- Sep 09, 2019
-
-
Vladimir Shushlin authored
-
- Sep 02, 2019
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
John Jarvis authored
Prepare 12.2.4 release See merge request gitlab-org/gitlab-ce!32455
-
Grzegorz Bizon authored
Fix permissions check in `RelativeLinkFilter` See merge request gitlab-org/gitlab-ce!32448
-
John Jarvis authored
Add StubConfiguration.stub_config method See merge request gitlab-org/gitlab-ce!32530
-
Ash McKenzie authored
-
Filipa Lacerda authored
Update Mermaid to v8.2.6 See merge request gitlab-org/gitlab-ce!32502
-
- Aug 30, 2019
-
-
Rémy Coutable authored
Fix snippets API not working with visibility level Closes #66050 See merge request gitlab-org/gitlab-ce!32286 (cherry picked from commit 1843502f) 680f4377 Fix snippets API not working with visibility level
-
Ash McKenzie authored
Fix Piwik not working Closes #66627 See merge request gitlab-org/gitlab-ce!32234 (cherry picked from commit 0c639b24) f6058981 Fix Piwik not working
-
Filipa Lacerda authored
Upgrade Mermaid to v8.2.4 See merge request gitlab-org/gitlab-ce!32186 (cherry picked from commit f90759bb) c2541b64 Upgrade Mermaid to v8.2.4
-
Stan Hu authored
Add helpers to exactly undo cleanup_concurrent_column_rename See merge request gitlab-org/gitlab-ce!32183 (cherry picked from commit fc08d48c) 9b592a59 Add helper to exactly undo cleanup_concurrent_column_rename 61777843 Add spec for undo_rename_column_concurrently d28ad870 Add spec for when default is false
-
Mike Greiling authored
fix: remove double % See merge request gitlab-org/gitlab-ce!32178 (cherry picked from commit bf2b4c52) 22e2a601 fix: remove double % from layout width description
-
Mayra Cabrera authored
Fix N+1 Gitaly calls in /api/v4/projects/:id/issues See merge request gitlab-org/gitlab-ce!32171 (cherry picked from commit bbd39021) 44063501 Fix N+1 Gitaly calls in /api/v4/projects/:id/issues
-
Mike Greiling authored
Fix issuable sidebar icon of notification disabled See merge request gitlab-org/gitlab-ce!32134 (cherry picked from commit a93612aa) 9ad0a8ad Fix issuable sidebar icon of notification disabled
-
Mike Greiling authored
Match syntax highlighting theme for line expansion rows Closes #66066 See merge request gitlab-org/gitlab-ce!31821 (cherry picked from commit 1349a3d5) 9013ab1f Add syntax highlighting for line expansion
- Aug 28, 2019
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
Jan Provaznik authored
Merge branch '66641-broken-master-real-http-connections-are-disabled-unregistered-request' into 'master' Use `stub_full_request` to fix spec failure Closes #66641 See merge request gitlab-org/gitlab-ce!32259
-
John Jarvis authored
This reverts commit cec9310c.
-
GitLab Release Tools Bot authored
Return NO_ACCESS if user is nil See merge request gitlab/gitlabhq!3390
-
Patrick Derichs authored
-
- Aug 27, 2019
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
Avoid exposing unaccessible repo data upon GFM post processing See merge request gitlab/gitlabhq!3382
-
- Aug 26, 2019
-
-
Oswaldo Ferreira authored
When post-processing relative links to absolute links RelativeLinkFilter didn't take into consideration that internal repository data could be exposed for users that do not have repository access to the project. This commit solves that by checking whether the user can `download_code` at this repository, avoiding any processing of this filter if the user can't. Additionally, if we're processing for a group ( no project was given), we check if the user can read it in order to expand the href as an extra. That doesn't seem necessarily a breach now, but an extra check doesn't hurt as after all the user needs to be able to `read_group`.
-
GitLab Release Tools Bot authored
Ensure only authorised users can create notes on merge requests and issues See merge request gitlab/gitlabhq!3324
-
Alex Kalderimis authored
* Prevent creating notes on inaccessible MRs This applies the notes rules at the MR scope. Rather than adding extra rules to the Project level policy, preventing :create_note here is better since it only prevents creating notes on MRs. * Prevent creating notes in inaccessible Issues without this policy, non-team-members are allowed to comment on issues even when the project has the private-issues policy set. This means that without this change, users are allowed to comment on issues that they cannot read. * Add CHANGELOG entry
-
GitLab Release Tools Bot authored
Prevent disclosure of merge request id via email See merge request gitlab/gitlabhq!3350
-
GitLab Release Tools Bot authored
Send TODOs for comments on commits correctly See merge request gitlab/gitlabhq!3365
-
GitLab Release Tools Bot authored
Gitaly: ignore git redirects See merge request gitlab/gitlabhq!3374
-
GitLab Release Tools Bot authored
Project visibility restriction bypass See merge request gitlab/gitlabhq!3330
-
Jacob Vosmaer authored
-
George Koltsov authored
Add Gitlab::VisibilityLevelChecker that verifies selected project visibility level (or overridden param) is not restricted when creating or importing a project
-
GitLab Release Tools Bot authored
DNS Rebind SSRF in Kubernetes Integration See merge request gitlab/gitlabhq!3268
-
GitLab Release Tools Bot authored
Filter out old system notes for epics in notes api endpoint response See merge request gitlab/gitlabhq!3314
-
GitLab Release Tools Bot authored
Fix HTML injection for label description See merge request gitlab/gitlabhq!3315
-
GitLab Release Tools Bot authored
Permission fix for MergeRequestsController#pipeline_status See merge request gitlab/gitlabhq!3322
-
GitLab Release Tools Bot authored
Limit the size of issuable description and comments See merge request gitlab/gitlabhq!3323
-