1. 30 Jun, 2016 7 commits
    • Fatih Acet's avatar
      Merge branch 'commit-avatar-alignment' into 'master' · 04c2c88b
      Fatih Acet authored
      Fixed comit avatar alignment
      
      ## What does this MR do?
      
      Fixes the alignment of the avatar on https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG
      
      Also fixes potential issues in other places.
      
      ## Screenshots (if relevant)
      
      ![Screen_Shot_2016-06-27_at_10.58.26](/uploads/fa4f50cfc30a870422d1afa63a4331d1/Screen_Shot_2016-06-27_at_10.58.26.png)![Screen_Shot_2016-06-27_at_10.58.35](/uploads/bd7dc3cf77464c1775fabb45b8079f02/Screen_Shot_2016-06-27_at_10.58.35.png)
      
      See merge request !4933
      (cherry picked from commit 8cada02d)
      04c2c88b
    • Jacob Schatz's avatar
      Merge branch 'label-filter-path-fix' into 'master' · eb7356a4
      Jacob Schatz authored
      Fixed URL on label button when filtering
      
      ## What does this MR do?
      
      Gives the filtered labels the correct URL. Previously they tried to link to `labels#show` whereas now it links to the correct filter path.
      
      ## What are the relevant issue numbers?
      
      Closes #19005
      
      See merge request !4897
      (cherry picked from commit d3d9df5a)
      eb7356a4
    • Fatih Acet's avatar
      Merge branch 'fix_filebrowser_reload' into 'master' · aae44444
      Fatih Acet authored
      File Browser navigation fixes
      
      Fixes a double request being made when clicking the file name when navigating through file browser and also fixes opening a file in a new tab or when doing ctrl + click.
      
      Closes #19050
      
      **Before**
      
      ![navigation-old](/uploads/f9a40c91e430e31beae3a896cffb1c68/navigation-old.gif)
      
      **After**
      
      ![navigation](/uploads/dec9b43894c00cc09d80d19c83506530/navigation.gif)
      
      See merge request !4891
      (cherry picked from commit b32a6add)
      aae44444
    • Dmitriy Zaporozhets's avatar
      Merge branch '19003-file-view-subnav' into 'master' · d3b28207
      Dmitriy Zaporozhets authored
      Resolve "Sub nav isn't showing on file view"
      
      ## What does this MR do?
      Adds subnav to `Repository` > `File` view
      
      ## What are the relevant issue numbers?
      Closes #19003
      Part of #18844
      
      ## Screenshots (if relevant)
      ![Screen_Shot_2016-06-23_at_5.33.05_PM](/uploads/aa6993b2376dbe454af87d852aa74f5e/Screen_Shot_2016-06-23_at_5.33.05_PM.png)
      
      cc @dzaporozhets
      
      See merge request !4890
      (cherry picked from commit 2efee5f6)
      d3b28207
    • Jacob Schatz's avatar
      Merge branch 'search-input-blur' into 'master' · 966eedd3
      Jacob Schatz authored
      Fixed search field blur not removing focus
      
      ## What does this MR do?
      
      Adds a blur event to remove focus styling from the search input.
      
      Any particular reason we were looking for clicks on the document? I can't see why we would be.
      
      ## What are the relevant issue numbers?
      
      Closes #18670
      
      ## Screenshots (if relevant)
      
      ![tab](/uploads/4c74d4f76ec7b45bfcf581606d2defb5/tab.gif)
      
      See merge request !4704
      (cherry picked from commit c051630a)
      966eedd3
    • Douwe Maan's avatar
      Merge branch '18033-private-repo-mentions' into 'master' · 70fd0177
      Douwe Maan authored
      Ensure logged-out users can't see private refs
      
      https://gitlab.com/gitlab-org/gitlab-ce/issues/18033
      
      I'm still not sure what to do about the CHANGELOG on security issues - should I add to a patch release? This issue was assigned to 8.10.
      
      See merge request !1974
      (cherry picked from commit 3a6ebb1f)
      70fd0177
    • Douwe Maan's avatar
      Merge branch '19312-confidential-issue' into 'master' · ad421b3a
      Douwe Maan authored
      Fix privilege escalation issue with OAuth external users
      
      Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/19312
      
      This MR fixes a privilege escalation issue, where manually set external users would be reverted back to internal users if they logged in via OAuth and that provider was not in the `external_providers` list.
      
      /cc @douwe
      
      See merge request !1975
      (cherry picked from commit 5e6342b7)
      ad421b3a
  2. 29 Jun, 2016 6 commits
  3. 28 Jun, 2016 11 commits
  4. 27 Jun, 2016 6 commits
    • Robert Speicher's avatar
      Update CHANGELOG for 8.9.2 · a87c99f7
      Robert Speicher authored
      [ci skip]
      a87c99f7
    • Robert Speicher's avatar
      Update VERSION to 8.9.2 · bf922fbd
      Robert Speicher authored
      bf922fbd
    • Stan Hu's avatar
      Merge branch 'update-omniauth-saml' into 'master' · 7cf41bf5
      Stan Hu authored
      Update omniauth-saml to 1.6.0 to address a security vulnerability in ruby-saml
      
      ## What does this MR do?
      
      Updates `omniauth-saml` to bring in the new `ruby-saml` dependency that addresses [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697)
      
      Fixes #19206
      
      See merge request !4951
      7cf41bf5
    • Robert Speicher's avatar
      Merge branch 'fix-18997' into 'master' · a61b4013
      Robert Speicher authored
      Fix visibility of snippets when searching
      
      Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18997
      
      See merge request !1972
      a61b4013
    • Robert Speicher's avatar
      Merge branch '19102-fix' into 'master' · 7917cbbb
      Robert Speicher authored
      Fix an information disclosure when requesting access to a group containing private projects
      
      Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/19102.
      
      The commit speaks for itself:
      
          Fix an information disclosure when requesting access to a group containing private projects
          
          The issue was with the `User#groups` and `User#projects` associations
          which goes through the `User#group_members` and `User#project_members`.
          
          Initially I chose to use a secure approach by storing the requester's
          user ID in `Member#created_by_id` instead of `Member#user_id` because I
          was aware that there was a security risk since I didn't know the
          codebase well enough.
          
          Then during the review, we decided to change that and directly store the
          requester's user ID into `Member#user_id` (for the sake of simplifying
          the code I believe), meaning that every `group_members` / `project_members`
          association would include the requesters by default...
          
          My bad for not checking that all the `group_members` / `project_members`
          associations and the ones that go through them (e.g. `Group#users` and
          `Project#users`) were made safe with the `where(requested_at: nil)` /
          `where(members: { requested_at: nil })` scopes.
          
          Now they are all secure.
      
      See merge request !1973
      7917cbbb
    • Rémy Coutable's avatar
      Merge branch 'fix-changelog-entries' into 'master' · 78596dcd
      Rémy Coutable authored
      Remove duplicate changelog entry
      
      ## What does this MR do?
      
      Removes a changelog entry from 8.9.1, which is only present in 8.10
      
      
      
      See merge request !4937
      78596dcd
  5. 26 Jun, 2016 2 commits
  6. 25 Jun, 2016 1 commit
  7. 24 Jun, 2016 7 commits