- 02 Mar, 2020 23 commits
-
-
GitLab Release Tools Bot authored
Sanitize output by dependency linkers Closes #37 See merge request gitlab-org/security/gitlab!106
-
GitLab Release Tools Bot authored
Enforce feedback pipeline is in the same project See merge request gitlab-org/security/gitlab!117
-
GitLab Release Tools Bot authored
Check for registry permissions on docker login request Closes #43 See merge request gitlab-org/security/gitlab!144
-
GitLab Release Tools Bot authored
Don't require base_sha in DiffRefsType Closes #45 See merge request gitlab-org/security/gitlab!145
-
GitLab Release Tools Bot authored
Escape special chars in Sentry error header See merge request gitlab-org/security/gitlab!146
-
GitLab Release Tools Bot authored
Update ProjectAuthorization when deleting or updating GroupGroupLink Closes #55 See merge request gitlab-org/security/gitlab!165
-
GitLab Release Tools Bot authored
Update user 2fa when accepting group invite See merge request gitlab-org/security/gitlab!169
-
GitLab Release Tools Bot authored
Fix Service Side Request Forgery in JenkinsDeprecatedService See merge request gitlab-org/security/gitlab!179
-
GitLab Release Tools Bot authored
Expire account confirmation token See merge request gitlab-org/security/gitlab!180
-
GitLab Release Tools Bot authored
Fix for XSS in branch names Closes #49 See merge request gitlab-org/security/gitlab!184
-
Robert May authored
-
GitLab Release Tools Bot authored
Remove OID filtering during LFS imports See merge request gitlab-org/security/gitlab!188
-
GitLab Release Tools Bot authored
Respect member access level for group shares Closes #56 See merge request gitlab-org/security/gitlab!192
-
Imre Farkas authored
Previously, we only considered the access level set for the GroupGroupLink when calculated ProjectAuthorization or Group#max_member_access_for_user for the shared group. We need to consider access level in the shared with group as well, which might be lower than the one set for GroupGroupLink.
-
GitLab Release Tools Bot authored
Check merge requests read permissions before showing them in the pipeline widget Closes #60 See merge request gitlab-org/security/gitlab!207
-
GitLab Release Tools Bot authored
Forbid trigger pipeline requests with Gitlab-Event header Closes #61 See merge request gitlab-org/security/gitlab!216
-
GitLab Release Tools Bot authored
Prevent XSS in admin grafana url setting Closes #25 See merge request gitlab-org/security/gitlab!218
-
GitLab Release Tools Bot authored
Run badge images through asset proxy Closes #33 See merge request gitlab-org/security/gitlab!232
-
Heinrich Lee Yu authored
This allows us to proxy URLs without going through the HTML filter
-
GitLab Release Tools Bot authored
Recalculate ProjectAuthorizations Closes #75 See merge request gitlab-org/security/gitlab!272
-
rpereira2 authored
* Validate the grafana URL setting to ensure it is a valid URL and does not contain javascript. * Add a rel='noopener noreferrer' attribute to the link on the frontend so that when the link is opened in a new tab, it will not be able to control the tab from which it was opened. * Use the system_hook_validator for grafana_url since it is an admin setting. * Add migration to remove any javascript URLs from application_settings.grafana_url. * Add a blocked_message option to addressable_url_validator. The option allows a custom error message to be added if the URL is blocked. * Add a parse_url method to Gitlab::Util which returns an Addressable::URI object. * Add changelog entry.
-
Yorick Peterse authored
Fix fixtures for Error Tracking Web UI See merge request gitlab-org/security/gitlab!293
-
Takuya Noguchi authored
Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
-
- 28 Feb, 2020 17 commits
-
-
Mike Lewis authored
Move interest in contributing an app to the end of the app list See merge request gitlab-org/gitlab!26180
-
Mike Lewis authored
-
Martin Wortschack authored
Update GitLab Packages See merge request gitlab-org/gitlab!26175
-
Mark Florian authored
199134 - Update severity badges See merge request gitlab-org/gitlab!25489
-
-
Robert Speicher authored
Disable ci variables ff See merge request gitlab-org/gitlab!26020
-
Phil Hughes authored
Add skeleton loaders to container registry See merge request gitlab-org/gitlab!25994
-
Nicolò Maria Mezzopera authored
- skeleton loader - adjust tests
-
Kenny Johnston authored
-
Paul Slaughter authored
Ported existing spec from karma to jest See merge request gitlab-org/gitlab!25934
-
-
Mark Florian authored
Create a vulnerability-list component See merge request gitlab-org/gitlab!25927
-
Sam Beckham authored
- Adds the dumb component for the vulnerability table - Adds a smart wrapper around the above component - Removes the haml table and replaces it with a loading state - Adds pagination to the vue table - Adds the alert component error state - Hooks up the HAML data to the app
-
Phil Hughes authored
Group Deploy Tokens interface See merge request gitlab-org/gitlab!24102
-
Etienne Baqué authored
Added model and rspecs. Updated DeployToken model associations.
-
Stan Hu authored
Remove Puma notices from AdminArea banner See merge request gitlab-org/gitlab!26137
-
Martin Wortschack authored
Allow chart descriptions for Insights Closes #11221 See merge request gitlab-org/gitlab!25686
-