Skip to content

G
gitlab-ce
Switch branch/tag
  1. 24 Oct, 2019 7 commits
    • GitLab Release Tools Bot's avatar
      Merge branch 'security-2920-fix-notes-with-label-cross-reference-12-4' into '12-4-stable' · 853618e0
      GitLab Release Tools Bot authored 
      Project path reveals labels from Private project if the issue is moved to public project

See merge request gitlab/gitlabhq!3490
      853618e0
    • GitLab Release Tools Bot's avatar
      Merge branch 'security-64519-circular-graphql-queries-12-4' into '12-4-stable' · a6adb336
      GitLab Release Tools Bot authored 
      Nested GraphQL query with circular relationship can cause Denial of Service

See merge request gitlab/gitlabhq!3492
      a6adb336
    • GitLab Release Tools Bot's avatar
      Merge branch 'security-33689-post-filter-search-results-ce-12-4' into '12-4-stable' · bbe85167
      GitLab Release Tools Bot authored 
      Filter out search results based on permissions to avoid bugs leaking data

See merge request gitlab/gitlabhq!3496
      bbe85167
    • GitLab Release Tools Bot's avatar
      Merge branch... · ddfb7160
      GitLab Release Tools Bot authored 
      Merge branch 'security-65756-ex-admin-attacker-can-comment-in-internalsecurity-65756-ex-admin-attacker-can-comment-in-internal-12-4' into '12-4-stable'

Improper access control allows the attacker to comment in internal commit after they are no longer admin

See merge request gitlab/gitlabhq!3497
      ddfb7160
    • GitLab Release Tools Bot's avatar
      Merge branch... · 203f5b43
      GitLab Release Tools Bot authored 
      Merge branch 'security-ag-hide-private-members-in-project-member-autocomplete-12-4' into '12-4-stable'

Hide private members in project member autocomplete

See merge request gitlab/gitlabhq!3503
      203f5b43
    • Eugenia Grieff's avatar
      Add milestone and label note types to cross refs · 3c60e336
      Eugenia Grieff authored 
      - Include new types in SystemNoteMetadata
- Add Label and Milestone reference_pattern to
Mentionable::ReferenceRegexes to be checked for cross references
      3c60e336
    • Aakriti Gupta's avatar
      Pick only those groups that the viewing user has access to, · 9347f47a
      Aakriti Gupta authored 
      in a project members' list. Add tests for possible scenarios

Re-factor and remove N + 1 queries

Remove author from changelog

Don't use memoisation when not needed

Include users part of parents of project's group

Re-factor tests

Create and add users according to roles

Re-use group created earlier

Add incomplete test for ancestoral groups

Rename method to clarify category of groups

Skip pending test, remove comments not needed

Remove extra line

Include ancestors from invited groups as well

Add specs for participants service

Add more specs

Add more specs

use  instead of

Use public group owner instead of project maintainer to test owner acess

Remove tests that have now been moved into participants_service_spec

Use :context instead of :all

Create nested group instead of creating an ancestor separately

Add comment explaining doubt on the failing spec

Imrpove test setup

Optimize sql queries

Refactor specs file

Add rubocop disablement

Add special case for project owners

Add small refactor

Add explanation to the docs

Fix wording

Refactor group check

Add small changes in specs

Add cr remarks

Add cr remarks

Add specs

Add small refactor

Add code review remarks

Refactor for better database usage

Fix failing spec

Remove rubocop offences

Add cr remarks
      9347f47a
  3. 23 Oct, 2019 8 commits
  5. 22 Oct, 2019 3 commits
  7. 07 Oct, 2019 3 commits
  9. 02 Oct, 2019 4 commits
  11. 01 Oct, 2019 4 commits
  13. 30 Sep, 2019 1 commit
  15. 26 Sep, 2019 10 commits
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7