- 06 Jun, 2019 3 commits
-
-
Daniel Gerhardt authored
-
Daniel Gerhardt authored
-
Daniel Gerhardt authored
-
- 04 Jun, 2019 3 commits
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
John Jarvis authored
Prepare 11.10.6 release See merge request gitlab-org/gitlab-ce!28991
-
- 03 Jun, 2019 11 commits
-
-
Rémy Coutable authored
Use a path for the related merge requests endpoint Closes #61280 See merge request gitlab-org/gitlab-ce!28171
-
Ash McKenzie authored
Use source ref in pipeline webhook Closes #61553 See merge request gitlab-org/gitlab-ce!28772 (cherry picked from commit 2714f85c) 7e05f3b7 Use source ref for pipeline webhook
-
Filipa Lacerda authored
Fix height of input groups Closes #61304, #61303, #59254, and #60778 See merge request gitlab-org/gitlab-ce!28495 (cherry picked from commit 52758b92) 360646ea Fix height of input groups
-
Douglas Barbosa Alexandre authored
API: Fix recursive flag not working with Rugged get_tree_entries flag Closes #61979 See merge request gitlab-org/gitlab-ce!28494 (cherry picked from commit d951f047) c1827f1c API: Fix recursive flag not working with Rugged get_tree_entries flag
-
Rémy Coutable authored
Don't run full gc in AfterImportService Closes gitlab-ee#11556 See merge request gitlab-org/gitlab-ce!28239 (cherry picked from commit 4c16ce11) 36b1a2d7 Don't run full gc in AfterImportService
-
Robert Speicher authored
Merge branch 'ce-11099-removing-the-project-that-holds-the-insights-configuration-raises-an-error' into 'master' Add remove_foreign_key_if_exists See merge request gitlab-org/gitlab-ce!28172 (cherry picked from commit 7b7416d9) 24eff5e0 Add remove_foreign_key_if_exists
-
Nick Thomas authored
Fix uploading of LFS tracked file through UI Closes #61203 See merge request gitlab-org/gitlab-ce!28052 (cherry picked from commit 4d2d8124) 3f192e8a Fix Lfs::FileTransformer to work with file objects 48fcdf1f Add changelog entry
-
James Lopez authored
Allow a member to have an access level equal to parent group Closes gitlab-ee#11323 See merge request gitlab-org/gitlab-ce!27913 (cherry picked from commit 2b3b0bb1) 32ddc3fe Allow a member to have an access level equal to parent group
-
John Jarvis authored
Upgrade CI to use Chrome V73 See merge request gitlab-org/gitlab-ce!27863
-
John Jarvis authored
[11.10] Use 3-way merge for squashing commits See merge request gitlab-org/gitlab-ce!28078
-
- 30 May, 2019 7 commits
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
Add DNS rebinding protection settings See merge request gitlab/gitlabhq!3131
-
Stan Hu authored
This was renamed in GitLab 11.11, so the backport needs to use the original name.
-
Stan Hu authored
-
Oswaldo Ferreira authored
-
Oswaldo Ferreira authored
-
- 28 May, 2019 12 commits
-
-
GitLab Release Tools Bot authored
Reject slug+uri concat if slug is deemed unsafe See merge request gitlab/gitlabhq!3106
-
GitLab Release Tools Bot authored
Persistent XSS in note objects CE See merge request gitlab/gitlabhq!3080
-
GitLab Release Tools Bot authored
Fix url redaction for issue links See merge request gitlab/gitlabhq!3090
-
GitLab Release Tools Bot authored
Disallow invalid MR branch name See merge request gitlab/gitlabhq!3094
-
GitLab Release Tools Bot authored
Hide issue title on unsubscribe for anonymous users See merge request gitlab/gitlabhq!3100
-
GitLab Release Tools Bot authored
Fix confidential issue label disclosure on milestone view See merge request gitlab/gitlabhq!3103
-
GitLab Release Tools Bot authored
Resolve: Milestones leaked via search API See merge request gitlab/gitlabhq!3111
-
GitLab Release Tools Bot authored
Protect Gitlab::HTTP against DNS rebinding attack See merge request gitlab/gitlabhq!3114
-
GitLab Release Tools Bot authored
Prevent password sign in restriction bypass See merge request gitlab/gitlabhq!3120
-
GitLab Release Tools Bot authored
Update Knative version due to a security vulnerability See merge request gitlab/gitlabhq!3123
-
Tiger Watson authored
-
GitLab Release Tools Bot authored
Fix project visibility level validation See merge request gitlab/gitlabhq!3125
-
- 27 May, 2019 1 commit
-
-
Kerri Miller authored
First reported: https://gitlab.com/gitlab-org/gitlab-ce/issues/60143 When the page slug is "javascript:" and we attempt to link to a relative path (using `.` or `..`) the code will concatenate the slug and the uri. This MR adds a guard to that concat step that will return `nil` if the incoming slug matches against any of the "unsafe" slug regexes; currently this is only for the slug "javascript:" but can be extended if needed. Manually tested against a non-exhaustive list from OWASP of common javascript XSS exploits that have to to with mangling the "javascript:" method, and all are caught by this change or by existing code that ingests the user-specified slug.
-
- 25 May, 2019 1 commit
-
-
Peter Marko authored
-
- 24 May, 2019 1 commit
-
-
Filipa Lacerda authored
Replaces a hard-coded date in the job app spec Closes #62283 See merge request gitlab-org/gitlab-ce!28709
-
- 23 May, 2019 1 commit
-
-
James Edwards-Jones authored
-