Commits · 11.9-thm · projects.thm.de / GitLab

06 Jun, 2019 7 commits
- Restore Ruby 2.3 compatibility · 060bf746
  Daniel Gerhardt authored Apr 30, 2019
```
* Use String#sub with RegEx instead of String#delete_prefix
```
  060bf746
- Restore Ruby 2.3 compatibility · 4012ef72
  Daniel Gerhardt authored Mar 25, 2019
```
* Use match instead match?
* Use String#chomp instead of String#delete_prefix
```
  4012ef72
- Restore Ruby 2.3 compatibility · 51885661
  Daniel Gerhardt authored Feb 04, 2019
```
* Use match instead match?
```
  51885661
- Revert "Merge branch 'blackst0ne-add-discord-service' into 'master'" · 8da43c2d
  Daniel Gerhardt authored Jan 03, 2019
```
This reverts commit ca3e9b97, reversing
changes made to 89686b90.

The way Discord integration is implemented causes dependency problems.
```
  8da43c2d
- Revert "use fileuploader dynamic path method in uploads manager and add spec" · d62afa20
  Daniel Gerhardt authored Oct 02, 2018
```
This reverts commit 07ec2c7b.
```
  d62afa20
- Restore Ruby 2.3 compatibility · 385d5936
  Daniel Gerhardt authored Oct 02, 2018
```
* Use match instead match?
```
  385d5936
- Use UID instead of e-mail address as username · de1947a3
  Daniel Gerhardt authored Apr 14, 2015
  
  de1947a3
30 May, 2019 2 commits
- Rename UrlBlocker argument: schemes -> protocols · 64487732
  Stan Hu authored May 30, 2019
```
This was renamed in GitLab 11.11, so the backport needs to use
the original name.
```
  64487732
- Add DNS rebinding protection settings · 831d60aa
  Oswaldo Ferreira authored May 29, 2019
  
  831d60aa
27 May, 2019 1 commit

Reject slug+uri concat if slug is deemed unsafe · f383ad62

Kerri Miller authored May 20, 2019

First reported:
  https://gitlab.com/gitlab-org/gitlab-ce/issues/60143

When the page slug is "javascript:" and we attempt to link to a relative
path (using `.` or `..`) the code will concatenate the slug and the uri.
This MR adds a guard to that concat step that will return `nil` if the
incoming slug matches against any of the "unsafe" slug regexes;
currently this is only for the slug "javascript:" but can be extended if
needed. Manually tested against a non-exhaustive list from OWASP of
common javascript XSS exploits that have to to with mangling the
"javascript:" method, and all are caught by this change or by existing
code that ingests the user-specified slug.

f383ad62

22 May, 2019 1 commit

Protect Gitlab::HTTP against DNS rebinding attack · e2051df6

Douwe Maan authored Apr 21, 2019

Gitlab::HTTP now resolves the hostname only once, verifies the IP is not
blocked, and then uses the same IP to perform the actual request, while
passing the original hostname in the `Host` header and SSL SNI field.

e2051df6

21 May, 2019 1 commit
- Resolve: Milestones leaked via search API · a3758109
  Felipe Artur authored May 20, 2019
```
Fix milestone titles being leaked using search API
when users cannot read milestones
```
  a3758109
06 May, 2019 1 commit

Validate MR branch names · d27353be

Mark Chao authored Apr 10, 2019

Prevents refspec as branch name, which would bypass branch protection
when used in conjunction with rebase.

HEAD seems to be a special case with lots of occurrence,
so it is considered valid for now.

Another special case is `refs/head/*`, which can be imported.

d27353be

03 May, 2019 1 commit
- Fix url redaction for issue links · 00bd4d6c
  Patrick Derichs authored May 03, 2019
  
  00bd4d6c
01 May, 2019 2 commits
- Change `prohibited_key` to use regexes · a12aab3b
  charlieablett authored May 01, 2019
  
  a12aab3b
- Add `html` to sensitive words · 244794d6
  charlieablett authored Apr 30, 2019
  
  244794d6
30 Apr, 2019 3 commits
- Add newline to AttributeCleaner · f26d70ca
  charlieablett authored Apr 30, 2019
  
  f26d70ca
- Refactor AttributeCleaner` for readability · 466668d4
  charlieablett authored Apr 30, 2019
  
  466668d4
- Refactor AttributeCleaner` for readability · 45c68b5a
  charlieablett authored Apr 30, 2019
  
  45c68b5a
26 Apr, 2019 1 commit
- Tighten up prohibited_key method · 4b92cb50
  charlieablett authored Apr 25, 2019
  
  4b92cb50
25 Apr, 2019 1 commit

Add new api class for projects events · 42a398cc

Małgorzata Ksionek authored Apr 17, 2019

Refactor api events class to use external helper

Move specs from old class

Add changelog and magic string

Refactor events class to be more explicit

Remove blank line

42a398cc

24 Apr, 2019 1 commit
- Add disallowed fields to AttributeCleaner · 089b598b
  charlieablett authored Apr 24, 2019
  
  089b598b
23 Apr, 2019 1 commit

Merge branch 'sh-backport-list-commits-by-oid-rugged' into 'master' · 948a582e

Douwe Maan authored Apr 17, 2019

Bring back Rugged implementation of ListCommitsByOid

See merge request gitlab-org/gitlab-ce!27441

(cherry picked from commit 6a72ab22)

2fc4de6a Bring back Rugged implementation of ListCommitsByOid

948a582e

11 Apr, 2019 5 commits
- Revert "Merge branch 'restore-hipchat-11-9' into '11-9-stable'" · 018b643c
  John Jarvis authored Apr 11, 2019
```
This reverts commit 348d5a1d, reversing
changes made to 93e32156.
```
  018b643c
- Merge branch 'restore-hipchat-11-9' into '11-9-stable' · 05dbf8e0
  John Jarvis authored Apr 11, 2019
```
[11.9] Revert "Remove HipChat integration from GitLab"

See merge request gitlab-org/gitlab-ce!27257
```
  05dbf8e0
- Revert "Remove HipChat integration from GitLab" · 13442cf2
  Sean McGivern authored Apr 11, 2019
```
This reverts commit a5378665.
```
  13442cf2
- Merge branch 'fix-pull-request-importer' into 'master' · bd8f532d
  Kamil Trzciński authored Apr 08, 2019
```
Improve performance of PR import

See merge request gitlab-org/gitlab-ce!27121

(cherry picked from commit f15caf01)

f3ad51f8 Improve performance of PR import
```
  bd8f532d
- Merge branch 'allow-to-use-untrusted-ruby-syntax' into 'master' · 3fec9fd3
  Sean McGivern authored Apr 04, 2019
```
Allow to use untrusted ruby syntax

See merge request gitlab-org/gitlab-ce!26905

(cherry picked from commit 7dcc3003)

9bc4fbf1 Allow to use untrusted Regexp via feature flag
```
  3fec9fd3
02 Apr, 2019 4 commits

Merge branch 'weimeng-master-patch-83366' into 'master' · 1cfc94d3

Stan Hu authored Apr 02, 2019

Fix attempting to drop views in PostgreSQL

See merge request gitlab-org/gitlab-ce!26836

(cherry picked from commit 264a6299)

cfc6d252 Fix attempting to drop views in PostgreSQL

1cfc94d3

Merge branch 'sh-fix-rugged-tree-entries' into 'master' · baef7edf

Sean McGivern authored Apr 02, 2019

Avoid excessive recursive calls with Rugged TreeEntries

Closes #59759

See merge request gitlab-org/gitlab-ce!26813

(cherry picked from commit d7583add)

8686e012 Avoid excessive recursive calls with Rugged TreeEntries

baef7edf

Merge branch 'sh-fix-project-branches-merge-status' into 'master' · ecadff99

Douwe Maan authored Apr 01, 2019

Fix API /project/:id/branches not returning correct merge status

Closes #56250

See merge request gitlab-org/gitlab-ce!26785

(cherry picked from commit 2db4e79f)

cedbb336 Fix API /project/:id/branches not returning correct merge status
2675581c Revise merged branch check to green light up to N branches

ecadff99

Merge branch 'recreate-all-diffs-on-import' into 'master' · 5cc91eb0

Yorick Peterse authored Mar 26, 2019

Force to recreate all diffs on import

Closes #59353

See merge request gitlab-org/gitlab-ce!26480

(cherry picked from commit afb6e8e3)

7fbfb199 Force to recreate all diffs on import

5cc91eb0

28 Mar, 2019 1 commit
- Preserve Orientation when removing EXIF · 464c26d7
  Jan Provaznik authored Mar 28, 2019
  
  464c26d7
26 Mar, 2019 1 commit
- Rake task for removing exif from uploads · f5bac5fd
  Jan Provaznik authored Mar 26, 2019
```
Adds a rake task which can be used for removing EXIF
data from existing uploads.
```
  f5bac5fd
25 Mar, 2019 4 commits

Merge branch 'sh-fix-github-import-creator' into 'master' · 7a83fbef

Douglas Barbosa Alexandre authored Mar 25, 2019

GitHub importer: Use the project creator to create branches from forks

Closes #59396

See merge request gitlab-org/gitlab-ce!26510

7a83fbef

Merge branch 'retain-default-branch-on-import' into 'master' · 5c4905b6

Stan Hu authored Mar 22, 2019

Set proper default-branch on GitHub Import

Closes #59347

See merge request gitlab-org/gitlab-ce!26476

(cherry picked from commit 3eba3a18)

31fb85d5 Set proper default-branch on GitHub Import

5c4905b6

Merge branch '59289-fix-push-to-create-protected-branches' into 'master' · 2a4fe8d8

Douwe Maan authored Mar 21, 2019

Allow users to create protected branches via CLI

Closes #59289

See merge request gitlab-org/gitlab-ce!26413

(cherry picked from commit b36fc6d5)

438485ef Allow users to create protected branches via CLI

2a4fe8d8

Merge branch '59147-duplicate-match-line' into 'master' · b223a103

Douwe Maan authored Mar 21, 2019

Fix duplicated bottom match line

Closes #59147

See merge request gitlab-org/gitlab-ce!26402

(cherry picked from commit 7d3c5d88)

8723f292 Fix diff bottom expand button appears twice

b223a103

20 Mar, 2019 2 commits

Merge branch... · 5eb153ed

Stan Hu authored Mar 20, 2019

Merge branch '59208-fix-error-500-on-every-page-when-active-broadcast-message-present-after-upgrading-to-11-9-0' into 'master'

Gracefully handles excluded fields from attributes during serialization on JsonCache

Closes #59208

See merge request gitlab-org/gitlab-ce!26368

(cherry picked from commit cc5095ed)

7028b376 Gracefully handles excluded fields from attributes during serialization
1c7a2c05 Add CHANGELOG entry

5eb153ed

Merge branch 'sh-create-branch-as-project-owner-for-github-import' into 'master' · 3c764b18

Douglas Barbosa Alexandre authored Mar 19, 2019

GitHub import: Create new branches as project owner

See merge request gitlab-org/gitlab-ce!26335

(cherry picked from commit 6e74eb4e)

1e6ea914 GitHub import: Create new branches as project owner

3c764b18