge branch 'sh-validate-path-project-import-10-3' into 'security-10-3' · 1f96512b

Stan Hu authored Jan 04, 2018

Validate project path in Gitlab import - 10.3 port

See merge request gitlab/gitlabhq!2268

(cherry picked from commit 94c82376d66fc80d46dd2d5eeb5bade408ec6a7e)

2b94a7c2 Validate project path in Gitlab import

1f96512b

Merge branch 'milestones-finder-order-fix' into 'security-10-3' · 8f4b0613

Robert Speicher authored Jan 05, 2018

Remove order param from the MilestoneFinder

See merge request gitlab/gitlabhq!2259

(cherry picked from commit 14408042e78f2ebc2644f956621b461dbfa3d36d)

155881e7 Remove order param from the MilestoneFinder

8f4b0613

Merge branch 'label-xss-10-3' into 'security-10-3' · 6846b70d

Jacob Schatz authored Dec 15, 2017

[10.3] Fix XSS in issue label dropdown

See merge request gitlab/gitlabhq!2253

(cherry picked from commit 363ffabcebd7bb0d1a2d59ca1a75e4eadb4a4360)

ea1fb0ea Fix XSS in issue label dropdown

6846b70d

Merge branch 'ac/41346-xss-ci-job-output' into 'security-10-3' · 72a57525

Robert Speicher authored Dec 21, 2017

[10.3] Fix XSS vulnerability in Pipeline job trace

See merge request gitlab/gitlabhq!2258

(cherry picked from commit 44caa80ed9a2514a74a5eeab10ff51849d64851b)

5f86f3ff Fix XSS vulnerability in Pipeline job trace

72a57525

Merge branch... · 0424801e

Stan Hu authored Jan 06, 2018

Merge branch 'security-10-3-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-3'

Filter out sensitive fields from the project services API

See merge request gitlab/gitlabhq!2281

(cherry picked from commit 476f2576444632f2a9a61b4cead9c1077f2c81d7)

2bcbbda0 Filter out sensitive fields from the project services API

0424801e

16 Jan, 2018 29 commits
- Merge branch 'jej/lfs-rev-list-handles-non-utf-paths-41627' into 'master' · 3228ac06
  Stan Hu authored Jan 16, 2018
```
Prevent RevList failing on non utf8 paths

Closes #41627

See merge request gitlab-org/gitlab-ce!16440
```
  3228ac06
- Merge branch '37898-increase-readability-of-colored-text-in-job-output-log' into 'master' · f17d7a4b
  Annabel Dunstone Gray authored Jan 16, 2018
```
fix readability xterm colors

Closes #37898

See merge request gitlab-org/gitlab-ce!15921
```
  f17d7a4b
- fix readability xterm colors · e4239eb2
  Danny authored Jan 16, 2018
  
  e4239eb2
- Merge branch '42047-pg-10-support' into 'master' · 19b76cd4
  Nick Thomas authored Jan 16, 2018
```
Resolve "postgresql 10 support for GitLab"

Closes #42047

See merge request gitlab-org/gitlab-ce!16471
```
  19b76cd4
- Merge branch 'patch-28' into 'master' · 66ae7560
  Rémy Coutable authored Jan 16, 2018
```
Update test-and-deploy-ruby-application-to-heroku.md

See merge request gitlab-org/gitlab-ce!16500
```
  66ae7560
- Merge branch '40818-last-push-widget-does-not-appear-after-pushing-new-commit' into 'master' · 9d45c491
  Rémy Coutable authored Jan 16, 2018
```
Last push widget will show banner for new pushes to previously merged branch

Closes #40818

See merge request gitlab-org/gitlab-ce!15728
```
  9d45c491
- Update test-and-deploy-ruby-application-to-heroku.md · 4367c509
  JJ Asghar authored Jan 16, 2018
```
Converted from type to "stage" due to depreciation.
Signed-off-by: JJ Asghar <jjasghar@gmail.com>
```
  4367c509
- Merge branch 'fix/pipeline-header-padding' into 'master' · ac23f3f0
  Filipa Lacerda authored Jan 16, 2018
```
Add pipeline header padding

See merge request gitlab-org/gitlab-ce!16496
```
  ac23f3f0
- Merge branch 'winh-style-modals' into 'master' · 475c1a29
  Tim Zallmann authored Jan 16, 2018
```
Adjust modal style to new design

See merge request gitlab-org/gitlab-ce!16310
```
  475c1a29
- Merge branch 'builds-api-nplusone' into 'master' · 191b5153
  Stan Hu authored Jan 16, 2018
```
Resolve "N+1 queries with /projects/:project_id/builds API endpoint"

Closes #41957

See merge request gitlab-org/gitlab-ce!16445
```
  191b5153
- Merge branch '42031-fix-links-to-uploads-in-wikis' into 'master' · 79b05cdd
  Douwe Maan authored Jan 16, 2018
```
Resolve "Wiki uploaded files are missing"

Closes #42031

See merge request gitlab-org/gitlab-ce!16499
```
  79b05cdd
- Merge branch 'print-list-of-available-backups' into 'master' · f084525f
  Douwe Maan authored Jan 16, 2018
```
List backups avilable for restore

See merge request gitlab-org/gitlab-ce!16465
```
  f084525f
- Merge branch 'dispatcher-projects-c' into 'master' · 86268771
  Phil Hughes authored Jan 16, 2018
```
dispatcher changes for projects:c* views

See merge request gitlab-org/gitlab-ce!16416
```
  86268771
- Add pipeline header padding · 38d46d7b
  George Tsiolis authored Jan 16, 2018
  
  38d46d7b
- Fix links to uploaded files on wiki pages · 31e59219
  Nick Thomas authored Jan 16, 2018
  
  31e59219
- Merge branch '42046-fork-icon' into 'master' · 78ca7d97
  Fatih Acet authored Jan 16, 2018
```
Resolve "Icons on forks page are to big"

Closes #42046

See merge request gitlab-org/gitlab-ce!16474
```
  78ca7d97
- Resolve "Icons on forks page are to big" · 5d8b06d2
  Simon Knox authored Jan 16, 2018
  
  5d8b06d2
- Merge branch '41796-update-auto-deployed-prometheus-scrape-config' into 'master' · 0f449ecc
  Kamil Trzciński authored Jan 16, 2018
```
Update auto-deployed prometheus scrape config

Closes #41796

See merge request gitlab-org/gitlab-ce!16306
```
  0f449ecc
- Update seed-fu to a version compatible with postgresql 10 · 58282e35
  Nick Thomas authored Jan 16, 2018
  
  58282e35
- Check for both backup files · 740d819e
  Balasankar "Balu" C authored Jan 16, 2018
  
  740d819e
- Merge branch '41666-cannot-search-with-keyword-merge' into 'master' · a7d17262
  Rémy Coutable authored Jan 16, 2018
```
Resolve "Cannot search with keyword "merge""

Closes #41666

See merge request gitlab-org/gitlab-ce!16462
```
  a7d17262
- Merge branch '41921-follow-up-fixes' into 'master' · 093856a7
  Rémy Coutable authored Jan 16, 2018
```
Refactor of buttons _dropdown partial

Closes #41921

See merge request gitlab-org/gitlab-ce!16486
```
  093856a7
- Merge branch 'master' into 'master' · b82c4f1b
  Rémy Coutable authored Jan 16, 2018
```
Fix typo in doc_styleguide.md

See merge request gitlab-org/gitlab-ce!16481
```
  b82c4f1b
- Merge branch 'fix/profile-gpg-keys-column-width' into 'master' · 28cfb686
  Rémy Coutable authored Jan 16, 2018
```
Change user settings column width

See merge request gitlab-org/gitlab-ce!16479
```
  28cfb686
- Merge branch 'fix/activity-nav-inconsistent-capitalization' into 'master' · 891f7cba
  Rémy Coutable authored Jan 16, 2018
```
Fix top-area inconsistent capitalization

See merge request gitlab-org/gitlab-ce!16476
```
  891f7cba
- Support PostgreSQL 10 · 3bb79875
  Nick Thomas authored Jan 15, 2018
  
  3bb79875
- Prevent RevList failing on non utf8 paths · c4dd7b82
  James Edwards-Jones authored Jan 12, 2018
  
  c4dd7b82
- Merge branch '41476-enable-project-milestons-deletion-via-api' into 'master' · 04edbb5f
  Rémy Coutable authored Jan 16, 2018
```
Resolve "Enable Project Milestone Deletion via the API"

Closes #41476

See merge request gitlab-org/gitlab-ce!16478
```
  04edbb5f
- Imitate other specs · a3633805
  Balasankar "Balu" C authored Jan 16, 2018
  
  a3633805