Commits · 9de178e9e452945eaaee0379dddd354c3c2bba09 · projects.thm.de / GitLab

03 Jan, 2019 14 commits
- Directly link sign in button on page headers with CAS login · 9de178e9
  Daniel Gerhardt authored Jun 15, 2015
```
The following formerly separate commits have been merged in:

* Adjust 'Sign in' button for GitLab's CSRF protection

  GitLab introduced CSRF protection for authentication requests in
  571ba5a7. The 'Sign in' button has been
  adjusted to send a POST request.

* Opt out of turbolinks for 'Sign in' button
```
  9de178e9
- Prevent group names of length < 5 when updating settings · 91cb26e9
  Daniel Gerhardt authored May 04, 2015
```
This restriction does not apply to admins.
```
  91cb26e9
- Forbid creation of groups with a path length < 5 · e7cca591
  Daniel Gerhardt authored Apr 28, 2015
```
This restriction does not apply to admins.
```
  e7cca591
- Adjust version info shown in documentation · 86bcc796
  Daniel Gerhardt authored Apr 15, 2015
  
  86bcc796
- Remove promotional links from dashboard's sidebar · d7056d16
  Daniel Gerhardt authored Apr 15, 2015
  
  d7056d16
- Change example URLs and info for repository import · 0cc5614b
  Daniel Gerhardt authored Apr 15, 2015
  
  0cc5614b
- Always check visibility on correct project for clone panel · 32656c18
  Daniel Gerhardt authored Aug 26, 2015
```
The project variable can hold an object which is not an instance of
Project (e.g. ProjectWiki). In this case, visibility_level is not
defined.
```
  32656c18
- Hide HTTPS clone button for non-public projects for CAS users · b9e6b4a5
  Daniel Gerhardt authored Apr 15, 2015
```
Additionally, the prompt to set a password is no longer shown for CAS
users.
```
  b9e6b4a5
- Disable project import via Oauth providers · c311add6
  Daniel Gerhardt authored Apr 15, 2015
  
  c311add6
- Disable Oauth application settings for end users · cfd87840
  Daniel Gerhardt authored Apr 14, 2015
  
  cfd87840
- Forbid password changing for CAS users · 73ef75fe
  Daniel Gerhardt authored Apr 14, 2015
  
  73ef75fe
- Add CAS specifc methods to user model · 4b97c846
  Daniel Gerhardt authored Apr 14, 2015
  
  4b97c846
- Forbid paths matching the pattern of THM usernames · 9821f042
  Daniel Gerhardt authored Apr 14, 2015
  
  9821f042
- Use UID instead of e-mail address as username · 1514c0c1
  Daniel Gerhardt authored Apr 14, 2015
  
  1514c0c1
20 Dec, 2018 3 commits
- Update VERSION to 11.3.14 · d96e9a96
  GitLab Release Tools Bot authored Dec 20, 2018
  
  d96e9a96
- Update CHANGELOG.md for 11.3.14 · 282d56bc
  GitLab Release Tools Bot authored Dec 20, 2018
```
[ci skip]
```
  282d56bc
- Merge branch 'security-import-symlink-11-3' of dev.gitlab.org:gitlab/gitlabhq into security-11-3 · b40f8d1d
  John Jarvis authored Dec 20, 2018
  
  b40f8d1d
13 Dec, 2018 3 commits
- Update VERSION to 11.3.13 · 366aa2be
  GitLab Release Tools Bot authored Dec 13, 2018
  
  366aa2be
- Update CHANGELOG.md for 11.3.13 · 6a83ee5b
  GitLab Release Tools Bot authored Dec 13, 2018
```
[ci skip]
```
  6a83ee5b
- Merge branch 'security-2754-fix-lfs-import-11-3' into 'security-11-3' · 72af766a
  John Jarvis authored Dec 12, 2018
```
[11.3] Validate LFS hrefs before downloading them

See merge request gitlab/gitlabhq!2700
```
  72af766a
06 Dec, 2018 3 commits
- Update VERSION to 11.3.12 · 60c89f44
  GitLab Release Tools Bot authored Dec 06, 2018
  
  60c89f44
- Update CHANGELOG.md for 11.3.12 · 8bead5f8
  GitLab Release Tools Bot authored Dec 06, 2018
```
[ci skip]
```
  8bead5f8
- Merge branch 'security-54857-fix-templates-path-traversal-11-3' into 'security-11-3' · 90d09306
  Cindy Pallares authored Dec 05, 2018
```
[11.3] Prevent a path traversal attack on global file templates

See merge request gitlab/gitlabhq!2671
```
  90d09306
27 Nov, 2018 2 commits
- Update VERSION to 11.3.11 · 9c30391c
  GitLab Release Tools Bot authored Nov 26, 2018
  
  9c30391c
- Update CHANGELOG.md for 11.3.11 · 9eff3873
  GitLab Release Tools Bot authored Nov 26, 2018
```
[ci skip]
```
  9eff3873
26 Nov, 2018 11 commits
- Merge branch 'security-fix-uri-xss-applications-11-3' into 'security-11-3' · 7529d554
  Steve Azzopardi authored Nov 26, 2018
```
[11.3] Reflected XSS in OAuth Authorize window due to redirect_uri allowing arbitrary protocols

See merge request gitlab/gitlabhq!2581
```
  7529d554
- Merge branch 'security-11-3-fj-crlf-injection' into 'security-11-3' · f59f728f
  Steve Azzopardi authored Nov 26, 2018
```
[11.3] Fix CRLF issue in UrlValidator

See merge request gitlab/gitlabhq!2654
```
  f59f728f
- [11.3] Fix CRLF issue in UrlValidator · 536b7dca
  Francisco Javier López authored Nov 26, 2018
  
  536b7dca
- Merge branch 'security-182-update-workhorse-11-3' into 'security-11-3' · 707d210b
  Steve Azzopardi authored Nov 26, 2018
```
[11.3] Redact sensitive information on workhorse log

See merge request gitlab/gitlabhq!2586
```
  707d210b
- Merge branch 'security-11-3-fix-webhook-ssrf-ipv6' into 'security-11-3' · 4e1d9f16
  Steve Azzopardi authored Nov 26, 2018
```
[11.3] Fix SSRF in project integrations

See merge request gitlab/gitlabhq!2609
```
  4e1d9f16
- Merge branch 'security-email-change-notification-11-3' into 'security-11-3' · 778d14b1
  Steve Azzopardi authored Nov 26, 2018
```
[11.3] Resolve: "Provide email notification when a user changes their email address"

See merge request gitlab/gitlabhq!2604
```
  778d14b1
- Merge branch 'security-guest-comments-11-3' into 'security-11-3' · 9ec0a08a
  Steve Azzopardi authored Nov 26, 2018
```
[11.3] Fixed ability to comment on and edit/delete comments on locked or confidential issues

See merge request gitlab/gitlabhq!2648
```
  9ec0a08a
- [11.3] Fixed ability to comment on and edit/delete comments on locked or confidential issues · 05922e18
  Chantal Rollison authored Nov 26, 2018
  
  05922e18
- Resolve reflected XSS in Ouath authorize window · a4092225
  James Lopez authored Oct 25, 2018
  
  a4092225
- Merge branch 'security-11-3-pages-toctou-race' into 'security-11-3' · a884c8f0
  Steve Azzopardi authored Nov 26, 2018
```
[11.3] [pages] Possible symlink time of check to time of use race condition

See merge request gitlab/gitlabhq!2651
```
  a884c8f0
- Merge branch 'security-fix-pat-web-access-11-3' into 'security-11-3' · 7a7f505f
  Steve Azzopardi authored Nov 26, 2018
```
[11.3] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"

See merge request gitlab/gitlabhq!2657
```
  7a7f505f
23 Nov, 2018 4 commits

Update to gitlab-workhorse 6.1.2 · 4613c0bc
Steve Azzopardi authored Nov 23, 2018
```
6.1.1 does not include the security fix, but 6.1.2 does.
```
4613c0bc

Steve Azzopardi authored Nov 23, 2018

Merge branch 'security-11-3-xss-in-markdown-following-unrecognized-html-element' into 'security-11-3'

[11.3] XSS in markdown following unrecognized HTML element

See merge request gitlab/gitlabhq!2633

5a26a1ea

Merge branch 'security-mermaid-xss-11-3' into 'security-11-3' · d0dadd3b
Steve Azzopardi authored Nov 23, 2018
```
[11.3] Fix XSS in mermaid diagrams

See merge request gitlab/gitlabhq!2640
```
d0dadd3b
Merge branch 'security-bvl-exposure-in-commits-list-11-3' into 'security-11-3' · 7e1abc38
Steve Azzopardi authored Nov 23, 2018
```
[11.3] Don't expose confidential information in commit message list

See merge request gitlab/gitlabhq!2644
```
7e1abc38