Commits · f9ef74fca85d8d91f418601d2a3fa620ca4b69ef · projects.thm.de / GitLab

15 Jan, 2019 1 commit

Merge branch 'security-2770-verify-bundle-import-files-11-5' into 'security-11-5' · f9ef74fc

Yorick Peterse authored Jan 15, 2019

[11.5] Validate bundle files before unpacking them

See merge request gitlab/gitlabhq!2775

(cherry picked from commit 28bec61b5d3c43ef896780cb0eebf09353b51995)

68433868 Validate bundle files before unpacking them

f9ef74fc

10 Jan, 2019 1 commit
- Merge branch 'fix-prepare-build-script' into 'master' · a01a29e0
  Marin Jankovski authored Dec 31, 2018
```
Stop using deprecated argument to `gem`

See merge request gitlab-org/gitlab-ce!24079
```
  a01a29e0
28 Dec, 2018 2 commits
- Update VERSION to 11.5.6 · b8ec11a6
  GitLab Release Tools Bot authored Dec 28, 2018
  
  b8ec11a6
- Update CHANGELOG.md for 11.5.6 · 466be2f7
  GitLab Release Tools Bot authored Dec 28, 2018
```
[ci skip]
```
  466be2f7
27 Dec, 2018 16 commits
- Merge branch 'security-11-5' of dev.gitlab.org:gitlab/gitlabhq into 11-5-stable · f6d8c63b
  John Jarvis authored Dec 27, 2018
  
  f6d8c63b
- Merge branch 'security-fix/security-group-user-removal-11-5' into 'security-11-5' · 24e8c3d1
  John Jarvis authored Dec 27, 2018
```
[11.5] Resolve "Removing a user from a private group doesn't remove them from group's project, if their project's role was changed"

See merge request gitlab/gitlabhq!2715
```
  24e8c3d1
- Merge remote-tracking branch 'origin/security-48259-private-snippet-11-5' into security-11-5 · 2809738f
  John Jarvis authored Dec 27, 2018
  
  2809738f
- Merge branch 'security-11-5' into 'security-fix/security-group-user-removal-11-5' · c18b8aa5
  James Lopez authored Dec 27, 2018
```
# Conflicts:
#   app/services/members/destroy_service.rb
```
  c18b8aa5
- Merge branch 'security-11-5' of dev.gitlab.org:gitlab/gitlabhq into 11-5-stable · 9ab1ac4f
  John Jarvis authored Dec 27, 2018
  
  9ab1ac4f
- Merge branch... · 90f56e81
  Stan Hu authored Dec 16, 2018
```
Merge branch '55402-broken-master-karma-test-failing-in-spec-javascripts-boards-components-issue_due_date_spec-js' into 'master'

Resolve "Broken master: karma test failing in spec/javascripts/boards/components/issue_due_date_spec.js"

Closes #55402

See merge request gitlab-org/gitlab-ce!23845
```
  90f56e81
- Merge branch 'sh-disble-docs-internal-links-lint' into 'master' · 21289e13
  Clement Ho authored Dec 07, 2018
```
Disable docs lint internal_links check

Closes #55038

See merge request gitlab-org/gitlab-ce!23665
```
  21289e13
- Merge branch 'security-11-5-secret-ci-variables-exposed' into 'security-11-5' · 0cd50746
  John Jarvis authored Dec 27, 2018
```
[11.5] Secret CI variables can exposed by creating a tag with the same name as an existing protected branch

See merge request gitlab/gitlabhq!2682
```
  0cd50746
- Merge branch... · 017cfa2c
  John Jarvis authored Dec 27, 2018
```
Merge branch 'security-11-5-53543-user-keeps-access-to-mr-issue-when-removed-from-team' into 'security-11-5'

[11.5] Adds validation to check if user can read project

See merge request gitlab/gitlabhq!2679
```
  017cfa2c
- Merge branch 'security-11-5-group-cicd-settings-accessible-to-maintainer' into 'security-11-5' · 5b66cec4
  John Jarvis authored Dec 27, 2018
```
[11.5] Group Ex-Maintainer Could maintain Access to Project's Source Code/Jobs/Pipelines/Artifacts if it had Shared Group Runner Configured

See merge request gitlab/gitlabhq!2751
```
  5b66cec4
- Merge branch 'security-11-5-guests-jobs-api' into 'security-11-5' · 2975f931
  John Jarvis authored Dec 27, 2018
```
[11.5] Guest users have access to all Job information via the API

See merge request gitlab/gitlabhq!2745
```
  2975f931
- Merge branch 'security-11-5-refs-available-to-project-guest' into 'security-11-5' · 0287db5c
  John Jarvis authored Dec 27, 2018
```
[11.5] Project guests no longer are able to see refs page

See merge request gitlab/gitlabhq!2687
```
  0287db5c
- Merge branch 'security-11-5-fix-ssrf-lfs-project-import' into 'security-11-5' · 70f9e7fd
  John Jarvis authored Dec 27, 2018
```
[11.5] SSRF in project imports with LFS

See merge request gitlab/gitlabhq!2726
```
  70f9e7fd
- Merge branch 'security-label-xss-11-5' into 'security-11-5' · 7e0f8781
  John Jarvis authored Dec 27, 2018
```
[11.5] Escape html entities when no label found

See merge request gitlab/gitlabhq!2748
```
  7e0f8781
- Merge branch 'ensure-that-build-token-is-always-running-11-5' into 'security-11-5' · f0988c40
  John Jarvis authored Dec 27, 2018
```
[11.5] Ensure that build token is only used when running

See merge request gitlab/gitlabhq!2664
```
  f0988c40
- Merge branch 'security-11-5-fix-ssrf-import-url-remote-mirror' into 'security-11-5' · 411e5178
  John Jarvis authored Dec 27, 2018
```
[11.5] SSRF - Scan Internal Ports and GCP/AWS endpoints

See merge request gitlab/gitlabhq!2709
```
  411e5178
26 Dec, 2018 4 commits
- Merge branch 'security-11-5-54377-label-milestone-name-xss' into 'security-11-5' · ce8b1b46
  John Jarvis authored Dec 26, 2018
```
[11.5] Escape label and milestone titles to prevent XSS in GFM autocomplete

See merge request gitlab/gitlabhq!2741
```
  ce8b1b46
- Merge branch 'security-11-5-url-rel' into 'security-11-5' · f726a5a1
  John Jarvis authored Dec 26, 2018
```
[11.5] Set URL rel attribute for broken URLs

See merge request gitlab/gitlabhq!2712
```
  f726a5a1
- Merge branch 'security-todos_not_redacted_for_guests-11-5' into 'security-11-5' · 1f6cd7d3
  John Jarvis authored Dec 26, 2018
```
[11.5] Delete confidential issue todos for guests

See merge request gitlab/gitlabhq!2723
```
  1f6cd7d3
- Merge branch 'security-bvl-fix-cross-project-mr-exposure-11-5' into 'security-11-5' · 30d2af94
  John Jarvis authored Dec 26, 2018
```
[11.5] Validate projects in MR build service

See merge request gitlab/gitlabhq!2704
```
  30d2af94
24 Dec, 2018 3 commits
- Use old-style controller request params · d17b0a61
  Matija Čupić authored Dec 24, 2018
  
  d17b0a61
- Add CHANGELOG entry · d5d5d255
  Matija Čupić authored Dec 24, 2018
  
  d5d5d255
- Check for group admin permissions · b0ef2319
  Matija Čupić authored Dec 16, 2018
  
  b0ef2319
22 Dec, 2018 6 commits
- Escape html entities when no label found · 3aa9e6fc
  Jarka Košanová authored Dec 12, 2018
  
  3aa9e6fc
- Add CHANGELOG entry · 7b0c6fac
  Matija Čupić authored Dec 22, 2018
  
  7b0c6fac
- Move pipeline auth above pipeline assignment · 22102bc4
  Matija Čupić authored Dec 20, 2018
  
  22102bc4
- Authorize read_pipeline before read_build · 9d916701
  Matija Čupić authored Dec 18, 2018
  
  9d916701
- Authorize read_build when listing pipeline jobs · f213defc
  Matija Čupić authored Dec 14, 2018
  
  f213defc
- Authorize read_build action when listing jobs · 06e8194d
  Matija Čupić authored Dec 14, 2018
  
  06e8194d
20 Dec, 2018 7 commits
- Update VERSION to 11.5.5 · 13c3b22c
  GitLab Release Tools Bot authored Dec 20, 2018
  
  13c3b22c
- Update CHANGELOG.md for 11.5.5 · 582068ff
  GitLab Release Tools Bot authored Dec 20, 2018
```
[ci skip]
```
  582068ff
- Merge branch 'security-import-symlink-11-5' into 'security-11-5' · 7bbc4cb1
  John Jarvis authored Dec 20, 2018
```
[11.5] Persistent Symlink in Project Import

See merge request gitlab/gitlabhq!2729
```
  7bbc4cb1
- Merge branch 'security-import-symlink-11-5' into 'security-11-5' · 6aeaa1bd
  John Jarvis authored Dec 20, 2018
```
[11.5] Persistent Symlink in Project Import

See merge request gitlab/gitlabhq!2729
```
  6aeaa1bd
- Add changelog entry · fd94ac89
  Kushal Pandya authored Dec 20, 2018
  
  fd94ac89
- Escape label and milestone titles to prevent XSS · eb4ba5c9
  Kushal Pandya authored Dec 20, 2018
  
  eb4ba5c9
- Block private snippets from being embeddable · 41630bee
  Mark Chao authored Dec 11, 2018
```
Move embeddable? to model to be used outside view
```
  41630bee