Commits · 667065700bc2ef4c687043d9e6ef5eb500df09a3 · Kazuhiko Shiozaki / gitlab-ce

10 Dec, 2015 22 commits

Merge branch 'user_file_uploads_documentation' into 'master' · 66706570

Achilleas Pipinellis authored Dec 10, 2015

Document file upload random uuid security

This documents the current state of file uploads regarding random UUID and security.
Fixes #3569 

Thanks to @DouweM for the language.

cc/ @sytses @JobV @axil Does this look OK?

See merge request !2055

66706570

Merge branch 'feature/sidekiq-4' into 'master' · fb07f706

Dmitriy Zaporozhets authored Dec 10, 2015

Upgrade Sidekiq to 4.x

Upgraded Sidekiq to 4.x.
More details can be found here: #3065 

After merging this MR, we will require Redis 2.8+.

@stanhu have made a MR !1888 to reflect needed changes on our documentation.

See merge request !2057

fb07f706

Merge branch 'report-errors-on-service-creation' of https://gitlab.com/stanhu/gitlab-ce · 0d65f09f
Dmitriy Zaporozhets authored Dec 10, 2015

0d65f09f
Merge branch 'fix-edit-notes-on-merge-request-diff' into 'master' · 3f471532
Robert Speicher authored Dec 10, 2015
```
Fix editing notes on a merge request diff

Fixes #3910

See merge request !2041
```
3f471532
Upgraded Sidekiq to 4.x · 3e5b24d4
Gabriel Mazetto authored Dec 10, 2015

3e5b24d4
Merge remote-tracking branch 'origin/emoji_edit_disallow' · b20f677b
Dmitriy Zaporozhets authored Dec 10, 2015

b20f677b
Make selectors more specific when scroll to element · 9d6e5f0a
Douglas Barbosa Alexandre authored Dec 10, 2015

9d6e5f0a
Merge branch 'add-changelog-items' into 'master' · 746320ce
Robert Speicher authored Dec 10, 2015
```
Add missing changelog items

Closes #3973

[ci skip]

See merge request !2053
```
746320ce
Document file upload random uuid security · 63a1a581
Drew Blessing authored Dec 10, 2015

63a1a581
Make selectors more specific when setting the tab content · 67913670
Douglas Barbosa Alexandre authored Dec 10, 2015
```
Reason: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/2023
```
67913670
USe innerHtml to avoid slow performance on a MR with very large diff · 0c54c9a8
Douglas Barbosa Alexandre authored Dec 10, 2015

0c54c9a8
Add missing changelog items · 57af1231
Douwe Maan authored Dec 10, 2015

57af1231

Merge branch 'tmp-reference-pipeline-and-caching' into 'master' · 4e5897f5

Douwe Maan authored Dec 10, 2015

[Second try] Implement different Markdown rendering pipelines and cache Markdown

!1602 already got merged in bcd89a58, but it would appear the merge commit disappeared because of #3816 (or some other reason).

cc @rspeicher 

See merge request !2051

4e5897f5

Merge branch 'rs-snippets-clipboard' · 3bfedbd2
Douwe Maan authored Dec 10, 2015

3bfedbd2

Merge branch 'master' into tmp-reference-pipeline-and-caching · 10387f6b

Douwe Maan authored Dec 10, 2015

# Conflicts:
#	spec/lib/gitlab/markdown/autolink_filter_spec.rb
#	spec/lib/gitlab/markdown/commit_range_reference_filter_spec.rb
#	spec/lib/gitlab/markdown/commit_reference_filter_spec.rb
#	spec/lib/gitlab/markdown/cross_project_reference_spec.rb
#	spec/lib/gitlab/markdown/emoji_filter_spec.rb
#	spec/lib/gitlab/markdown/external_issue_reference_filter_spec.rb
#	spec/lib/gitlab/markdown/external_link_filter_spec.rb
#	spec/lib/gitlab/markdown/issue_reference_filter_spec.rb
#	spec/lib/gitlab/markdown/label_reference_filter_spec.rb
#	spec/lib/gitlab/markdown/merge_request_reference_filter_spec.rb
#	spec/lib/gitlab/markdown/redactor_filter_spec.rb
#	spec/lib/gitlab/markdown/reference_gatherer_filter_spec.rb
#	spec/lib/gitlab/markdown/relative_link_filter_spec.rb
#	spec/lib/gitlab/markdown/sanitization_filter_spec.rb
#	spec/lib/gitlab/markdown/snippet_reference_filter_spec.rb
#	spec/lib/gitlab/markdown/syntax_highlight_filter_spec.rb
#	spec/lib/gitlab/markdown/table_of_contents_filter_spec.rb
#	spec/lib/gitlab/markdown/task_list_filter_spec.rb
#	spec/lib/gitlab/markdown/upload_link_filter_spec.rb
#	spec/lib/gitlab/markdown/user_reference_filter_spec.rb

10387f6b

Don't allow to edit award emoji comments · e3ee46a1
Valery Sizov authored Dec 10, 2015

e3ee46a1

Merge branch 'rs-reset-db' into 'master' · bdc62d70

Kamil Trzciński authored Dec 10, 2015

Run db:reset before db:create on CI

Should prevent build failures caused by missing migrations, such as
https://gitlab.com/gitlab-org/gitlab-ce/builds/439927

See merge request !2045

bdc62d70

Merge branch 'devise_paranoid_mode' into 'master' · ba79d1e5

Robert Speicher authored Dec 10, 2015

Enable Devise paranoid mode and ensure the returned message is the same
every time. This will prevent user enumeration (low impact). 

Prior to this change a user could type an email in the password reset
field and if the email didn't exist it returned an error. If the email
was valid it returned a message saying the forgot password link had been
emailed. After this change the user will receive a message that if the
email is in our database the reset link will be emailed. 

I also changed the throttle mechanism so it still works the same but
now returns the exact same message as above. Previously it would say
'You've already sent a request. Wait a few minutes'. This also allows
user enumeration, although it requires a double-check.

Related to https://dev.gitlab.org/gitlab/gitlabhq/issues/2624

See merge request !2044

ba79d1e5

Merge branch 'ui-fix' into 'master' · 19837682

Dmitriy Zaporozhets authored Dec 10, 2015

Fix list with controls display

Introduced in !2025

## Before

![before](/uploads/969f021f1f97062439cc4e836f29bdf6/before.png)

## After

![after](/uploads/defd46ddbd8392625848dfd3ac067869/after.png)
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>


See merge request !2048

19837682

Use devise paranoid mode and ensure the same message is returned every time · f4ec906e
Drew Blessing authored Dec 09, 2015
```
Skipped CI because it has already passed. Had to rebase due to CHANGELOG.
```
f4ec906e
Merge pull request #9897 from atomaka/atomaka/bugfix/consistent-no-ssh-message · 0549b5e8
Dmitriy Zaporozhets authored Dec 10, 2015
```
Fix inconsistency with no ssh key message
```
0549b5e8
Fix list with controls display · ab8ab9b1
Dmitriy Zaporozhets authored Dec 10, 2015
```
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
```
ab8ab9b1

09 Dec, 2015 18 commits
- Merge remote-tracking branch 'dev/master' into 'master' · 8dc689cf
  Robert Speicher authored Dec 09, 2015
  
  8dc689cf
- Merge branch 'yaml_safe_load' into 'master' · e5f4f1d1
  Robert Speicher authored Dec 09, 2015
```
Use YAML.safe_load

See merge request !1941
```
  e5f4f1d1
- Merge branch 'issue_3854' into 'master' · 57f7a4db
  Dmitriy Zaporozhets authored Dec 09, 2015
```
Downcase commit author email for matching with users

Closes #3854 

See merge request !1992
```
  57f7a4db
- Merge branch 'move-network' · d7044c5c
  Dmitriy Zaporozhets authored Dec 09, 2015
  
  d7044c5c
- Merge branch 'rs-delimit-build-counts' into 'master' · 8f689250
  Dmitriy Zaporozhets authored Dec 09, 2015
```
Add number_with_delimiter to build counts



See merge request !2046
```
  8f689250
- "No ssh" message should be same on project page · 48bf0a34
  Andrew Tomaka authored Dec 09, 2015
  
  48bf0a34
- Allow [Symbol] when loading YAML · b4b9df27
  Kamil Trzciński authored Dec 09, 2015
  
  b4b9df27
- Merge branch 'fix-migrations' into 'master' · 9b327787
  Dmitriy Zaporozhets authored Dec 09, 2015
```
Fix migrations for postgres on test environment

Make `be rake db:migrate:reset RAILS_ENV=test` work
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

See merge request !2002
```
  9b327787
- Merge remote-tracking branch 'origin/mr-broken' · 7a4d4685
  Dmitriy Zaporozhets authored Dec 09, 2015
```
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
```
  7a4d4685
- Add copy-to-clipboard button to Snippets#show · cbac31d9
  Robert Speicher authored Dec 08, 2015
```
Closes #3701
```
  cbac31d9
- Use YAML.safe_load · c5dacce4
  Kamil Trzciński authored Dec 09, 2015
  
  c5dacce4
- Update CHANGELOG · 7b50965e
  Robert Speicher authored Dec 09, 2015
```
[ci skip]
```
  7b50965e
- Add number_with_delimiter to build counts · 98958dec
  Robert Speicher authored Dec 09, 2015
  
  98958dec
- Merge branch 'fix-typos' into 'master' · 4bcbb617
  Robert Speicher authored Dec 09, 2015
```
Fix typos in integration docs

[ci skip]

See merge request !1999
```
  4bcbb617
- Run db:reset before db:create on CI · 86aa5355
  Robert Speicher authored Dec 09, 2015
  
  86aa5355
- Merge branch 'master' into fix-edit-notes-on-merge-request-diff · 4a29669d
  Douglas Barbosa Alexandre authored Dec 09, 2015
  
  4a29669d
- Merge branch 'master' into 'master' · cfe46f48
  Robert Speicher authored Dec 09, 2015
```
Update init script only once

The init script is already being updated in section 6.

See merge request !2038

[ci skip]
```
  cfe46f48
- Merge branch 'rs-default-clone-fixes' into 'master' · b255aad2
  Robert Speicher authored Dec 09, 2015
```
Simplify shared User SSH key steps

See merge request !2043
```
  b255aad2