- 23 Aug, 2018 2 commits
-
-
Kirill Smelkov authored
Both fetch and push are possible over https, which is selected by http if gitlab was configured to use https in external url. This way to reduce security vectors and possible ways to interact with gitlab we use https only without ssh at all.
-
Kirill Smelkov authored
= GitLab Community Edition + Nexedi patches
-
- 09 Aug, 2017 2 commits
-
-
James Edwards-Jones authored
-
James Edwards-Jones authored
[ci skip]
-
- 08 Aug, 2017 4 commits
-
-
Mike Greiling authored
Mark thunky as MIT license for license_finder See merge request !2165
-
Mike Greiling authored
Fix file disclosure via hidden symlinks using the project import (8.17) See merge request !2160
-
Mike Greiling authored
Ensure user and hostnames begin with an alnum character in UrlBlocker See merge request !2153
-
James Edwards-Jones authored
-
- 19 Jul, 2017 5 commits
-
-
James Edwards-Jones authored
-
James Edwards-Jones authored
[ci skip]
-
Sean McGivern authored
[8-17 security fix] Renders 404 if given project is not readable by the user on Todos dashboard See merge request !2136
-
Sean McGivern authored
Fix filename used for CHANGELOG entry See merge request !2140
-
Sean McGivern authored
Merge branch 'security-8-17-backport-33323-fix-incorrect-project-authorizations' into 'security-8-17' Escape the underscore char inside the LIKE operator See merge request !2134
-
- 05 May, 2017 4 commits
-
-
Lin Jen-Shin authored
-
Lin Jen-Shin authored
[ci skip]
-
Lin Jen-Shin authored
-
-
- 04 May, 2017 10 commits
-
-
Felipe Artur authored
-
Felipe Artur authored
-
Robert Speicher authored
New Hamlit XSS fix, does not include extraneous changes See merge request !2095
-
Douwe Maan authored
Refactor snippets finder & dont return internal snippets for external users See merge request !2094
-
Robert Speicher authored
Fix XSS in branches dropdown See merge request !2093
-
Douwe Maan authored
Respect project features in wiki and blob search See merge request !2089
-
Sean McGivern authored
Fix snippets visibility for show action - external users can not see internal snippets See merge request !2087
-
Douwe Maan authored
Sanitize submodule URLs before linking to them in the file tree view See merge request !2084
-
Robert Speicher authored
Render asciidoc & other markup using banzai in a pipeline See merge request !2088
-
Robert Speicher authored
Add correct `rel` attributes to external links when rendering markdown See merge request !2086
-
- 06 Apr, 2017 2 commits
-
-
DJ Mountney authored
-
DJ Mountney authored
[ci skip]
-
- 05 Apr, 2017 6 commits
-
-
Sean McGivern authored
Fix for three open redirect vulns using redirect_to url_for(params.merge))) See merge request !2082
-
DJ Mountney authored
Fix for path disclosure in project import/export See merge request !2080
-
DJ Mountney authored
Previously accidently added a test for a feature that does not exist in this release : preserved styles in labels
-
Sean McGivern authored
Fix for open redirect vuln involving continue[to] params See merge request !2083
-
Sean McGivern authored
Don’t show source project name when user does not have access See merge request !2081
-
Robert Speicher authored
Remove class from SanitizationFilter whitelist See merge request !2079
-
- 19 Mar, 2017 2 commits
-
-
James Lopez authored
-
James Lopez authored
[ci skip]
-
- 18 Mar, 2017 3 commits
-
-
Rubén Dávila authored
nil check for url_blocker? See merge request !2076
-
DJ Mountney authored
fix for render json include leaks See merge request !2074 Conflicts: app/controllers/projects/merge_requests_controller.rb spec/controllers/projects/issues_controller_spec.rb
-
Jacob Schatz authored
Adds rel="noopener noreferrer" to all links with target="_blank" See merge request !2071 Conflicts: app/assets/javascripts/environments/components/environment_external_url.js
-