Commits · 817e16ec62a62456e60d9219bc8e415b8cce4ae8 · nexedi / gitlab-ce

23 Aug, 2018 6 commits

NXD gitlab:app:check : Don't check for init script · 817e16ec
Kirill Smelkov authored Nov 17, 2015
```
Like Omnibus, SlapOS version does not have init script - nothing to
check here.
```
817e16ec

NXD lib/tasks/gitlab/check: Exit with non-zero code, if something failed in a check task · d2ef8b46

Kirill Smelkov authored Nov 24, 2015

This is handy for monitoring tools, which could e.g. periodically call check
tasks and instead of parsing output, rely on exit code.

The way we detect if something failed is via hooking into String#red, and if
anything was ever printed in red - that's an error.

d2ef8b46

NXD Don't show warning about missing SSH key - we support HTTP only · faafaa98
Kirill Smelkov authored Nov 15, 2015

faafaa98

NXD clone_panel: Remove SSH option completely · 433d2b36

Kirill Smelkov authored Nov 15, 2015

The default was switched to HTTP in the previous patch, but let's completely
remove SSH option - we support only HTTP for git fetch/push.

Conflicts:
	app/views/shared/_clone_panel.html.haml

433d2b36

NXD Make HTTP to be the default clone protocol · 02761a98

Kirill Smelkov authored Nov 15, 2015

Both fetch and push are possible over https, which is selected by http if
gitlab was configured to use https in external url.

This way to reduce security vectors and possible ways to interact with gitlab
we use https only without ssh at all.

02761a98

NXD GitLab Nexedi Edition · 095f3161
Kirill Smelkov authored Nov 15, 2015
```
= GitLab Community Edition + Nexedi patches
```
095f3161

09 Aug, 2017 2 commits
- Update VERSION to 8.17.8 · ff7d664b
  James Edwards-Jones authored Aug 09, 2017
  
  ff7d664b
- Update CHANGELOG.md for 8.17.8 · 001be81b
  James Edwards-Jones authored Aug 09, 2017
```
[ci skip]
```
  001be81b
08 Aug, 2017 4 commits
- Merge branch '8-17-mark-thunky-as-MIT' into '8-17-stable' · f22dbf78
  Mike Greiling authored Aug 08, 2017
```
Mark thunky as MIT license for license_finder

See merge request !2165
```
  f22dbf78
- Merge branch 'import-symlinks-8-17' into 'security-8-17' · 952bd59d
  Mike Greiling authored Aug 08, 2017
```
Fix file disclosure via hidden symlinks using the project import (8.17)

See merge request !2160
```
  952bd59d
- Merge branch 'rs-alphanumeric-ssh-params-8-17' into 'security-8-17' · c0ab38a3
  Mike Greiling authored Aug 08, 2017
```
Ensure user and hostnames begin with an alnum character in UrlBlocker

See merge request !2153
```
  c0ab38a3
- Mark thunky as MIT license for license_finder · db7eb1a8
  James Edwards-Jones authored Aug 08, 2017
  
  db7eb1a8
19 Jul, 2017 5 commits
- Update VERSION to 8.17.7 · 756f8537
  James Edwards-Jones authored Jul 19, 2017
  
  756f8537
- Update CHANGELOG.md for 8.17.7 · efdcf164
  James Edwards-Jones authored Jul 19, 2017
```
[ci skip]
```
  efdcf164
- Merge branch '33303-8-17-security-fix' into 'security-8-17' · 2788383b
  Sean McGivern authored Jul 19, 2017
```
[8-17 security fix] Renders 404 if given project is not readable by the user on Todos dashboard

See merge request !2136
```
  2788383b
- Merge branch 'fix-changelog-entry' into 'security-9-2' · 632aa1d4
  Sean McGivern authored Jul 19, 2017
```
Fix filename used for CHANGELOG entry

See merge request !2140
```
  632aa1d4
- Merge branch... · cced6ab6
  Sean McGivern authored Jul 19, 2017
```
Merge branch 'security-8-17-backport-33323-fix-incorrect-project-authorizations' into 'security-8-17'

Escape the underscore char inside the LIKE operator

See merge request !2134
```
  cced6ab6
05 May, 2017 4 commits
- Update VERSION to 8.17.6 · 7dd5ec18
  Lin Jen-Shin authored May 05, 2017
  
  7dd5ec18
- Update CHANGELOG.md for 8.17.6 · 5900680f
  Lin Jen-Shin authored May 05, 2017
```
[ci skip]
```
  5900680f
- Backport rake downtime_check otherwise it's not passing · ae5d4cfe
  Lin Jen-Shin authored May 05, 2017
  
  ae5d4cfe
- Don't need to check this old migration · 82a18ad9
  Lin Jen-Shin authored May 05, 2017
```
https://dev.gitlab.org/gitlab/gitlabhq/builds/1072446
```
  82a18ad9
04 May, 2017 10 commits
- Escape single quotes from gl dropdown · e6b872ea
  Felipe Artur authored May 04, 2017
  
  e6b872ea
- Fix specs · 6b8d61d1
  Felipe Artur authored May 04, 2017
  
  6b8d61d1
- Merge branch 'fix-hamlit-xss' into 'security-9-1' · 4c72a03c
  Robert Speicher authored May 02, 2017
```
New Hamlit XSS fix, does not include extraneous changes

See merge request !2095
```
  4c72a03c
- Merge branch 'snippets-finder-visibility' into 'security' · bd35f223
  Douwe Maan authored Apr 28, 2017
```
Refactor snippets finder & dont return internal snippets for external users

See merge request !2094
```
  bd35f223
- Merge branch 'branch-name-escape' into 'security' · b74683ee
  Robert Speicher authored May 03, 2017
```
Fix XSS in branches dropdown

See merge request !2093
```
  b74683ee
- Merge branch '31157-respect-project-features-in-wiki-search' into 'security' · 28b4d18f
  Douwe Maan authored Apr 24, 2017
```
Respect project features in wiki and blob search

See merge request !2089
```
  28b4d18f
- Merge branch 'snippets_visibility' into 'security' · 4621fa2b
  Sean McGivern authored Apr 25, 2017
```
Fix snippets visibility for show action - external users can not see internal snippets

See merge request !2087
```
  4621fa2b
- Merge branch 'rs-sanitize-submodule-urls' into 'security' · ecbd9da8
  Douwe Maan authored Apr 10, 2017
```
Sanitize submodule URLs before linking to them in the file tree view

See merge request !2084
```
  ecbd9da8
- Merge branch 'bvl-markup-pipeline' into 'security' · bfab73b0
  Robert Speicher authored May 02, 2017
```
Render asciidoc & other markup using banzai in a pipeline

See merge request !2088
```
  bfab73b0
- Merge branch 'bvl-validate-urls-in-markdown-using-uri' into 'security' · 401ab708
  Robert Speicher authored May 02, 2017
```
Add correct `rel` attributes to external links when rendering markdown

See merge request !2086
```
  401ab708
06 Apr, 2017 2 commits
- Update VERSION to 8.17.5 · 2e93947c
  DJ Mountney authored Apr 05, 2017
  
  2e93947c
- Update CHANGELOG.md for 8.17.5 · 9df1f13e
  DJ Mountney authored Apr 05, 2017
```
[ci skip]
```
  9df1f13e
05 Apr, 2017 6 commits
- Merge branch 'open-redirect-host-fix' into 'security' · 1c500992
  Sean McGivern authored Apr 05, 2017
```
Fix for three open redirect vulns using redirect_to url_for(params.merge)))

See merge request !2082
```
  1c500992
- Merge branch 'path-disclosure-proj-import-export' into 'security' · c4b71fc4
  DJ Mountney authored Apr 05, 2017
```
Fix for path disclosure in project import/export

See merge request !2080
```
  c4b71fc4
- Fix bug with conflict resolution for security release for the events_helper spec · aa21d8cc
  DJ Mountney authored Apr 05, 2017
```
Previously accidently added a test for a feature that does not exist in this release
: preserved styles in labels
```
  aa21d8cc
- Merge branch 'open-redirect-fix-continue-to' into 'security' · 8fae6a3d
  Sean McGivern authored Apr 05, 2017
```
Fix for open redirect vuln involving continue[to] params

See merge request !2083
```
  8fae6a3d
- Merge branch '29364-private-projects-mr-fix' into 'security' · 191e748c
  Sean McGivern authored Apr 03, 2017
```
Don’t show source project name when user does not have access

See merge request !2081
```
  191e748c
- Merge branch '30125-markdown-security' into 'security' · 806b4ad5
  Robert Speicher authored Apr 02, 2017
```
Remove class from SanitizationFilter whitelist

See merge request !2079
```
  806b4ad5
19 Mar, 2017 1 commit
- Update VERSION to 8.17.4 · 3d2890c8
  James Lopez authored Mar 19, 2017
  
  3d2890c8