1. 17 Jan, 2018 5 commits
    • Stan Hu's avatar
      Merge branch 'sh-validate-path-project-import-10-3' into 'security-10-3' · 1f96512b
      Stan Hu authored
      Validate project path in Gitlab import - 10.3 port
      
      See merge request gitlab/gitlabhq!2268
      
      (cherry picked from commit 94c82376d66fc80d46dd2d5eeb5bade408ec6a7e)
      
      2b94a7c2 Validate project path in Gitlab import
      1f96512b
    • Robert Speicher's avatar
      Merge branch 'milestones-finder-order-fix' into 'security-10-3' · 8f4b0613
      Robert Speicher authored
      Remove order param from the MilestoneFinder
      
      See merge request gitlab/gitlabhq!2259
      
      (cherry picked from commit 14408042e78f2ebc2644f956621b461dbfa3d36d)
      
      155881e7 Remove order param from the MilestoneFinder
      8f4b0613
    • Jacob Schatz's avatar
      Merge branch 'label-xss-10-3' into 'security-10-3' · 6846b70d
      Jacob Schatz authored
      [10.3] Fix XSS in issue label dropdown
      
      See merge request gitlab/gitlabhq!2253
      
      (cherry picked from commit 363ffabcebd7bb0d1a2d59ca1a75e4eadb4a4360)
      
      ea1fb0ea Fix XSS in issue label dropdown
      6846b70d
    • Robert Speicher's avatar
      Merge branch 'ac/41346-xss-ci-job-output' into 'security-10-3' · 72a57525
      Robert Speicher authored
      [10.3] Fix XSS vulnerability in Pipeline job trace
      
      See merge request gitlab/gitlabhq!2258
      
      (cherry picked from commit 44caa80ed9a2514a74a5eeab10ff51849d64851b)
      
      5f86f3ff Fix XSS vulnerability in Pipeline job trace
      72a57525
    • Stan Hu's avatar
      Merge branch... · 0424801e
      Stan Hu authored
      Merge branch 'security-10-3-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-3'
      
      Filter out sensitive fields from the project services API
      
      See merge request gitlab/gitlabhq!2281
      
      (cherry picked from commit 476f2576444632f2a9a61b4cead9c1077f2c81d7)
      
      2bcbbda0 Filter out sensitive fields from the project services API
      0424801e
  2. 16 Jan, 2018 35 commits