1. 22 Feb, 2019 1 commit
  2. 17 Feb, 2019 1 commit
  3. 15 Feb, 2019 1 commit
  4. 11 Feb, 2019 1 commit
  5. 08 Feb, 2019 1 commit
  6. 06 Feb, 2019 1 commit
  7. 04 Feb, 2019 1 commit
  8. 31 Jan, 2019 1 commit
    • Kamil Trzciński's avatar
      Extract GitLab Pages using RubyZip · 66744469
      Kamil Trzciński authored
      RubyZip allows us to perform strong validation of
      expanded paths where we do extract file.
      
      We introduce the following additional checks
      to extract routines:
      
      1. None of path components can be symlinked,
      2. We drop privileges support for directories,
      3. Symlink source needs to point within the target directory,
         like `public/`,
      4. The symlink source needs to exist ahead of time.
      66744469
  9. 30 Jan, 2019 3 commits
  10. 26 Jan, 2019 1 commit
  11. 25 Jan, 2019 1 commit
    • Thong Kuah's avatar
      Use http_max_redirects opt to replace monkeypatch · f234aef9
      Thong Kuah authored
      http_max_redirects was introduced in 4.2.2, so upgrade kubeclient.
      
      The monkey-patch was global so we will have to check that all instances
      of Kubeclient::Client are handled.
      
      Spec all methods of KubeClient
      
      This should provide better confidence that we are indeed disallowing
      redirection in all cases
      f234aef9
  12. 22 Jan, 2019 1 commit
    • Kamil Trzciński's avatar
      Extract GitLab Pages using RubyZip · 1a8100cf
      Kamil Trzciński authored
      RubyZip allows us to perform strong validation of
      expanded paths where we do extract file.
      
      We introduce the following additional checks
      to extract routines:
      
      1. None of path components can be symlinked,
      2. We drop privileges support for directories,
      3. Symlink source needs to point within the target directory,
         like `public/`,
      4. The symlink source needs to exist ahead of time.
      1a8100cf
  13. 18 Jan, 2019 1 commit
    • Stan Hu's avatar
      Bump rbtrace version to 0.4.11 · a6023c89
      Stan Hu authored
      This change renames a dependency and fixes a minor bug, but this upgrade
      is happening because Gitaly will be receiving rbtrace as a dependency.
      a6023c89
  14. 17 Jan, 2019 2 commits
    • Brett Walker's avatar
      Update to nokogiri 1.10.1 · 800220bd
      Brett Walker authored
      800220bd
    • Andrew Newdigate's avatar
      Conditionally initialize the global opentracing tracer · 57a8859a
      Andrew Newdigate authored
      This change will instantiate an OpenTracing tracer and configure it
      as the global tracer when the GITLAB_TRACING environment variable is
      configured. GITLAB_TRACING takes a "connection string"-like value,
      encapsulating the driver (eg jaeger, etc) and options for the driver.
      
      Since each service, whether it's written in Ruby or Golang, uses the
      same connection-string, it should be very easy to configure all
      services in a cluster, or even a single development machine to be
      setup to use tracing.
      
      Note that this change does not include instrumentation or propagation
      changes as this is a way of breaking a previous larger change into
      components. The instrumentation and propagation changes will follow
      in separate changes.
      57a8859a
  15. 15 Jan, 2019 2 commits
  16. 14 Jan, 2019 1 commit
  17. 11 Jan, 2019 2 commits
  18. 09 Jan, 2019 1 commit
  19. 08 Jan, 2019 1 commit
  20. 03 Jan, 2019 1 commit
  21. 30 Dec, 2018 1 commit
  22. 29 Dec, 2018 1 commit
  23. 27 Dec, 2018 1 commit
  24. 24 Dec, 2018 1 commit
  25. 21 Dec, 2018 3 commits
  26. 19 Dec, 2018 2 commits
  27. 17 Dec, 2018 2 commits
  28. 12 Dec, 2018 1 commit
  29. 10 Dec, 2018 1 commit
  30. 06 Dec, 2018 2 commits