- 12 Feb, 2018 14 commits
-
-
Daniel Gerhardt authored
The following formerly separate commits have been merged in: * Adjust 'Sign in' button for GitLab's CSRF protection GitLab introduced CSRF protection for authentication requests in 571ba5a7. The 'Sign in' button has been adjusted to send a POST request. * Opt out of turbolinks for 'Sign in' button
-
Daniel Gerhardt authored
This restriction does not apply to admins.
-
Daniel Gerhardt authored
This restriction does not apply to admins.
-
Daniel Gerhardt authored
-
Daniel Gerhardt authored
-
Daniel Gerhardt authored
-
Daniel Gerhardt authored
The project variable can hold an object which is not an instance of Project (e.g. ProjectWiki). In this case, visibility_level is not defined.
-
Daniel Gerhardt authored
Additionally, the prompt to set a password is no longer shown for CAS users.
-
Daniel Gerhardt authored
-
Daniel Gerhardt authored
-
Daniel Gerhardt authored
-
Daniel Gerhardt authored
-
Daniel Gerhardt authored
-
Daniel Gerhardt authored
-
- 07 Feb, 2018 2 commits
-
-
Robert Speicher authored
-
Robert Speicher authored
[ci skip]
-
- 05 Feb, 2018 1 commit
-
-
Rémy Coutable authored
Signed-off-by:
Rémy Coutable <remy@rymai.me>
-
- 02 Feb, 2018 1 commit
-
-
Kamil Trzciński authored
Fix using wildcards in protected tags to expose protected variables - 10.2 See merge request gitlab/gitlabhq!2308
-
- 01 Feb, 2018 1 commit
-
-
Robert Speicher authored
[10.2] Fix stored XSS in code blocks See merge request gitlab/gitlabhq!2298
-
- 31 Jan, 2018 3 commits
-
-
James Lopez authored
[10-2] Fix GitHub import allowing a user to create a group under any existing namespace See merge request gitlab/gitlabhq!2302
-
Robert Speicher authored
[10.2] Restrict Todo API mark_as_done endpoint to the user's todos only See merge request gitlab/gitlabhq!2315
-
Douwe Maan authored
Makes SnippetFinder ensure feature visibility See merge request gitlab/gitlabhq!2224
-
- 18 Jan, 2018 2 commits
-
-
Oswaldo Ferreira authored
-
Oswaldo Ferreira authored
[ci skip]
-
- 17 Jan, 2018 2 commits
-
-
Stan Hu authored
[10.2] Fix bug in security release with deploy keys migration See merge request gitlab-org/gitlab-ce!16529
-
Francisco Javier López authored
-
- 11 Jan, 2018 2 commits
-
-
Oswaldo Ferreira authored
-
Oswaldo Ferreira authored
[ci skip]
-
- 10 Jan, 2018 1 commit
-
-
Oswaldo Ferreira authored
Prepare 10.2.6 Security Release See merge request gitlab/gitlabhq!2290
-
- 09 Jan, 2018 2 commits
-
-
Robert Speicher authored
Prevent login with disabled OAuth providers See merge request gitlab/gitlabhq!2223 (cherry picked from commit 43b6135f2226625b5e50d9aa2149a0ea74bb1336) a4bb4a5b Prevents login with disabled OAuth providers
-
Jacob Schatz authored
Sanitizes IPython notebook output See merge request gitlab/gitlabhq!2237 (cherry picked from commit db98d764c4112dd24bc5ae9ed2bfc01052820309) 8908edbf Sanitizes iPython notebook output 90286ceb fixed karma specs
-
- 08 Jan, 2018 9 commits
-
-
Robert Speicher authored
Merge branch '41293-fix-command-injection-vulnerability-on-system_hook_push-queue-through-web-hook-10-2' into 'security-10-2' [10.2] Don't allow line breaks on HTTP headers See merge request gitlab/gitlabhq!2287 (cherry picked from commit 1e19734413d46346dd46177d056d9c7165602197) b7664b12 Don't allow line breaks on HTTP headers
-
James Lopez authored
[10.2] Fix RCE via project import mechanism See merge request gitlab/gitlabhq!2293 (cherry picked from commit 836918b04ed739fe07b239d0e4eab58296218c8c) cec9a6ae Fix RCE via project import mechanism
-
Douwe Maan authored
[10.2] Migrate `can_push` column from `keys` to `deploy_keys_project` See merge request gitlab/gitlabhq!2275 (cherry picked from commit b07115bbf3a6f2340e88213f51f699302e6af1d9) 5382c682 Backport to 10.2
-
Sean McGivern authored
[10.2] backport - check project access on MR create See merge request gitlab/gitlabhq!2279 (cherry picked from commit dd1654b7830948347a23521058a1386a8ba97b69) 8b1e50e4 check project access on MR create
-
Robert Speicher authored
[10.2] Fix path traversal in gitlab-ci.yml cache:key See merge request gitlab/gitlabhq!2271 (cherry picked from commit 9184cd7968665137a18c4823ece239a4a1ca0e46) 1050945a Fix path traversal in gitlab-ci.yml cache:key
-
Robert Speicher authored
Validate project path in Gitlab import - 10.2 port See merge request gitlab/gitlabhq!2267 (cherry picked from commit faea8488456aed31915ca9dd6cb2a7d3090294ec) 036fc6c9 Validate project path in Gitlab import
-
Robert Speicher authored
Remove order param from the MilestoneFinder - 10.2 port See merge request gitlab/gitlabhq!2264 (cherry picked from commit 54c82aee8d97a7a82fff49197d023e2ebd3247e8) bca5ca97 Remove order param from the MilestoneFinder
-
Jacob Schatz authored
[10.2] Fix XSS in issue label dropdown See merge request gitlab/gitlabhq!2251 (cherry picked from commit df15b14521c46aaad5805ae90aa04739d78eec63) 6d693d09 Fix XSS in issue label dropdown
-
Robert Speicher authored
[10.2] Fix XSS vulnerability in Pipeline job trace - backport 10 2 See merge request gitlab/gitlabhq!2260 (cherry picked from commit 4ba826b5df561e85f6fdfc86c20779b1a91b598b) b890d809 Fix XSS vulnerability in Pipeline job trace
-