Skip to content

G
gitlab-ce
Switch branch/tag
  1. 28 Jun, 2016 2 commits
    • Fatih Acet's avatar
      Merge branch '19075-new-wiki' into 'master' · a688eadd
      Fatih Acet authored 
      Remove duplicate new page btn from edit wiki

## What does this MR do?
Removes duplicate button on wiki page

## What are the relevant issue numbers?
Closes #19075

## Screenshots (if relevant)
![Screen_Shot_2016-06-24_at_9.45.28_AM](/uploads/8dca96c3e75b428d63acaaba6dede9a6/Screen_Shot_2016-06-24_at_9.45.28_AM.png)
![Screen_Shot_2016-06-24_at_9.45.57_AM](/uploads/e6ea97b07e48d2fe6f108d8c5a943583/Screen_Shot_2016-06-24_at_9.45.57_AM.png)

See merge request !4904
(cherry picked from commit 121c5c83)
      a688eadd
    • Robert Speicher's avatar
      Merge branch 'performance-clock-adjustments' into 'master' · a64b7cd3
      Robert Speicher authored 
      Use clock_gettime for all performance timestamps

This MR adjusts the performance monitoring code to use `Process.clock_gettime` (thus `clock_gettime(3)`) instead of `Time.now`.

Using `Time.now` / `Time.new` adds more overhead than `Process.clock_gettime`, it also doesn't provide a way of getting timestamps in nanoseconds (which `Process.clock_gettime` does allow).

See merge request !4899
(cherry picked from commit 53ad9522)
      a64b7cd3
  3. 27 Jun, 2016 6 commits
    • Robert Speicher's avatar
      Update CHANGELOG for 8.9.2 · a87c99f7
      Robert Speicher authored 
      [ci skip]
      a87c99f7
    • Robert Speicher's avatar
      Update VERSION to 8.9.2 · bf922fbd
      Robert Speicher authored
      bf922fbd
    • Stan Hu's avatar
      Merge branch 'update-omniauth-saml' into 'master' · 7cf41bf5
      Stan Hu authored 
      Update omniauth-saml to 1.6.0 to address a security vulnerability in ruby-saml

## What does this MR do?

Updates `omniauth-saml` to bring in the new `ruby-saml` dependency that addresses [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697)

Fixes #19206

See merge request !4951
      7cf41bf5
    • Robert Speicher's avatar
      Merge branch 'fix-18997' into 'master' · a61b4013
      Robert Speicher authored 
      Fix visibility of snippets when searching

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18997

See merge request !1972
      a61b4013
    • Robert Speicher's avatar
      Merge branch '19102-fix' into 'master' · 7917cbbb
      Robert Speicher authored 
      Fix an information disclosure when requesting access to a group containing private projects

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/19102.

The commit speaks for itself:

    Fix an information disclosure when requesting access to a group containing private projects
    
    The issue was with the `User#groups` and `User#projects` associations
    which goes through the `User#group_members` and `User#project_members`.
    
    Initially I chose to use a secure approach by storing the requester's
    user ID in `Member#created_by_id` instead of `Member#user_id` because I
    was aware that there was a security risk since I didn't know the
    codebase well enough.
    
    Then during the review, we decided to change that and directly store the
    requester's user ID into `Member#user_id` (for the sake of simplifying
    the code I believe), meaning that every `group_members` / `project_members`
    association would include the requesters by default...
    
    My bad for not checking that all the `group_members` / `project_members`
    associations and the ones that go through them (e.g. `Group#users` and
    `Project#users`) were made safe with the `where(requested_at: nil)` /
    `where(members: { requested_at: nil })` scopes.
    
    Now they are all secure.

See merge request !1973
      7917cbbb
    • Rémy Coutable's avatar
      Merge branch 'fix-changelog-entries' into 'master' · 78596dcd
      Rémy Coutable authored 
      Remove duplicate changelog entry

## What does this MR do?

Removes a changelog entry from 8.9.1, which is only present in 8.10



See merge request !4937
      78596dcd
  5. 26 Jun, 2016 2 commits
  7. 25 Jun, 2016 1 commit
  9. 24 Jun, 2016 7 commits
  11. 23 Jun, 2016 19 commits
  13. 22 Jun, 2016 3 commits
    • Achilleas Pipinellis's avatar
      Merge branch 'award-emoji-docs' into 'master' · 034810fa
      Achilleas Pipinellis authored 
      Expand on Award Emoji documentation, update/add screenshots.

Adds documentation for award emoji now that comments can be awarded with emojis.

See also !4291 and #18906

Closes #9091

cc: @virtuacreative @axil

See merge request !4839
Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
      034810fa
    • Douwe Maan's avatar
      Merge branch 'fix-network-links' into 'master' · ad115883
      Douwe Maan authored 
      Fix Network graph links.

## What does this MR do?

Fixes the Network graph links so they no longer link to `/master#{escape_javascript(@commit_url)}`

## Are there points in the code the reviewer needs to double check?

Don't think so.

## Why was this MR needed?

Single quotes don't evaluate Ruby expressions.

## What are the relevant issue numbers?

Fixes #18894.

cc: @jschatz1

See merge request !4832
Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
      ad115883
    • Achilleas Pipinellis's avatar
      Merge branch 'expiry' into 'master' · 1e34a81c
      Achilleas Pipinellis authored 
      Clarify artifact expiry

## What does this MR do?

Clarifies documentation about artifact expiry.

## Are there points in the code the reviewer needs to double check?

## Why was this MR needed?

## What are the relevant issue numbers?

## Screenshots (if relevant)

See merge request !4831
Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
      1e34a81c
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7