- 26 Nov, 2019 6 commits
-
-
GitLab Release Tools Bot authored
Fix private comment Elasticsearch leak See merge request gitlab/gitlabhq!3546
-
GitLab Release Tools Bot authored
Escape namespace in label references See merge request gitlab/gitlabhq!3550
-
GitLab Release Tools Bot authored
Check permissions before showing a forked project's source See merge request gitlab/gitlabhq!3555
-
GitLab Release Tools Bot authored
Ensure attributes that end in `_ids` are cleaned See merge request gitlab/gitlabhq!3558
-
Imre Farkas authored
-
DJ Mountney authored
This prevents an issue where you can steal other projects objects by asking for ids that don't belong to you in import.
-
- 25 Nov, 2019 2 commits
-
-
Nick Thomas authored
-
Heinrich Lee Yu authored
When referencing cross-namespace labels, we append the namespace name to the rendered label. This MR escapes the name to prevent XSS attacks.
-
- 22 Nov, 2019 10 commits
-
-
GitLab Bot authored
-
Dylan Griffith authored
-
Mark Chao authored
-
Mark Chao authored
Disabled features are ignored as they are grey areas
-
Mark Chao authored
Some feature allows GUEST to access only if project is not private. This method returns access level when targeting private projects.
-
Mark Chao authored
Guest are blocked to certain feature when project is private, therefore the scope would filter additionally with REPORTER level.
-
Mark Chao authored
Remove impossible cases due to private project's features can only be private or disabled. Fix spec due to sidekiq indexing not triggered. Update guest use cases: some features has additional constraint that "Guest users are able to perform action on public/internal projects, but not private ones."
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Bot authored
-
- 20 Nov, 2019 4 commits
-
-
GitLab Bot authored
-
GitLab Bot authored
-
GitLab Bot authored
-
GitLab Bot authored
-
- 19 Nov, 2019 3 commits
-
-
GitLab Bot authored
-
GitLab Release Tools Bot authored
-
GitLab Bot authored
-
- 18 Nov, 2019 2 commits
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
- 15 Nov, 2019 1 commit
-
-
GitLab Bot authored
-
- 04 Nov, 2019 3 commits
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Bot authored
-
- 30 Oct, 2019 1 commit
-
-
GitLab Release Tools Bot authored
-
- 28 Oct, 2019 2 commits
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
- 25 Oct, 2019 4 commits
-
-
GitLab Release Tools Bot authored
Mask Sentry auth token See merge request gitlab/gitlabhq!3504
-
GitLab Release Tools Bot authored
Private/internal repository enumeration via bruteforce on a vulnerable URL See merge request gitlab/gitlabhq!3491
-
GitLab Release Tools Bot authored
Return 404 on LFS request if project doesn't exist See merge request gitlab/gitlabhq!3506
-
Igor Drozdov authored
-
- 24 Oct, 2019 2 commits
-
-
GitLab Release Tools Bot authored
Only assign merge params when allowed See merge request gitlab/gitlabhq!3487
-
GitLab Release Tools Bot authored
Pass all wiki markup formats through our Banzai pipeline filters See merge request gitlab/gitlabhq!3485
-