1. 29 Jun, 2016 4 commits
    • Yorick Peterse's avatar
      Merge branch 'make-max-member-access-faster' into 'master' · f3de17fd
      Yorick Peterse authored
      Reduce overhead and optimize ProjectTeam#max_member_access performance
      
      See merge request !4973
      (cherry picked from commit d33991f8)
      f3de17fd
    • Jacob Schatz's avatar
      Merge branch '17295_discussion_note' into 'master' · 428f5630
      Jacob Schatz authored
      Fixes missing avatar on system notes
      
      Closes #17295
      
      ![Screen_Shot_2016-06-27_at_12.50.50_PM](/uploads/b142226e608ccfe751a9b6059f57c9ec/Screen_Shot_2016-06-27_at_12.50.50_PM.jpg)
      
      See merge request !4954
      (cherry picked from commit 9e8fdead)
      428f5630
    • Jacob Schatz's avatar
      Merge branch 'filter-fade-fix' into 'master' · c83db6b7
      Jacob Schatz authored
      Removed fade when filtering results
      
      ## What does this MR do?
      
      Removes the `opacity` change when filtering results seeing as we now do `Turbolinks.visit` it isn't required.
      
      Best way to see issue - filter issues & then go back. Will still have opacity styling.
      
      See merge request !4932
      (cherry picked from commit bef4294c)
      c83db6b7
    • Jacob Schatz's avatar
      Merge branch 'new-mr-avatar-alignment' into 'master' · 2bb054c4
      Jacob Schatz authored
      Fixed avatar alignment in new MR view
      
      ## What does this MR do?
      
      Fixes the alignment of the avatar in new MR view.
      Closes #19076
      
      ## Screenshots (if relevant)
      
      ![Screen_Shot_2016-06-24_at_12.53.58](/uploads/fc94faf2e48f194852693b7ae79e8fa3/Screen_Shot_2016-06-24_at_12.53.58.png)
      
      See merge request !4901
      (cherry picked from commit 3611ee56)
      2bb054c4
  2. 28 Jun, 2016 11 commits
  3. 27 Jun, 2016 6 commits
    • Robert Speicher's avatar
      Update CHANGELOG for 8.9.2 · a87c99f7
      Robert Speicher authored
      [ci skip]
      a87c99f7
    • Robert Speicher's avatar
      Update VERSION to 8.9.2 · bf922fbd
      Robert Speicher authored
      bf922fbd
    • Stan Hu's avatar
      Merge branch 'update-omniauth-saml' into 'master' · 7cf41bf5
      Stan Hu authored
      Update omniauth-saml to 1.6.0 to address a security vulnerability in ruby-saml
      
      ## What does this MR do?
      
      Updates `omniauth-saml` to bring in the new `ruby-saml` dependency that addresses [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697)
      
      Fixes #19206
      
      See merge request !4951
      7cf41bf5
    • Robert Speicher's avatar
      Merge branch 'fix-18997' into 'master' · a61b4013
      Robert Speicher authored
      Fix visibility of snippets when searching
      
      Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18997
      
      See merge request !1972
      a61b4013
    • Robert Speicher's avatar
      Merge branch '19102-fix' into 'master' · 7917cbbb
      Robert Speicher authored
      Fix an information disclosure when requesting access to a group containing private projects
      
      Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/19102.
      
      The commit speaks for itself:
      
          Fix an information disclosure when requesting access to a group containing private projects
          
          The issue was with the `User#groups` and `User#projects` associations
          which goes through the `User#group_members` and `User#project_members`.
          
          Initially I chose to use a secure approach by storing the requester's
          user ID in `Member#created_by_id` instead of `Member#user_id` because I
          was aware that there was a security risk since I didn't know the
          codebase well enough.
          
          Then during the review, we decided to change that and directly store the
          requester's user ID into `Member#user_id` (for the sake of simplifying
          the code I believe), meaning that every `group_members` / `project_members`
          association would include the requesters by default...
          
          My bad for not checking that all the `group_members` / `project_members`
          associations and the ones that go through them (e.g. `Group#users` and
          `Project#users`) were made safe with the `where(requested_at: nil)` /
          `where(members: { requested_at: nil })` scopes.
          
          Now they are all secure.
      
      See merge request !1973
      7917cbbb
    • Rémy Coutable's avatar
      Merge branch 'fix-changelog-entries' into 'master' · 78596dcd
      Rémy Coutable authored
      Remove duplicate changelog entry
      
      ## What does this MR do?
      
      Removes a changelog entry from 8.9.1, which is only present in 8.10
      
      
      
      See merge request !4937
      78596dcd
  4. 26 Jun, 2016 2 commits
  5. 25 Jun, 2016 1 commit
  6. 24 Jun, 2016 7 commits
  7. 23 Jun, 2016 9 commits