- 03 Aug, 2016 3 commits
-
-
Kirill Smelkov authored
The default was switched to HTTP in the previous patch, but let's completely remove SSH option - we support only HTTP for git fetch/push.
-
Kirill Smelkov authored
Both fetch and push are possible over https, which is selected by http if gitlab was configured to use https in external url. This way to reduce security vectors and possible ways to interact with gitlab we use https only without ssh at all.
-
Kirill Smelkov authored
= GitLab Community Edition + Nexedi patches
-
- 30 Jun, 2016 3 commits
-
-
Robert Speicher authored
-
Douwe Maan authored
Ensure logged-out users can't see private refs https://gitlab.com/gitlab-org/gitlab-ce/issues/18033 I'm still not sure what to do about the CHANGELOG on security issues - should I add to a patch release? This issue was assigned to 8.10. See merge request !1974 (cherry picked from commit 3a6ebb1f)
-
Douwe Maan authored
Fix privilege escalation issue with OAuth external users Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/19312 This MR fixes a privilege escalation issue, where manually set external users would be reverted back to internal users if they logged in via OAuth and that provider was not in the `external_providers` list. /cc @douwe See merge request !1975 (cherry picked from commit 5e6342b7)
-
- 28 Jun, 2016 1 commit
-
-
Robert Speicher authored
-
- 27 Jun, 2016 2 commits
-
-
Robert Speicher authored
Fix visibility of snippets when searching Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18997 See merge request !1972 (cherry picked from commit 8a197c15)
-
Stan Hu authored
Update omniauth-saml to 1.6.0 to address a security vulnerability in ruby-saml Updates `omniauth-saml` to bring in the new `ruby-saml` dependency that addresses [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697) Fixes #19206 See merge request !4951 (cherry picked from commit c3a8b252)
-
- 15 Jun, 2016 1 commit
-
-
Tomasz Maczukin authored
-
- 14 Jun, 2016 4 commits
-
-
Robert Speicher authored
Only show notes through JSON on confidential issues that the user has access to Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18535 See merge request !1970
-
Tomasz Maczukin authored
-
Robert Speicher authored
Forbid scripting for wiki files Wiki files (not pages - files in the repo) are just sent to the browser with whatever content-type the mime_types gem assigns to them based on their extension. As this is from the same domain as the GitLab application, this is an XSS vulnerability. Set a CSP forbidding all sources for scripting, CSS, XHR, etc. on these files. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/17298. See merge request !1969
-
Douwe Maan authored
Remove 'unscoped' from project builds selection This is a fix for this security bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/18188 /cc @kamil @grzegorz @stanhu See merge request !1968
-
- 20 May, 2016 1 commit
-
-
Yorick Peterse authored
-
- 19 May, 2016 5 commits
-
-
Yorick Peterse authored
-
Yorick Peterse authored
-
Robert Speicher authored
fix typo making gitlab.com importing to fail Fixes https://gitlab.com/gitlab-org/gitlab-ee/issues/565 See merge request !4181
-
Rémy Coutable authored
Use the relative url prefix for links in Wiki Retry of gitlab-org/gitlab-ce!4026 @rymai !4050 solved all other problems how it looks like. I [tested](https://gitlab.com/artem-forks/gitlab-ce/commit/ff01eca7b559efa7cacf3412aa01cd8ae8a6db7e/builds) this with ruby22 Fixes #17071 See merge request !4131
-
Rémy Coutable authored
Create import data in service and fix timing issues when scheduling job Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/17401 Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/17376 See merge request !4106
-
- 12 May, 2016 6 commits
-
-
Yorick Peterse authored
-
Yorick Peterse authored
-
Robert Speicher authored
Fix an issue when filtering merge requests with more than one label Fixes #15529. See merge request !3886
-
Yorick Peterse authored
-
Stan Hu authored
Fix build notification on merge request page change even if the build status didn't change ## What does this MR do? This MR contains a bugfix for #17357 which was introduced by !3998. The notification are now only shown on status changes, and not when switching between different merge requests. ## Are there points in the code the reviewer needs to double check? Check implementation ## Why was this MR needed? Because auf a bug introduced in !3998. ## What are the relevant issue numbers? #17357 Closes #17357 See merge request !4086
-
Rémy Coutable authored
Relative Links in the Wiki Are Broken - [ ] #16568 (!4050) Relative links in wiki are broken - [x] Investigate issue - [x] Implementation / Fix - [x] Write (failing) tests for `WikiLinkFilter` - [x] Link to `./bar` should either get rewritten correctly or left alone - [x] Link to `./bar.md` should maybe get rewritten correctly (is left alone currently) - [x] Link to `bar.md` should get rewritten correctly - [x] Check if this indeed a bug - [x] Make sure CI is green - [x] Assign to endboss - [x] Wait for review - [x] Implement review feedback - [ ] Wait for merge See merge request !4050
-
- 11 May, 2016 14 commits
-
-
Yorick Peterse authored
This MR never made it into 8.7.4.
-
Yorick Peterse authored
-
Yorick Peterse authored
[ci skip]
-
Yorick Peterse authored
This reverts commit d1ba0986.
-
Yorick Peterse authored
[ci skip]
-
Yorick Peterse authored
-
Yorick Peterse authored
-
Robert Speicher authored
Use a case-insensitive check to compare URI schemes Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/17299 See merge request !1965
-
Robert Speicher authored
Add if exists to drop command Add `IF EXISTS` as a precaution. Related to gitlab-org/gitlab-ce!4020 See merge request !4100
-
Robert Speicher authored
Rake drop tables with cascade See merge request !4020
-
Stan Hu authored
Fix build notification on merge request page change even if the build status didn't change ## What does this MR do? This MR contains a bugfix for #17357 which was introduced by !3998. The notification are now only shown on status changes, and not when switching between different merge requests. ## Are there points in the code the reviewer needs to double check? Check implementation ## Why was this MR needed? Because auf a bug introduced in !3998. ## What are the relevant issue numbers? #17357 Closes #17357 See merge request !4086
-
Robert Speicher authored
Allow Redmine issue references to work as intended Closes #14527 and #14894 See merge request !4048
-
Robert Speicher authored
Use sign out path only if not empty Fixes: https://github.com/gitlabhq/gitlabhq/issues/10066 See merge request !3989
-
Rémy Coutable authored
Pass trusted_proxies to action_dispatch as IPAddrs instead of strings Without this setting your own trusted_proxies does not work. Fixes an issue introduce in: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3524 Fixes: https://gitlab.com/gitlab-org/gitlab-ce/issues/17004 See merge request !3970
-