1. 15 Dec, 2015 18 commits
  2. 10 Dec, 2015 4 commits
    • Robert Speicher's avatar
      Version 8.2.3 · 19daba8a
      Robert Speicher authored
    • Robert Speicher's avatar
      Update CHANGELOG · c6b332c3
      Robert Speicher authored
      [ci skip]
    • Robert Speicher's avatar
      Merge branch 'devise_paranoid_mode' into 'master' · 0c0854c8
      Robert Speicher authored
      Enable Devise paranoid mode and ensure the returned message is the same
      every time. This will prevent user enumeration (low impact). 
      Prior to this change a user could type an email in the password reset
      field and if the email didn't exist it returned an error. If the email
      was valid it returned a message saying the forgot password link had been
      emailed. After this change the user will receive a message that if the
      email is in our database the reset link will be emailed. 
      I also changed the throttle mechanism so it still works the same but
      now returns the exact same message as above. Previously it would say
      'You've already sent a request. Wait a few minutes'. This also allows
      user enumeration, although it requires a double-check.
      Related to https://dev.gitlab.org/gitlab/gitlabhq/issues/2624
      See merge request !2044
    • Robert Speicher's avatar
      Merge branch 'yaml_safe_load' into 'master' · 9888a972
      Robert Speicher authored
      Use YAML.safe_load
      See merge request !1941
  3. 08 Dec, 2015 1 commit
  4. 07 Dec, 2015 4 commits
    • Robert Speicher's avatar
      Update CHANGELOG · 38397062
      Robert Speicher authored
      [ci skip]
    • Grzegorz Bizon's avatar
      Merge branch 'fix/award-emoji-conflict-in-notes' into 'master' · 23975e09
      Grzegorz Bizon authored
      Fix problems with award-emoji-only comment
      This fixes a conflict between note with only a single emoji in content
      and award-emojis mechanisms.
      Closes #3734 
      cc @vsizov
      See merge request !1936
    • Valery Sizov's avatar
      Merge branch 'webhook_payload_with_changes' into 'master' · e70ac793
      Valery Sizov authored
      Add added, modified and removed properties to commit object in webhook
      See merge request !1988
    • Douwe Maan's avatar
      Merge branch 'fix-global-milestones-error-500' into 'master' · 46d24898
      Douwe Maan authored
      Fix Error 500 when creating global milestones with Unicode characters
      Two issues:
      1. The constraints in the resources were incorrect. Here's what it was before:
      group_milestone  GET /groups/:group_id/milestones/:id(.:format)  groups/milestones#show {:id=>/[a-zA-Z.0-9_\-]+(?<!\.atom)/, :group_id=>/[a-zA-Z.0-9_\-]+(?<!\.atom)/}
      In this case, id is actually the title of the milestone, which can be anything at the moment.
      group_milestone  GET /groups/:group_id/milestones/:id(.:format)  groups/milestones#show {:id=>/[^\/]+/, :group_id=>/[a-zA-Z.0-9_\-]+(?<!\.atom)/}
      2. `parameterize` would strip all Unicode characters, leaving a blank string. Rails would report something like:
      ActionView::Template::Error (No route matches {:action=>"show", :controller=>"groups/milestones", :group_id=>#<Group id: 48, name: "ops-dev", path: "ops-dev", owner_id: nil, created_at: "2015-11-15 08:55:30", updated_at: "2015-12-02 06:23:26", type: "Group", description: "", avatar: "sha1.c71e73d51af1865c1bbbf6208e10044d46c9bb93.png", public: false>, :id=>"", :title=>"肯定不是中文的问题"} missing required keys: [:id]):
      This change uses the babosa library to create a better slug, which surprisingly
      isn't actually used by the global milestone controllers. Instead, they use the
      title passed as a query string for some reason.
      Closes https://github.com/gitlabhq/gitlabhq/issues/9881
      See merge request !1983
  5. 05 Dec, 2015 1 commit
  6. 04 Dec, 2015 1 commit
  7. 02 Dec, 2015 2 commits
  8. 01 Dec, 2015 1 commit
  9. 30 Nov, 2015 5 commits
  10. 27 Nov, 2015 3 commits