- 04 Mar, 2019 20 commits
-
-
Yorick Peterse authored
Fix leaking private repository information in API See merge request gitlab/gitlabhq!2881
-
Yorick Peterse authored
Prevent Releases links API to leak tag existence Closes #2795 See merge request gitlab/gitlabhq!2893
-
Yorick Peterse authored
Disable issue board policies when issues are disabled Closes #2798 See merge request gitlab/gitlabhq!2894
-
Yorick Peterse authored
Show only MRs visible to user on milestone detail See merge request gitlab/gitlabhq!2895
-
Yorick Peterse authored
Sharing a public project with a private group makes the group page publicly accessible See merge request gitlab/gitlabhq!2896
-
Yorick Peterse authored
Merge branch '2802-security-add-public-internal-groups-as-members-to-your-project-idor' into 'master' Add public/internal groups as members to your Project(IDOR) See merge request gitlab/gitlabhq!2898
-
Yorick Peterse authored
Block local URLs for Kubernetes integration See merge request gitlab/gitlabhq!2901
-
Yorick Peterse authored
Validate session key when authorizing with GCP to create a cluster Closes #2805 See merge request gitlab/gitlabhq!2902
-
Yorick Peterse authored
Check snippet attached file to be moved is within designated directory Closes #2806 See merge request gitlab/gitlabhq!2903
-
Yorick Peterse authored
Fix blind SSRF in Prometheus Integration See merge request gitlab/gitlabhq!2907
-
Reuben Pereira authored
Check validity before querying so that if the dns entry for the api_url has been changed to something invalid after the model was saved and checked for validity, it will not query. This is to solve a toctou (time of check to time of use) issue.
-
Yorick Peterse authored
[master] Remove link after issue move when no permissions See merge request gitlab/gitlabhq!2921
-
Yorick Peterse authored
Stop linking to unrecognized package sources See merge request gitlab/gitlabhq!2933
-
Yorick Peterse authored
Fix git clone revealing private repo's presence See merge request gitlab/gitlabhq!2937
-
Yorick Peterse authored
Arbitrary file read via MergeRequestDiff Closes #2814 See merge request gitlab/gitlabhq!2947
-
Francisco Javier López authored
-
Yorick Peterse authored
Limit number of characters allowed in mermaidjs See merge request gitlab/gitlabhq!2964
-
Yorick Peterse authored
[master] Prevent disclosing project milestone titles Closes #2794 See merge request gitlab/gitlabhq!2965
-
Yorick Peterse authored
Filter impersonated sessions from active sessions and remove ability to revoke session See merge request gitlab/gitlabhq!2968
-
Yorick Peterse authored
Ensure request to link GroupSAML acount was GitLab initiated See merge request gitlab/gitlabhq!2976
-
- 28 Feb, 2019 2 commits
-
-
Małgorzata Ksionek authored
-
GitLab Release Tools Bot authored
[ci skip]
-
- 27 Feb, 2019 13 commits
-
-
Imre Farkas authored
Session ID is used as a parameter for the revoke session endpoint but it should never be included in the HTML as an attacker could obtain it via XSS.
-
Imre Farkas authored
-
Kamil Trzciński authored
Persist source sha and target sha for merge pipelines See merge request gitlab-org/gitlab-ce!25417
-
Ramya Authappan authored
Quarantine failing push_mirroring_over_http_spec See merge request gitlab-org/gitlab-ce!25590
-
Shinya Maeda authored
source_sha and target_sha are used for merge request pipelines
-
Sanad Liaquat authored
-
James Lopez authored
Added permissions section to issue template [CE] See merge request gitlab-org/gitlab-ce!25576
-
Jeremy Watson authored
-
Rajat Jain authored
-
Kushal Pandya authored
Update operations settings breadcrumb trail Closes #56387 See merge request gitlab-org/gitlab-ce!25539
-
Evan Read authored
Elaborate on POSTGRES_VERSION Auto DevOps setting See merge request gitlab-org/gitlab-ce!25579
-
Dylan Griffith authored
-
Evan Read authored
Add documentation on upgrading GitLab HA nodes Closes #58121 See merge request gitlab-org/gitlab-ce!25574
-
- 26 Feb, 2019 5 commits
-
-
Stan Hu authored
API: Promote project milestone to a group milestone Closes #53861 See merge request gitlab-org/gitlab-ce!25203
-
Nermin Vehabovic authored
Added: Specs for the API action
-
Stan Hu authored
As mentioned in https://gitlab.com/gitlab-org/gitlab-ce/issues/58121#note_145299901, it wasn't obvious that upgrading an GitLab HA cluster required special care. Link to the Omnibus documentation for upgrade instructions. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/58121
-
Douglas Barbosa Alexandre authored
Remove N+1 query for tags in /admin/runners page See merge request gitlab-org/gitlab-ce!25572
-
Stan Hu authored
As discussed in https://github.com/mbleigh/acts-as-taggable-on/issues/91, we can avoid N+1 queries if we use `tags` instead of `tag_list`. Seen while reviewing https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/19740.
-