- 23 Aug, 2018 7 commits
-
-
Kirill Smelkov authored
We show in small font size the same info that is shown on sign_in page: "GitLab Nexedi Edition", "About GitLab" and "About Nexedi" This is good to have and hereby-introduced about-footer area will be also used in the next patch for ICP too. XXX placement of .about-footer to be near bottom is done not very correctly.
-
Kirill Smelkov authored
Like Omnibus, SlapOS version does not have init script - nothing to check here.
-
Kirill Smelkov authored
This is handy for monitoring tools, which could e.g. periodically call check tasks and instead of parsing output, rely on exit code. The way we detect if something failed is via hooking into String#red, and if anything was ever printed in red - that's an error.
-
Kirill Smelkov authored
-
Kirill Smelkov authored
The default was switched to HTTP in the previous patch, but let's completely remove SSH option - we support only HTTP for git fetch/push. Conflicts: app/views/shared/_clone_panel.html.haml
-
Kirill Smelkov authored
Both fetch and push are possible over https, which is selected by http if gitlab was configured to use https in external url. This way to reduce security vectors and possible ways to interact with gitlab we use https only without ssh at all.
-
Kirill Smelkov authored
= GitLab Community Edition + Nexedi patches
-
- 09 Aug, 2017 2 commits
-
-
James Edwards-Jones authored
-
James Edwards-Jones authored
[ci skip]
-
- 08 Aug, 2017 4 commits
-
-
Mike Greiling authored
Mark thunky as MIT license for license_finder See merge request !2165
-
Mike Greiling authored
Fix file disclosure via hidden symlinks using the project import (8.17) See merge request !2160
-
Mike Greiling authored
Ensure user and hostnames begin with an alnum character in UrlBlocker See merge request !2153
-
James Edwards-Jones authored
-
- 19 Jul, 2017 5 commits
-
-
James Edwards-Jones authored
-
James Edwards-Jones authored
[ci skip]
-
Sean McGivern authored
[8-17 security fix] Renders 404 if given project is not readable by the user on Todos dashboard See merge request !2136
-
Sean McGivern authored
Fix filename used for CHANGELOG entry See merge request !2140
-
Sean McGivern authored
Merge branch 'security-8-17-backport-33323-fix-incorrect-project-authorizations' into 'security-8-17' Escape the underscore char inside the LIKE operator See merge request !2134
-
- 05 May, 2017 4 commits
-
-
Lin Jen-Shin authored
-
Lin Jen-Shin authored
[ci skip]
-
Lin Jen-Shin authored
-
-
- 04 May, 2017 10 commits
-
-
Felipe Artur authored
-
Felipe Artur authored
-
Robert Speicher authored
New Hamlit XSS fix, does not include extraneous changes See merge request !2095
-
Douwe Maan authored
Refactor snippets finder & dont return internal snippets for external users See merge request !2094
-
Robert Speicher authored
Fix XSS in branches dropdown See merge request !2093
-
Douwe Maan authored
Respect project features in wiki and blob search See merge request !2089
-
Sean McGivern authored
Fix snippets visibility for show action - external users can not see internal snippets See merge request !2087
-
Douwe Maan authored
Sanitize submodule URLs before linking to them in the file tree view See merge request !2084
-
Robert Speicher authored
Render asciidoc & other markup using banzai in a pipeline See merge request !2088
-
Robert Speicher authored
Add correct `rel` attributes to external links when rendering markdown See merge request !2086
-
- 06 Apr, 2017 2 commits
-
-
DJ Mountney authored
-
DJ Mountney authored
[ci skip]
-
- 05 Apr, 2017 6 commits
-
-
Sean McGivern authored
Fix for three open redirect vulns using redirect_to url_for(params.merge))) See merge request !2082
-
DJ Mountney authored
Fix for path disclosure in project import/export See merge request !2080
-
DJ Mountney authored
Previously accidently added a test for a feature that does not exist in this release : preserved styles in labels
-
Sean McGivern authored
Fix for open redirect vuln involving continue[to] params See merge request !2083
-
Sean McGivern authored
Don’t show source project name when user does not have access See merge request !2081
-
Robert Speicher authored
Remove class from SanitizationFilter whitelist See merge request !2079
-