- 30 May, 2019 4 commits
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
Add DNS rebinding protection settings See merge request gitlab/gitlabhq!3130
-
Oswaldo Ferreira authored
-
- 29 May, 2019 3 commits
-
-
Oswaldo Ferreira authored
-
Yorick Peterse authored
Fix the overriding of EE import params See merge request gitlab/gitlabhq!3129
-
Igor Drozdov authored
-
- 28 May, 2019 12 commits
-
-
GitLab Release Tools Bot authored
Reject slug+uri concat if slug is deemed unsafe See merge request gitlab/gitlabhq!3105
-
Robert Speicher authored
Persistent XSS in note objects See merge request gitlab/gitlabhq!3127
-
Tiger authored
-
GitLab Release Tools Bot authored
Fix url redaction for issue links See merge request gitlab/gitlabhq!3092
-
GitLab Release Tools Bot authored
Disallow invalid MR branch name See merge request gitlab/gitlabhq!3095
-
GitLab Release Tools Bot authored
Hide issue title on unsubscribe for anonymous users See merge request gitlab/gitlabhq!3099
-
GitLab Release Tools Bot authored
Fix confidential issue label disclosure on milestone view See merge request gitlab/gitlabhq!3102
-
GitLab Release Tools Bot authored
Handling password on import by url page See merge request gitlab/gitlabhq!3109
-
GitLab Release Tools Bot authored
Resolve: Milestones leaked via search API See merge request gitlab/gitlabhq!3110
-
GitLab Release Tools Bot authored
Protect Gitlab::HTTP against DNS rebinding attack See merge request gitlab/gitlabhq!3113
-
GitLab Release Tools Bot authored
Update Gitaly to fix GetArchive vulnerability See merge request gitlab/gitlabhq!3118
-
GitLab Release Tools Bot authored
Prevent password sign in restriction bypass See merge request gitlab/gitlabhq!3121
-
- 27 May, 2019 1 commit
-
-
Kerri Miller authored
First reported: https://gitlab.com/gitlab-org/gitlab-ce/issues/60143 When the page slug is "javascript:" and we attempt to link to a relative path (using `.` or `..`) the code will concatenate the slug and the uri. This MR adds a guard to that concat step that will return `nil` if the incoming slug matches against any of the "unsafe" slug regexes; currently this is only for the slug "javascript:" but can be extended if needed. Manually tested against a non-exhaustive list from OWASP of common javascript XSS exploits that have to to with mangling the "javascript:" method, and all are caught by this change or by existing code that ingests the user-specified slug.
-
- 24 May, 2019 1 commit
-
-
Filipa Lacerda authored
Replaces a hard-coded date in the job app spec Closes #62283 See merge request gitlab-org/gitlab-ce!28709
-
- 23 May, 2019 2 commits
-
-
James Edwards-Jones authored
-
Patrick Bajao authored
-
- 22 May, 2019 3 commits
-
-
Douwe Maan authored
Gitlab::HTTP now resolves the hostname only once, verifies the IP is not blocked, and then uses the same IP to perform the actual request, while passing the original hostname in the `Host` header and SSL SNI field.
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
- 21 May, 2019 14 commits
-
-
GitLab Release Tools Bot authored
-
Yorick Peterse authored
Prepare 11.11.0-rc5 release See merge request gitlab-org/gitlab-ce!28537
-
Achilleas Pipinellis authored
Slight edit of text from earlier merge Closes #61447 See merge request gitlab-org/gitlab-ce!28511 (cherry picked from commit 890fe4ea) 208dc117 Slight edit of text from earlier merge
-
Achilleas Pipinellis authored
Add to docs sentence about alertbot opening issues See merge request gitlab-org/gitlab-ce!28503 (cherry picked from commit 5396b2a8) afcbebd9 Add to docs sentence about alertbot opening issues
-
Achilleas Pipinellis authored
Adds documentation for 'Play all manual' button See merge request gitlab-org/gitlab-ce!28502 (cherry picked from commit 7a9a65e5) 32a99c6c Adds documentation for stage button 4ec9f042 Apply suggestion to doc/ci/pipelines.md 062844cc Apply suggestion to doc/ci/pipelines.md ecc7b72a Apply suggestion to doc/ci/pipelines.md c4bcf858 Apply suggestion to doc/ci/pipelines.md b0b16210 Apply suggestion to doc/ci/pipelines.md
-
Douglas Barbosa Alexandre authored
API: Fix recursive flag not working with Rugged get_tree_entries flag Closes #61979 See merge request gitlab-org/gitlab-ce!28494 (cherry picked from commit d951f047) c1827f1c API: Fix recursive flag not working with Rugged get_tree_entries flag
-
Grzegorz Bizon authored
Revert "Merge branch '55127-add-delay-after-mr-creation-for-async-tasks-to-complete' into 'master'" See merge request gitlab-org/gitlab-ce!28492 (cherry picked from commit a5f810c9) c04ea583 Revert "Merge branch '55127-add-delay-after-mr-creation-for-async-tasks-to-complete' into 'master'"
-
Phil Hughes authored
Adds arrow icons to select menu in CI/CD settings Closes #62038 See merge request gitlab-org/gitlab-ce!28476 (cherry picked from commit 3c8bc807) 64f040e2 Adds arrow icons to select option in CI/CD settings
-
Achilleas Pipinellis authored
Update group security dashboard docs - CE backport See merge request gitlab-org/gitlab-ce!28471 (cherry picked from commit d9877120) 6afda6d6 Update group security dashboard screenshot
-
Achilleas Pipinellis authored
Fix content to not contradict Closes #61270 See merge request gitlab-org/gitlab-ce!28456 (cherry picked from commit 0bf8204a) ec3e0da8 Fix content to not contradict 19b05a42 Apply suggestion to doc/ci/merge_request_pipelines/index.md
-
Evan Read authored
Initial instance level cluster docs See merge request gitlab-org/gitlab-ce!27873 (cherry picked from commit 961a5f72) 96cec8bf Initial instance level cluster docs a951adb6 Apply suggestion to doc/user/project/clusters/index.md 719b7a07 Apply suggestion to doc/user/group/clusters/index.md
-
Yorick Peterse authored
Port for RC5 of Next badge must be visible when canary flag is true See merge request gitlab-org/gitlab-ce!28540
-
Felipe Artur authored
Fix milestone titles being leaked using search API when users cannot read milestones
-
Sam Bigelow authored
-