Commits · 7fd5dbf9db4e513faaabbe14aff3c10fca603415 · nexedi / gitlab-ce

30 Nov, 2018 1 commit

Add a flag to use a subquery for group issues search · 7fd5dbf9

Sean McGivern authored Nov 29, 2018

We already had a flag to use a CTE, but this broke searching in some
cases where we need to sort by a joined table. Disabling the CTE flag
makes searches much slower.

The new flag, to use a subquery, makes them slightly slower than the
CTE, while maintaining correctness. If both it and the CTE flag are
enabled, the subquery takes precedence.

7fd5dbf9

29 Nov, 2018 31 commits

Merge branch 'add-counter-for-trace-chunks' into 'master' · 938b891f

Kamil Trzciński authored Nov 29, 2018

Improve traceability for failed attempts of archiving traces

Closes #51502

See merge request gitlab-org/gitlab-ce!21826

938b891f

Merge branch 'mk/author-preparation-docs' into 'master' · f6e51e83

Marcia Ramos authored Nov 29, 2018

Encourage MR author preparation in Code Review Guidelines documentation

See merge request gitlab-org/gitlab-ce!23360

f6e51e83

Merge branch 'sh-fix-issue-38317' into 'master' · 9f157f0d

Douwe Maan authored Nov 29, 2018

Remove needless auto-capitalization on Wiki page titles

Closes #38317

See merge request gitlab-org/gitlab-ce!23288

9f157f0d

Merge branch 'if-40385-prohibit_impersonation' into 'master' · 70b19fbd
Rémy Coutable authored Nov 29, 2018
```
Add config to prohibit impersonation

See merge request gitlab-org/gitlab-ce!23338
```
70b19fbd
Merge branch 'sh-remove-default-value-remote-mirror' into 'master' · 29901131
Douwe Maan authored Nov 29, 2018
```
Make RemoteMirror's only_protected_branches default value consistent

See merge request gitlab-org/gitlab-ce!23410
```
29901131
Merge branch 'fe-apollo-docs' into 'master' · 901d078d
Filipa Lacerda authored Nov 29, 2018
```
Added frontend GraphQL docs

See merge request gitlab-org/gitlab-ce!23405
```
901d078d

Add config to disable impersonation · bd3a4840

Imre Farkas authored Nov 24, 2018

Adds gitlab.impersonation_enabled config option defaulting to true to
keep the current default behaviour.

Only the act of impersonation is modified, impersonation token
management is not affected.

bd3a4840

Merge branch '33705-merge-request-rebase-api' into 'master' · 68526805
Sean McGivern authored Nov 29, 2018
```
Add a rebase API endpoint for merge requests

Closes #33705

See merge request gitlab-org/gitlab-ce!23296
```
68526805
Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq · c07183f0
Steve Azzopardi authored Nov 29, 2018

c07183f0
Fix coding offence · 9fa86977
Shinya Maeda authored Nov 29, 2018

9fa86977
Improve comments · 137541c0
Shinya Maeda authored Nov 29, 2018

137541c0
Improve spec · af5bf568
Shinya Maeda authored Nov 29, 2018

af5bf568

Squashed commit of the following: · 3fbd48e1

Shinya Maeda authored Nov 29, 2018

commit 10456b1e9240886432f565dd17689080bbb133b9
Merge: 312c1a9bdf8 a5f46278
Author: Shinya Maeda <shinya@gitlab.com>
Date:   Thu Nov 29 14:33:21 2018 +0900

    Merge branch 'master-ce' into add-counter-for-trace-chunks

commit 312c1a9bdf8efc45c3fed5ff50f05cc589bbb4ed
Author: Shinya Maeda <shinya@gitlab.com>
Date:   Wed Nov 28 20:06:18 2018 +0900

    Fix coding offence

commit e397cc2ccc1b2cf7f8b3558b8fa81fe2aa0ab366
Author: Shinya Maeda <shinya@gitlab.com>
Date:   Wed Nov 28 14:40:24 2018 +0900

    Fix tracking archive failure

3fbd48e1

Merge branch 'restore-ssh-host-keys' into 'master' · a5f46278

Evan Read authored Nov 29, 2018

Update documentation with note regarding restoring ssh host keys

See merge request gitlab-org/gitlab-ce!23392

a5f46278

Merge branch 'sh-bump-gitlab-shell-8.4.3' into 'master' · 14b7b0d9
Stan Hu authored Nov 29, 2018
```
Bump gitlab-shell to 8.4.3

See merge request gitlab-org/gitlab-ce!23429
```
14b7b0d9
Merge branch 'doc-for-knative-ip-address' into 'master' · c7a19d37
Evan Read authored Nov 29, 2018
```
Update Knative IP address docs

See merge request gitlab-org/gitlab-ce!23380
```
c7a19d37
Merge branch 'security-11-5-fix-webhook-ssrf-ipv6' into 'security-11-5' · a9f5b223
Steve Azzopardi authored Nov 26, 2018
```
[11.5] Fix SSRF in project integrations

See merge request gitlab/gitlabhq!2611
```
a9f5b223

Merge branch 'security-email-change-notification' into 'master' · 82f455a8

Cindy Pallares authored Nov 28, 2018

[master] Resolve: "Provide email notification when a user changes their email address"

See merge request gitlab/gitlabhq!2587

82f455a8

Merge branch 'security-fix-uri-xss-applications' into 'master' · 5736d660

Cindy Pallares authored Nov 28, 2018

[master] Resolve "Reflected XSS in OAuth Authorize window due to redirect_uri allowing arbitrary protocols"

See merge request gitlab/gitlabhq!2572

5736d660

Merge branch 'security-fj-crlf-injection' into 'master' · c0e5d9af
Cindy Pallares authored Nov 28, 2018
```
[master] Fix CRLF issue in UrlValidator

See merge request gitlab/gitlabhq!2627
```
c0e5d9af

Merge branch 'security-fix-pat-web-access' into 'master' · fe5f7593

Cindy Pallares authored Nov 28, 2018

[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"

See merge request gitlab/gitlabhq!2583

fe5f7593

Merge branch 'security-guest-comments' into 'master' · e122e14a

Cindy Pallares authored Nov 28, 2018

[master]Fixed ability to comment on and edit/delete comments on locked or confidential issues

See merge request gitlab/gitlabhq!2612

e122e14a

Merge branch 'security-pages-toctou-race' into 'master' · ffd1c4cd

Cindy Pallares authored Nov 28, 2018

[master] [pages] Possible symlink time of check to time of use race condition

Closes #2742

See merge request gitlab/gitlabhq!2638

ffd1c4cd

Merge branch 'security-xss-in-markdown-following-unrecognized-html-element' into 'master' · b5b475c2
Cindy Pallares authored Nov 28, 2018
```
[master] XSS in markdown following unrecognized HTML element

Closes #2732

See merge request gitlab/gitlabhq!2599
```
b5b475c2
Merge branch 'security-mermaid-xss' into 'master' · c4bb0a11
Cindy Pallares authored Nov 28, 2018
```
[master] Fix XSS in mermaid diagrams

See merge request gitlab/gitlabhq!2597
```
c4bb0a11
Merge branch 'security-bvl-exposure-in-commits-list' into 'master' · e3a5ce58
Cindy Pallares authored Nov 28, 2018
```
[master] Don't expose confidential information in commit message list

See merge request gitlab/gitlabhq!2626
```
e3a5ce58

Merge branch 'security-issue_51301' into 'master' · 17f83726

Cindy Pallares authored Nov 28, 2018

[master] Resolve: Promoting a milestone is missing an authorization check

See merge request gitlab/gitlabhq!2598

17f83726

Merge branch 'security-2736-prometheus-ssrf' into 'master' · 94ab2d5f
Cindy Pallares authored Nov 28, 2018
```
[master] Do not follow redirects in prometheus service

See merge request gitlab/gitlabhq!2617
```
94ab2d5f
Merge branch 'security-stored-xss-for-environments' into 'master' · 4bc6f2e3
Cindy Pallares authored Nov 28, 2018
```
[master] Stored XSS for Environments

Closes #2727

See merge request gitlab/gitlabhq!2594
```
4bc6f2e3
Merge branch 'security-private-group' into 'master' · 1be0174b
Cindy Pallares authored Nov 28, 2018
```
[master] Fixed read private group names

See merge request gitlab/gitlabhq!2589
```
1be0174b
Merge branch 'security-182-update-workhorse' into 'master' · 3881285c
Cindy Pallares authored Nov 28, 2018
```
[Master] Redact sensitive information on gitlab-workhorse log

See merge request gitlab/gitlabhq!2584
```
3881285c

28 Nov, 2018 8 commits
- Bump gitlab-shell to 8.4.3 · bf062ecc
  Stan Hu authored Nov 28, 2018
```
See https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG
```
  bf062ecc
- Add clarification on Host Keys · d34e4ba9
  Davin Walker authored Nov 28, 2018
  
  d34e4ba9
- Merge branch 'security-email-change-notification' into 'master' · 31f9223a
  Cindy Pallares authored Nov 28, 2018
```
[master] Resolve: "Provide email notification when a user changes their email address"

See merge request gitlab/gitlabhq!2587
```
  31f9223a
- Merge branch 'security-fix-uri-xss-applications' into 'master' · 82cd250b
  Cindy Pallares authored Nov 28, 2018
```
[master] Resolve "Reflected XSS in OAuth Authorize window due to redirect_uri allowing arbitrary protocols"

See merge request gitlab/gitlabhq!2572
```
  82cd250b
- Merge branch 'gt-externalize-app-views-snippets' into 'master' · 335434ca
  Fatih Acet authored Nov 28, 2018
```
Externalize strings from `/app/views/snippets`

See merge request gitlab-org/gitlab-ce!23351
```
  335434ca
- Merge branch 'tc-improve-add-reference-cop' into 'master' · 529aca35
  Andreas Brandl authored Nov 28, 2018
```
Make add_reference cop accept a hash for :index

See merge request gitlab-org/gitlab-ce!23375
```
  529aca35
- Merge branch 'sh-bump-workhorse-7.2.1' into 'master' · c31fd5a2
  Nick Thomas authored Nov 28, 2018
```
Bump GitLab Workhorse to 7.2.1

See merge request gitlab-org/gitlab-ce!23424
```
  c31fd5a2
- Remove downcase of slug and present home as "Home" · 2338a300
  Stan Hu authored Nov 26, 2018
  
  2338a300