Commits · 5c8088da57b85f2ddfc587bf888ae357c2d25f10 · projects.thm.de / GitLab FOSS

Sep 09, 2019
- Upgrade pages to 1.7.2 · 5c8088da
  Vladimir Shushlin authored Aug 26, 2019
  
  5c8088da
Sep 02, 2019
- Update VERSION to 12.2.4 · fcd10768
  GitLab Release Tools Bot authored Sep 02, 2019
  
  fcd10768
- Update CHANGELOG.md for 12.2.4 · eca69adc
  GitLab Release Tools Bot authored Sep 02, 2019
```
[ci skip]
```
  eca69adc
- Merge branch '12-2-stable-patch-4' into '12-2-stable' · cded55c0
  John Jarvis authored Sep 02, 2019
```
Prepare 12.2.4 release

See merge request gitlab-org/gitlab-ce!32455
```
  cded55c0
- Merge branch '66803-fix-uploads-relative-link-filter' into 'master' · 2e0a846e
  Grzegorz Bizon authored Sep 02, 2019
```
Fix permissions check in `RelativeLinkFilter`

See merge request gitlab-org/gitlab-ce!32448
```
  2e0a846e
- Merge branch 'ashmckenzie/12-2-stable-patch-4-add-stub-config' into '12-2-stable-patch-4' · c838459f
  John Jarvis authored Sep 02, 2019
```
Add StubConfiguration.stub_config method

See merge request gitlab-org/gitlab-ce!32530
```
  c838459f
- Add StubConfiguration.stub_config method · 4925687e
  Ash McKenzie authored Sep 02, 2019
  
  4925687e
- Merge branch 'sh-mermaid-8.2.6' into 'master' · 271de447
  Filipa Lacerda authored Sep 02, 2019
```
Update Mermaid to v8.2.6

See merge request gitlab-org/gitlab-ce!32502
```
  271de447
Aug 30, 2019

Merge branch 'revert-' into 'master' · 9fb5230f

Evan Read authored Aug 30, 2019

Revert "Merge branch 'nik-api-snippets-fix' into 'master'"

Closes #66673

See merge request gitlab-org/gitlab-ce!32295

(cherry picked from commit 98f2ab29)

5e0378b3 Revert "Merge branch 'nik-api-snippets-fix' into 'master'"

9fb5230f

Merge branch 'sh-fix-snippet-visibility-api' into 'master' · 14b67e94

Rémy Coutable authored Aug 29, 2019

Fix snippets API not working with visibility level

Closes #66050

See merge request gitlab-org/gitlab-ce!32286

(cherry picked from commit 1843502f)

680f4377 Fix snippets API not working with visibility level

14b67e94

Merge branch 'sh-fix-piwik-template' into 'master' · 01f01313

Ash McKenzie authored Aug 27, 2019

Fix Piwik not working

Closes #66627

See merge request gitlab-org/gitlab-ce!32234

(cherry picked from commit 0c639b24)

f6058981 Fix Piwik not working

01f01313

Merge branch 'sh-upgrade-mermaid-8.2.4' into 'master' · bec06b7d

Filipa Lacerda authored Aug 28, 2019

Upgrade Mermaid to v8.2.4

See merge request gitlab-org/gitlab-ce!32186

(cherry picked from commit f90759bb)

c2541b64 Upgrade Mermaid to v8.2.4

bec06b7d

Merge branch 'fix-migration-helper' into 'master' · bb58d4cd

Stan Hu authored Aug 25, 2019

Add helpers to exactly undo cleanup_concurrent_column_rename

See merge request gitlab-org/gitlab-ce!32183

(cherry picked from commit fc08d48c)

9b592a59 Add helper to exactly undo cleanup_concurrent_column_rename
61777843 Add spec for undo_rename_column_concurrently
d28ad870 Add spec for when default is false

bb58d4cd

Merge branch 'patch-74' into 'master' · da6fa19f

Mike Greiling authored Aug 26, 2019

fix: remove double %

See merge request gitlab-org/gitlab-ce!32178

(cherry picked from commit bf2b4c52)

22e2a601 fix: remove double % from layout width description

da6fa19f

Merge branch 'sh-fix-nplusone-issues' into 'master' · d074658a

Mayra Cabrera authored Aug 26, 2019

Fix N+1 Gitaly calls in /api/v4/projects/:id/issues

See merge request gitlab-org/gitlab-ce!32171

(cherry picked from commit bbd39021)

44063501 Fix N+1 Gitaly calls in /api/v4/projects/:id/issues

d074658a

Merge branch 'fe-fix-issuable-sidebar-icon-of-notification-disabled' into 'master' · 3efca731

Mike Greiling authored Aug 23, 2019

Fix issuable sidebar icon of notification disabled

See merge request gitlab-org/gitlab-ce!32134

(cherry picked from commit a93612aa)

9ad0a8ad Fix issuable sidebar icon of notification disabled

3efca731

Merge branch '66066-dark-theme-style-for-expansion-on-mr-diffs' into 'master' · 9ec18138

Mike Greiling authored Aug 20, 2019

Match syntax highlighting theme for line expansion rows

Closes #66066

See merge request gitlab-org/gitlab-ce!31821

(cherry picked from commit 1349a3d5)

9013ab1f Add syntax highlighting for line expansion

9ec18138

Aug 28, 2019
- Update VERSION to 12.2.3 · 13598699
  GitLab Release Tools Bot authored Aug 28, 2019
  
  13598699
- Update CHANGELOG.md for 12.2.3 · b76d26eb
  GitLab Release Tools Bot authored Aug 28, 2019
```
[ci skip]
```
  b76d26eb
- Merge branch... · eda2f790
  Jan Provaznik authored Aug 27, 2019
```
Merge branch '66641-broken-master-real-http-connections-are-disabled-unregistered-request' into 'master'

Use `stub_full_request` to fix spec failure

Closes #66641

See merge request gitlab-org/gitlab-ce!32259
```
  eda2f790
- Revert "Update CHANGELOG.md for 12.2.2" · 6a6a7ede
  John Jarvis authored Aug 28, 2019
```
This reverts commit cec9310c.
```
  6a6a7ede
- Merge branch 'security-fix-something-went-wrong-on-when-not-logged-in-ce-12-2' into '12-2-stable' · 7c38249e
  GitLab Release Tools Bot authored Aug 28, 2019
```
Return NO_ACCESS if user is nil

See merge request gitlab/gitlabhq!3390
```
  7c38249e
- Return NO_ACCESS if user is nil · a859b144
  Patrick Derichs authored Aug 28, 2019
  
  a859b144
Aug 27, 2019
- Update VERSION to 12.2.2 · 10c7bd26
  GitLab Release Tools Bot authored Aug 27, 2019
  
  10c7bd26
- Update CHANGELOG.md for 12.2.2 · cec9310c
  GitLab Release Tools Bot authored Aug 27, 2019
```
[ci skip]
```
  cec9310c
- Merge branch 'security-exposed-default-branch-12-2' into '12-2-stable' · 73c24b27
  GitLab Release Tools Bot authored Aug 26, 2019
```
Avoid exposing unaccessible repo data upon GFM post processing

See merge request gitlab/gitlabhq!3382
```
  73c24b27
Aug 26, 2019

Avoid exposing unaccessible repo data upon GFM processing · 9dde7259

Oswaldo Ferreira authored Aug 20, 2019

When post-processing relative links to absolute links
RelativeLinkFilter didn't take into consideration that
internal repository data could be exposed for users
that do not have repository access to the project.

This commit solves that by checking whether the user
can `download_code` at this repository, avoiding any
processing of this filter if the user can't.

Additionally, if we're processing for a group (
no project was given), we check if the user can
read it in order to expand the href as an extra.
That doesn't seem necessarily a breach now,
but an extra check doesn't hurt as after all
the user needs to be able to `read_group`.

9dde7259

Merge branch 'security-2853-prevent-comments-on-private-mrs-12-2' into '12-2-stable' · f73a46ca
GitLab Release Tools Bot authored Aug 26, 2019
```
Ensure only authorised users can create notes on merge requests and issues

See merge request gitlab/gitlabhq!3324
```
f73a46ca

Prevent unauthorised comments on merge requests · d9ecd83c

Alex Kalderimis authored Jun 04, 2019

* Prevent creating notes on inaccessible MRs

This applies the notes rules at the MR scope. Rather than adding extra
rules to the Project level policy, preventing :create_note here is
better since it only prevents creating notes on MRs.

* Prevent creating notes in inaccessible Issues

without this policy, non-team-members are allowed to comment on issues
even when the project has the private-issues policy set. This means that
without this change, users are allowed to comment on issues that they
cannot read.

* Add CHANGELOG entry

d9ecd83c

Merge branch 'security-hide_merge_request_ids_on_emails-12-2' into '12-2-stable' · 2d661158
GitLab Release Tools Bot authored Aug 26, 2019
```
Prevent disclosure of merge request id via email

See merge request gitlab/gitlabhq!3350
```
2d661158
Merge branch 'security-64711-fix-commit-todos-12-2' into '12-2-stable' · 4ac64650
GitLab Release Tools Bot authored Aug 26, 2019
```
Send TODOs for comments on commits correctly

See merge request gitlab/gitlabhq!3365
```
4ac64650
Merge branch 'security-12-2-stable-gitaly-1.59.2' into '12-2-stable' · c9b5d09a
GitLab Release Tools Bot authored Aug 26, 2019
```
Gitaly: ignore git redirects

See merge request gitlab/gitlabhq!3374
```
c9b5d09a
Merge branch 'security-project-import-bypass-12-2' into '12-2-stable' · c8df2a9b
GitLab Release Tools Bot authored Aug 26, 2019
```
Project visibility restriction bypass

See merge request gitlab/gitlabhq!3330
```
c8df2a9b
Use Gitaly 1.59.2 · 599f5aa2
Jacob Vosmaer authored Aug 26, 2019

599f5aa2

Fix project import restricted visibility bypass · 264349ab

George Koltsov authored Aug 06, 2019

Add Gitlab::VisibilityLevelChecker that verifies
selected project visibility level (or overridden param)
is not restricted when creating or importing a project

264349ab

Merge branch 'security-ssrf-kubernetes-dns' into '12-2-stable' · e3394135
GitLab Release Tools Bot authored Aug 26, 2019
```
DNS Rebind SSRF in Kubernetes Integration

See merge request gitlab/gitlabhq!3268
```
e3394135
Merge branch 'security-epic-notes-api-reveals-historical-info-ce-12-2' into '12-2-stable' · 295f35e8
GitLab Release Tools Bot authored Aug 26, 2019
```
Filter out old system notes for epics in notes api endpoint response

See merge request gitlab/gitlabhq!3314
```
295f35e8
Merge branch 'security-fix-html-injection-for-label-description-ce-12-2' into '12-2-stable' · 57fdf035
GitLab Release Tools Bot authored Aug 26, 2019
```
Fix HTML injection for label description

See merge request gitlab/gitlabhq!3315
```
57fdf035
Merge branch 'security-mr-head-pipeline-leak-12-2' into '12-2-stable' · 239a6dc1
GitLab Release Tools Bot authored Aug 26, 2019
```
Permission fix for MergeRequestsController#pipeline_status

See merge request gitlab/gitlabhq!3322
```
239a6dc1
Merge branch 'security-61974-limit-issue-comment-size-12-2' into '12-2-stable' · 7d9fd99d
GitLab Release Tools Bot authored Aug 26, 2019
```
Limit the size of issuable description and comments

See merge request gitlab/gitlabhq!3323
```
7d9fd99d

Admin message