Skip to content

GitLab

GitLab
GitLab
Switch branch/tag
  1. 15 Dec, 2015 18 commits
  3. 10 Dec, 2015 4 commits
    • Robert Speicher's avatar
      Version 8.2.3 · 19daba8a
      Robert Speicher authored
      19daba8a
    • Robert Speicher's avatar
      Update CHANGELOG · c6b332c3
      Robert Speicher authored 
      [ci skip]
      c6b332c3
    • Robert Speicher's avatar
      Merge branch 'devise_paranoid_mode' into 'master' · 0c0854c8
      Robert Speicher authored 
      Enable Devise paranoid mode and ensure the returned message is the same
every time. This will prevent user enumeration (low impact). 

Prior to this change a user could type an email in the password reset
field and if the email didn't exist it returned an error. If the email
was valid it returned a message saying the forgot password link had been
emailed. After this change the user will receive a message that if the
email is in our database the reset link will be emailed. 

I also changed the throttle mechanism so it still works the same but
now returns the exact same message as above. Previously it would say
'You've already sent a request. Wait a few minutes'. This also allows
user enumeration, although it requires a double-check.

Related to https://dev.gitlab.org/gitlab/gitlabhq/issues/2624

See merge request !2044
      0c0854c8
    • Robert Speicher's avatar
      Merge branch 'yaml_safe_load' into 'master' · 9888a972
      Robert Speicher authored 
      Use YAML.safe_load

See merge request !1941
      9888a972
  5. 08 Dec, 2015 1 commit
  7. 07 Dec, 2015 4 commits
    • Robert Speicher's avatar
      Update CHANGELOG · 38397062
      Robert Speicher authored 
      [ci skip]
      38397062
    • Grzegorz Bizon's avatar
      Merge branch 'fix/award-emoji-conflict-in-notes' into 'master' · 23975e09
      Grzegorz Bizon authored 
      Fix problems with award-emoji-only comment

This fixes a conflict between note with only a single emoji in content
and award-emojis mechanisms.

Closes #3734 

cc @vsizov

See merge request !1936
      23975e09
    • Valery Sizov's avatar
      Merge branch 'webhook_payload_with_changes' into 'master' · e70ac793
      Valery Sizov authored 
      Add added, modified and removed properties to commit object in webhook

https://gitlab.com/gitlab-org/gitlab-ee/issues/20

See merge request !1988
      e70ac793
    • Douwe Maan's avatar
      Merge branch 'fix-global-milestones-error-500' into 'master' · 46d24898
      Douwe Maan authored 
      Fix Error 500 when creating global milestones with Unicode characters

Two issues:

1. The constraints in the resources were incorrect. Here's what it was before:

```
group_milestone  GET /groups/:group_id/milestones/:id(.:format)  groups/milestones#show {:id=>/[a-zA-Z.0-9_\-]+(?<!\.atom)/, :group_id=>/[a-zA-Z.0-9_\-]+(?<!\.atom)/}
```

In this case, id is actually the title of the milestone, which can be anything at the moment.

After:
```
group_milestone  GET /groups/:group_id/milestones/:id(.:format)  groups/milestones#show {:id=>/[^\/]+/, :group_id=>/[a-zA-Z.0-9_\-]+(?<!\.atom)/}
```

2. `parameterize` would strip all Unicode characters, leaving a blank string. Rails would report something like:

```
ActionView::Template::Error (No route matches {:action=>"show", :controller=>"groups/milestones", :group_id=>#<Group id: 48, name: "ops-dev", path: "ops-dev", owner_id: nil, created_at: "2015-11-15 08:55:30", updated_at: "2015-12-02 06:23:26", type: "Group", description: "", avatar: "sha1.c71e73d51af1865c1bbbf6208e10044d46c9bb93.png", public: false>, :id=>"", :title=>"肯定不是中文的问题"} missing required keys: [:id]):
```

This change uses the babosa library to create a better slug, which surprisingly
isn't actually used by the global milestone controllers. Instead, they use the
title passed as a query string for some reason.

Closes https://github.com/gitlabhq/gitlabhq/issues/9881

See merge request !1983
      46d24898
  9. 05 Dec, 2015 1 commit
  11. 04 Dec, 2015 1 commit
  13. 02 Dec, 2015 2 commits
  15. 01 Dec, 2015 1 commit
  17. 30 Nov, 2015 5 commits
  19. 27 Nov, 2015 3 commits