- 22 Jan, 2019 40 commits
-
-
Stan Hu authored
To prevent an OAuth2 covert redirect vulnerability, this commit adds and uses an alias for the GitHub and BitBucket OAuth2 callback URLs to the following paths: GitHub: /users/auth/-/import/github Bitbucket: /users/auth/-/import/bitbucket This allows admins to put a more restrictive callback URL in the OAuth2 configuration settings. Instead of https://example.com, admins can now use: https://example.com/users/auth It's possible but not trivial to change Devise and OmniAuth to use a different prefix for callback URLs instead of /users/auth. For now, aliasing the import URLs under the /users/auth namespace should suffice. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56663
-
Kamil Trzciński authored
Adds inter-service OpenTracing propagation See merge request gitlab-org/gitlab-ce!24239
-
Annabel Dunstone Gray authored
fix(labels): Move the primary button out of breadcrumbs and into the project section Closes #56558 See merge request gitlab-org/gitlab-ce!24516
-
Martin Hobert authored
-
Nick Thomas authored
Upgrade gitlab-workhorse to 8.1.0 See merge request gitlab-org/gitlab-ce!24571
-
Andrew Newdigate authored
-
Kushal Pandya authored
Improve localTimeAgo rendering Closes #56327 See merge request gitlab-org/gitlab-ce!24389
-
Kamil Trzciński authored
Removes factories on Cluster background migration See merge request gitlab-org/gitlab-ce!24536
-
Douglas Barbosa Alexandre authored
Hashed Storage: `AfterRenameService` was not renaming Pages or Uploads folder on legacy storage Closes #56636 See merge request gitlab-org/gitlab-ce!24526
-
Rémy Coutable authored
Refactor Sidekiq workers to reduce differences between CE and EE See merge request gitlab-org/gitlab-ce!24466
-
Achilleas Pipinellis authored
Edits to issues CSV import docs See merge request gitlab-org/gitlab-ce!24554
-
Mike Lewis authored
-
Andrew Newdigate authored
This change allows the GitLab rails and sidekiq components to receive tracing spans from upstream services such as Workhorse and pass these spans on to downstream services including Gitaly and Sidekiq. This change will also emit traces for incoming and outgoing requests using the propagated trace information. This will allow operators and engineers to view traces across the Workhorse, GitLab Rails, Sidekiq and Gitaly components. Additional intra-service instrumentation will be added in future changes.
-
Sean McGivern authored
Changed the Caching of User Avatars to be public and to 5 minutes See merge request gitlab-org/gitlab-ce!24546
-
Grzegorz Bizon authored
Resolve "When ref is ambiguous, `CreatePipelineService` raises an error" Closes #55966 See merge request gitlab-org/gitlab-ce!24437
-
Phil Hughes authored
Make favicon tests more fault resistent Closes #50527 See merge request gitlab-org/gitlab-ce!22686
-
Mayra Cabrera authored
'Populate cluster kubernetes namespace' was using factories for their specs. According to our documentation (see spec/migrations/readme.md), we should use table helper to create a temproary ActiveRecord::Base derived model for a table.
-
Lukas Eipert authored
-
Kamil Trzciński authored
Update GitLab Runner Helm Chart to 0.1.45 See merge request gitlab-org/gitlab-ce!24564
-
Tomasz Maczukin authored
-
Kushal Pandya authored
Resolve "Related merge requests in issue design - Restyle" Closes #47007 See merge request gitlab-org/gitlab-ce!24270
-
Rémy Coutable authored
Change Monitoring to Monitor in docs dangerfile See merge request gitlab-org/gitlab-ce!24570
-
Stan Hu authored
Resolve "Limit sidekiq logging based on argument size" Closes #56547 See merge request gitlab-org/gitlab-ce!24493
-
Douwe Maan authored
Use Gitaly 1.14.0 See merge request gitlab-org/gitlab-ce!24562
-
Achilleas Pipinellis authored
-
Rémy Coutable authored
[QA] Backport Repository::Push and Git::Repository from EE See merge request gitlab-org/gitlab-ce!24558
-
Rémy Coutable authored
Resolve "Inconsistent text color for labels" Closes #53714 See merge request gitlab-org/gitlab-ce!23873
-
Achilleas Pipinellis authored
Fix typos in dev & test docu See merge request gitlab-org/gitlab-ce!24539
-
Achilleas Pipinellis authored
Add hyperlink to PAT doco Closes #56650 See merge request gitlab-org/gitlab-ce!24551
-
Achilleas Pipinellis authored
Add notes about gitaly network architecture See merge request gitlab-org/gitlab-ce!24563
-
Lin Jen-Shin authored
Move the CNG triggering to a dedicated job in the `test` stage Closes #56660 See merge request gitlab-org/gitlab-ce!24538
-
Douglas Barbosa Alexandre authored
Resolve "Redirect projects/:id to project page" Closes #53671 See merge request gitlab-org/gitlab-ce!24467
-
Gabriel Mazetto authored
We still rely on the Dirty API for project rename (before/after) values, but we don't access the dirty api from the service class anymore. The previous value is now part of the initialization, which makes it easier to test and the behavior is clearer. The same was done with the `rename_repo` on the Storage classes, we now provide before and after values as part of the method signature.
-
Tim Zallmann authored
Also removed unnecessary comment
-
Jacob Vosmaer authored
-
Jacob Vosmaer authored
-
Sean McGivern authored
When logging arguments from Sidekiq to JSON, restrict the size of `args` to 10 KB (when converted to JSON). This is to avoid blowing up with excessively large job payloads.
-
Filipa Lacerda authored
Resolve "Changing group visibility does not re-enable Save button" Closes #53856 See merge request gitlab-org/gitlab-ce!23022
-
Douwe Maan authored
Add CSS & JS global flags to represent browser and platform Closes #50013 See merge request gitlab-org/gitlab-ce!24017
-
Mek Stittri authored
Document better the process around quarantined tests See merge request gitlab-org/gitlab-ce!24452
-