- 08 Aug, 2017 2 commits
-
-
Mike Greiling authored
Fix file disclosure via hidden symlinks using the project import (8.17) See merge request !2160
-
Mike Greiling authored
Ensure user and hostnames begin with an alnum character in UrlBlocker See merge request !2153
-
- 19 Jul, 2017 5 commits
-
-
James Edwards-Jones authored
-
James Edwards-Jones authored
[ci skip]
-
Sean McGivern authored
[8-17 security fix] Renders 404 if given project is not readable by the user on Todos dashboard See merge request !2136
-
Sean McGivern authored
Fix filename used for CHANGELOG entry See merge request !2140
-
Sean McGivern authored
Merge branch 'security-8-17-backport-33323-fix-incorrect-project-authorizations' into 'security-8-17' Escape the underscore char inside the LIKE operator See merge request !2134
-
- 05 May, 2017 4 commits
-
-
Lin Jen-Shin authored
-
Lin Jen-Shin authored
[ci skip]
-
Lin Jen-Shin authored
-
-
- 04 May, 2017 10 commits
-
-
Felipe Artur authored
-
Felipe Artur authored
-
Robert Speicher authored
New Hamlit XSS fix, does not include extraneous changes See merge request !2095
-
Douwe Maan authored
Refactor snippets finder & dont return internal snippets for external users See merge request !2094
-
Robert Speicher authored
Fix XSS in branches dropdown See merge request !2093
-
Douwe Maan authored
Respect project features in wiki and blob search See merge request !2089
-
Sean McGivern authored
Fix snippets visibility for show action - external users can not see internal snippets See merge request !2087
-
Douwe Maan authored
Sanitize submodule URLs before linking to them in the file tree view See merge request !2084
-
Robert Speicher authored
Render asciidoc & other markup using banzai in a pipeline See merge request !2088
-
Robert Speicher authored
Add correct `rel` attributes to external links when rendering markdown See merge request !2086
-
- 06 Apr, 2017 2 commits
-
-
DJ Mountney authored
-
DJ Mountney authored
[ci skip]
-
- 05 Apr, 2017 6 commits
-
-
Sean McGivern authored
Fix for three open redirect vulns using redirect_to url_for(params.merge))) See merge request !2082
-
DJ Mountney authored
Fix for path disclosure in project import/export See merge request !2080
-
DJ Mountney authored
Previously accidently added a test for a feature that does not exist in this release : preserved styles in labels
-
Sean McGivern authored
Fix for open redirect vuln involving continue[to] params See merge request !2083
-
Sean McGivern authored
Don’t show source project name when user does not have access See merge request !2081
-
Robert Speicher authored
Remove class from SanitizationFilter whitelist See merge request !2079
-
- 19 Mar, 2017 2 commits
-
-
James Lopez authored
-
James Lopez authored
[ci skip]
-
- 18 Mar, 2017 5 commits
-
-
Rubén Dávila authored
nil check for url_blocker? See merge request !2076
-
DJ Mountney authored
fix for render json include leaks See merge request !2074 Conflicts: app/controllers/projects/merge_requests_controller.rb spec/controllers/projects/issues_controller_spec.rb
-
Jacob Schatz authored
Adds rel="noopener noreferrer" to all links with target="_blank" See merge request !2071 Conflicts: app/assets/javascripts/environments/components/environment_external_url.js
-
Douwe Maan authored
Protect server against SSRF in project import URLs See merge request !2068
-
Rémy Coutable authored
Only show public emails in atom feeds See merge request !2066
-
- 15 Mar, 2017 4 commits
-
-
Robert Speicher authored
Backport GitLab.com Pages IP change to 8.17 [ci skip] See merge request !9934
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-