1. 17 Jan, 2018 7 commits
    • Sean McGivern's avatar
      Merge branch '41567-projectfix' into 'security-10-3' · 3fc0564a
      Sean McGivern authored
      check project access on MR create
      
      See merge request gitlab/gitlabhq!2273
      
      (cherry picked from commit 1fe2325d6ef2bced4c5e97b57691c894f38b2834)
      
      43e85f49 check project access on MR create
      3fc0564a
    • Robert Speicher's avatar
      Merge branch 'ac/fix-path-traversal' into 'security-10-3' · 954a4457
      Robert Speicher authored
      [10.3] Fix path traversal in gitlab-ci.yml cache:key
      
      See merge request gitlab/gitlabhq!2270
      
      (cherry picked from commit c32d0c6807dfd41d7838a35742e6d0986871b389)
      
      df29094a Fix path traversal in gitlab-ci.yml cache:key
      954a4457
    • Stan Hu's avatar
      Merge branch 'sh-validate-path-project-import-10-3' into 'security-10-3' · 1f96512b
      Stan Hu authored
      Validate project path in Gitlab import - 10.3 port
      
      See merge request gitlab/gitlabhq!2268
      
      (cherry picked from commit 94c82376d66fc80d46dd2d5eeb5bade408ec6a7e)
      
      2b94a7c2 Validate project path in Gitlab import
      1f96512b
    • Robert Speicher's avatar
      Merge branch 'milestones-finder-order-fix' into 'security-10-3' · 8f4b0613
      Robert Speicher authored
      Remove order param from the MilestoneFinder
      
      See merge request gitlab/gitlabhq!2259
      
      (cherry picked from commit 14408042e78f2ebc2644f956621b461dbfa3d36d)
      
      155881e7 Remove order param from the MilestoneFinder
      8f4b0613
    • Jacob Schatz's avatar
      Merge branch 'label-xss-10-3' into 'security-10-3' · 6846b70d
      Jacob Schatz authored
      [10.3] Fix XSS in issue label dropdown
      
      See merge request gitlab/gitlabhq!2253
      
      (cherry picked from commit 363ffabcebd7bb0d1a2d59ca1a75e4eadb4a4360)
      
      ea1fb0ea Fix XSS in issue label dropdown
      6846b70d
    • Robert Speicher's avatar
      Merge branch 'ac/41346-xss-ci-job-output' into 'security-10-3' · 72a57525
      Robert Speicher authored
      [10.3] Fix XSS vulnerability in Pipeline job trace
      
      See merge request gitlab/gitlabhq!2258
      
      (cherry picked from commit 44caa80ed9a2514a74a5eeab10ff51849d64851b)
      
      5f86f3ff Fix XSS vulnerability in Pipeline job trace
      72a57525
    • Stan Hu's avatar
      Merge branch... · 0424801e
      Stan Hu authored
      Merge branch 'security-10-3-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-3'
      
      Filter out sensitive fields from the project services API
      
      See merge request gitlab/gitlabhq!2281
      
      (cherry picked from commit 476f2576444632f2a9a61b4cead9c1077f2c81d7)
      
      2bcbbda0 Filter out sensitive fields from the project services API
      0424801e
  2. 16 Jan, 2018 33 commits