- 05 Dec, 2019 1 commit
-
-
GitLab Bot authored
-
- 03 Dec, 2019 4 commits
-
-
GitLab Bot authored
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Bot authored
-
- 27 Nov, 2019 6 commits
-
-
GitLab Bot authored
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Bot authored
-
GitLab Release Tools Bot authored
-
- 26 Nov, 2019 16 commits
-
-
GitLab Release Tools Bot authored
Fix invalid byte sequence See merge request gitlab/gitlabhq!3547
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
Update Workhorse and Gitaly to fix a security issue See merge request gitlab/gitlabhq!3531
-
GitLab Release Tools Bot authored
Hide AWS secret on Admin Integration page See merge request gitlab/gitlabhq!3532
-
Justin Ho Tuan Duong authored
-
GitLab Release Tools Bot authored
Prevent guests from seeing commits for cycle analytics See merge request gitlab/gitlabhq!3534
-
GitLab Release Tools Bot authored
Related Branches Visible to Guests in Issue Activity See merge request gitlab/gitlabhq!3538
-
GitLab Release Tools Bot authored
GitLab stores AWS, Slack, Askimet, reCaptcha tokens in plaintext See merge request gitlab/gitlabhq!3543
-
GitLab Release Tools Bot authored
Use Gitlab::HTTP for all chat notifications See merge request gitlab/gitlabhq!3544
-
GitLab Release Tools Bot authored
Fix private comment Elasticsearch leak See merge request gitlab/gitlabhq!3546
-
GitLab Release Tools Bot authored
Escape namespace in label references See merge request gitlab/gitlabhq!3550
-
GitLab Release Tools Bot authored
Check permissions before showing a forked project's source See merge request gitlab/gitlabhq!3555
-
GitLab Release Tools Bot authored
Ensure attributes that end in `_ids` are cleaned See merge request gitlab/gitlabhq!3558
-
Imre Farkas authored
-
DJ Mountney authored
This prevents an issue where you can steal other projects objects by asking for ids that don't belong to you in import.
-
- 25 Nov, 2019 3 commits
-
-
Nick Thomas authored
-
Arturo Herrero authored
We had concerns about the cached values on Redis with the previous two releases strategy: First release (this commit): - Create new encrypted fields in the database. - Start populating new encrypted fields, read the encrypted fields or fallback to the plaintext fields. - Backfill the data removing the plaintext fields to the encrypted fields. Second release: - Remove the virtual attribute (created in step 2). - Drop plaintext columns from the database (empty columns after step 3). We end up with a better strategy only using migration scripts in one release: - Pre-deployment migration: Add columns required for storing encrypted values. - Pre-deployment migration: Store the encrypted values in the new columns. - Post-deployment migration: Remove the old unencrypted columns
-
Heinrich Lee Yu authored
When referencing cross-namespace labels, we append the namespace name to the rendered label. This MR escapes the name to prevent XSS attacks.
-
- 22 Nov, 2019 10 commits
-
-
GitLab Bot authored
-
Patrick Derichs authored
-
Dylan Griffith authored
-
Mark Chao authored
-
Mark Chao authored
Disabled features are ignored as they are grey areas
-
Mark Chao authored
Some feature allows GUEST to access only if project is not private. This method returns access level when targeting private projects.
-
Mark Chao authored
Guest are blocked to certain feature when project is private, therefore the scope would filter additionally with REPORTER level.
-
Mark Chao authored
Remove impossible cases due to private project's features can only be private or disabled. Fix spec due to sidekiq indexing not triggered. Update guest use cases: some features has additional constraint that "Guest users are able to perform action on public/internal projects, but not private ones."
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-