- 05 Mar, 2019 2 commits
-
-
Yorick Peterse authored
Display only information visible to current user on Milestone detail See merge request gitlab/gitlabhq!2803
-
Jarka Košanová authored
Display only labels and assignees of issues visible by the currently logged user Display only issues visible to user in the burndown chart
-
- 04 Mar, 2019 24 commits
-
-
Yorick Peterse authored
[master] Check issue milestone availability See merge request gitlab/gitlabhq!2788
-
Yorick Peterse authored
Don't allow non-members to see private related MRs Closes #2787 See merge request gitlab/gitlabhq!2866
-
Yorick Peterse authored
Forbid creating discussions for users with restricted access Closes #2788 See merge request gitlab/gitlabhq!2868
-
Igor Drozdov authored
-
Yorick Peterse authored
Fix leaking private repository information in API See merge request gitlab/gitlabhq!2881
-
Yorick Peterse authored
Prevent Releases links API to leak tag existence Closes #2795 See merge request gitlab/gitlabhq!2893
-
Yorick Peterse authored
Disable issue board policies when issues are disabled Closes #2798 See merge request gitlab/gitlabhq!2894
-
Yorick Peterse authored
Show only MRs visible to user on milestone detail See merge request gitlab/gitlabhq!2895
-
Yorick Peterse authored
Sharing a public project with a private group makes the group page publicly accessible See merge request gitlab/gitlabhq!2896
-
Yorick Peterse authored
Merge branch '2802-security-add-public-internal-groups-as-members-to-your-project-idor' into 'master' Add public/internal groups as members to your Project(IDOR) See merge request gitlab/gitlabhq!2898
-
Yorick Peterse authored
Block local URLs for Kubernetes integration See merge request gitlab/gitlabhq!2901
-
Yorick Peterse authored
Validate session key when authorizing with GCP to create a cluster Closes #2805 See merge request gitlab/gitlabhq!2902
-
Yorick Peterse authored
Check snippet attached file to be moved is within designated directory Closes #2806 See merge request gitlab/gitlabhq!2903
-
Yorick Peterse authored
Fix blind SSRF in Prometheus Integration See merge request gitlab/gitlabhq!2907
-
Reuben Pereira authored
Check validity before querying so that if the dns entry for the api_url has been changed to something invalid after the model was saved and checked for validity, it will not query. This is to solve a toctou (time of check to time of use) issue.
-
Yorick Peterse authored
[master] Remove link after issue move when no permissions See merge request gitlab/gitlabhq!2921
-
Yorick Peterse authored
Stop linking to unrecognized package sources See merge request gitlab/gitlabhq!2933
-
Yorick Peterse authored
Fix git clone revealing private repo's presence See merge request gitlab/gitlabhq!2937
-
Yorick Peterse authored
Arbitrary file read via MergeRequestDiff Closes #2814 See merge request gitlab/gitlabhq!2947
-
Francisco Javier López authored
-
Yorick Peterse authored
Limit number of characters allowed in mermaidjs See merge request gitlab/gitlabhq!2964
-
Yorick Peterse authored
[master] Prevent disclosing project milestone titles Closes #2794 See merge request gitlab/gitlabhq!2965
-
Yorick Peterse authored
Filter impersonated sessions from active sessions and remove ability to revoke session See merge request gitlab/gitlabhq!2968
-
Yorick Peterse authored
Ensure request to link GroupSAML acount was GitLab initiated See merge request gitlab/gitlabhq!2976
-
- 28 Feb, 2019 2 commits
-
-
Małgorzata Ksionek authored
-
GitLab Release Tools Bot authored
[ci skip]
-
- 27 Feb, 2019 12 commits
-
-
Imre Farkas authored
Session ID is used as a parameter for the revoke session endpoint but it should never be included in the HTML as an attacker could obtain it via XSS.
-
Imre Farkas authored
-
Kamil Trzciński authored
Persist source sha and target sha for merge pipelines See merge request gitlab-org/gitlab-ce!25417
-
Ramya Authappan authored
Quarantine failing push_mirroring_over_http_spec See merge request gitlab-org/gitlab-ce!25590
-
Shinya Maeda authored
source_sha and target_sha are used for merge request pipelines
-
Sanad Liaquat authored
-
James Lopez authored
Added permissions section to issue template [CE] See merge request gitlab-org/gitlab-ce!25576
-
Jeremy Watson authored
-
Rajat Jain authored
-
Kushal Pandya authored
Update operations settings breadcrumb trail Closes #56387 See merge request gitlab-org/gitlab-ce!25539
-
Evan Read authored
Elaborate on POSTGRES_VERSION Auto DevOps setting See merge request gitlab-org/gitlab-ce!25579
-
Dylan Griffith authored
-