Commits · 9e00ca21e95c28d54edaedbb532512d918bdc59e · nexedi / gitlab-ce

10 Jun, 2019 1 commit
- Merge branch 'jc-bump-gitaly-stderr-log-fix' into '11-11-stable-patch-3' · 9e00ca21
  John Jarvis authored Jun 10, 2019
```
Update Gitaly to 1.42.4

See merge request gitlab-org/gitlab-ce!29310
```
  9e00ca21
06 Jun, 2019 1 commit

John Cai authored Jun 06, 2019

This patch of Gitaly includes a fix of the stderr logger writer to fix a
panic that occured during an edge case.

f71e4a4a

04 Jun, 2019 5 commits
- Update VERSION to 11.11.2 · 0da38977
  GitLab Release Tools Bot authored Jun 04, 2019
  
  0da38977
- Update CHANGELOG.md for 11.11.2 · 6e28e705
  GitLab Release Tools Bot authored Jun 04, 2019
```
[ci skip]
```
  6e28e705
- Merge branch '11-11-stable-patch-1' into '11-11-stable' · aae682a7
  John Skarbek authored Jun 04, 2019
```
Prepare 11.11.2 release

See merge request gitlab-org/gitlab-ce!28679
```
  aae682a7
- Merge branch 'sh-fix-import-url-update' into 'master' · a25ad6e7
  Thong Kuah authored Jun 03, 2019
```
Fix project settings not being able to update

Closes #62708

See merge request gitlab-org/gitlab-ce!29097
```
  a25ad6e7
- Merge branch '11-11-stable' into 11-11-stable-patch-1 · 09221d50
  Stan Hu authored Jun 04, 2019
  
  09221d50
03 Jun, 2019 10 commits

Merge remote-tracking branch 'origin/11-11-stable-patch-2' into 11-11-stable-patch-1 · 3fa68cc6
John T Skarbek authored Jun 03, 2019

3fa68cc6

Merge branch 'sh-fix-issue-58714' into 'master' · b1ea0cc4

Yorick Peterse authored Jun 03, 2019

Fix migration failure when groups are missing route

Closes #58714

See merge request gitlab-org/gitlab-ce!29022

(cherry picked from commit 0488c26e)

a52cbf6b Fix migration failure when groups are missing route

b1ea0cc4

Merge branch 'zj-bump-gitaly' into '11-11-stable-patch-1' · 2cc7155b
Mayra Cabrera authored Jun 03, 2019
```
Stop two-step rebase from hanging when errors occur

See merge request gitlab-org/gitlab-ce!29060
```
2cc7155b

Bump Gitaly version to 1.42.3 · c44d1775

Zeger-Jan van de Weg authored Jun 03, 2019

This change makes sure Gitaly includes a fix to make rebase work again
properly.

Part of: https://gitlab.com/gitlab-org/gitlab-ce/issues/62353

c44d1775

Merge branch 'dm-disable-two-step-rebase' into 'master' · 6953b13c

Mayra Cabrera authored May 27, 2019

Disable two_step_rebase feature flag

See merge request gitlab-org/gitlab-ce!28778

(cherry picked from commit 715d1057)

8104eef0 Disable two_step_rebase feature flag
dd1fa0c2 Apply suggestion to changelogs/unreleased/dm-disable-two-step-rebase.yml

6953b13c

Merge branch 'use-source-ref-name-in-webhook' into 'master' · c5e5d4aa

Ash McKenzie authored May 28, 2019

Use source ref in pipeline webhook

Closes #61553

See merge request gitlab-org/gitlab-ce!28772

(cherry picked from commit 2714f85c)

7e05f3b7 Use source ref for pipeline webhook

c5e5d4aa

Merge branch 'sh-fix-omniauth-generic-strategy' into 'master' · c416e630

Douglas Barbosa Alexandre authored May 23, 2019

Fix OmniAuth OAuth2Generic strategy not loading

Closes #62216

See merge request gitlab-org/gitlab-ce!28680

(cherry picked from commit 7b5cc7b4)

bf8f4c13 Fix OmniAuth OAuth2Generic strategy not loading

c416e630

Merge branch 'jp-label-fix' into 'master' · f5610f59

Lin Jen-Shin authored May 28, 2019

Fix display of promote to group label

Closes #62200

See merge request gitlab-org/gitlab-ce!28637

(cherry picked from commit 9c2d0d87)

f9a55f93 Fix display of promote to group label
52764ec5 Apply suggestion to spec/helpers/labels_helper_spec.rb
58dc21e7 Apply suggestion to spec/features/projects/labels/user_promotes_label_spec.rb

f5610f59

Merge branch 'patch-64' into 'master' · 672941ed

Kamil Trzciński authored May 24, 2019

Update SAST.gitlab-ci.yml - Add SAST_GITLEAKS_ENTROPY_LEVEL

Closes #62179

See merge request gitlab-org/gitlab-ce!28607

(cherry picked from commit 2ae642f8)

31e181f8 Update SAST.gitlab-ci.yml - Add SAST_GITLEAKS_ENTROPY_LEVEL

672941ed

Merge branch '60778-input-text-height' into 'master' · b02c9bfe

Filipa Lacerda authored May 24, 2019

Fix height of input groups

Closes #61304, #61303, #59254, and #60778

See merge request gitlab-org/gitlab-ce!28495

(cherry picked from commit 52758b92)

360646ea Fix height of input groups

b02c9bfe

30 May, 2019 4 commits
- Update VERSION to 11.11.1 · ac0d1491
  GitLab Release Tools Bot authored May 30, 2019
  
  ac0d1491
- Update CHANGELOG.md for 11.11.1 · 375e6dfd
  GitLab Release Tools Bot authored May 30, 2019
```
[ci skip]
```
  375e6dfd
- Merge branch 'osw-disable-dns-rebind-protection-settings-11-11' into '11-11-stable' · fc8699ef
  GitLab Release Tools Bot authored May 30, 2019
```
Add DNS rebinding protection settings

See merge request gitlab/gitlabhq!3130
```
  fc8699ef
- Add changelog · f6250d1e
  Oswaldo Ferreira authored May 29, 2019
  
  f6250d1e
29 May, 2019 3 commits
- Add DNS rebinding protection settings · b599fb4f
  Oswaldo Ferreira authored May 29, 2019
  
  b599fb4f
- Merge branch 'id-fix-overriding-of-import-params' into '11-11-stable' · 440c9665
  Yorick Peterse authored May 29, 2019
```
Fix the overriding of EE import params

See merge request gitlab/gitlabhq!3129
```
  440c9665
- Fix the overriding of EE import params · 02dc7fbf
  Igor Drozdov authored May 29, 2019
  
  02dc7fbf
28 May, 2019 12 commits
- Merge branch 'security-60143-address-xss-issue-in-wiki-links' into '11-11-stable' · 5dd3b753
  GitLab Release Tools Bot authored May 28, 2019
```
Reject slug+uri concat if slug is deemed unsafe

See merge request gitlab/gitlabhq!3105
```
  5dd3b753
- Merge branch 'security-58856-persistent-xss-11-11' into '11-11-stable' · affb2b0d
  Robert Speicher authored May 28, 2019
```
Persistent XSS in note objects

See merge request gitlab/gitlabhq!3127
```
  affb2b0d
- Fix persistent XSS in note objects · fb59eed0
  Tiger authored May 28, 2019
  
  fb59eed0
- Merge branch 'security-fix-project-existence-disclosure-11-11' into '11-11-stable' · 516aeaca
  GitLab Release Tools Bot authored May 28, 2019
```
Fix url redaction for issue links

See merge request gitlab/gitlabhq!3092
```
  516aeaca
- Merge branch 'security-60039-11-11' into '11-11-stable' · 07e56f3d
  GitLab Release Tools Bot authored May 28, 2019
```
Disallow invalid MR branch name

See merge request gitlab/gitlabhq!3095
```
  07e56f3d
- Merge branch 'security-unsubscribing-from-issue-11-11' into '11-11-stable' · 0e84bfd7
  GitLab Release Tools Bot authored May 28, 2019
```
Hide issue title on unsubscribe for anonymous users

See merge request gitlab/gitlabhq!3099
```
  0e84bfd7
- Merge branch 'security-fix-confidential-issue-label-visibility-11-11' into '11-11-stable' · ef228322
  GitLab Release Tools Bot authored May 28, 2019
```
Fix confidential issue label disclosure on milestone view

See merge request gitlab/gitlabhq!3102
```
  ef228322
- Merge branch 'security-id-leaked-password-in-import-url-frontend-11-11' into '11-11-stable' · 60edec1f
  GitLab Release Tools Bot authored May 28, 2019
```
Handling password on import by url page

See merge request gitlab/gitlabhq!3109
```
  60edec1f
- Merge branch 'security-fix_milestones_search_api_leak-11-11' into '11-11-stable' · 2d0c3178
  GitLab Release Tools Bot authored May 28, 2019
```
Resolve: Milestones leaked via search API

See merge request gitlab/gitlabhq!3110
```
  2d0c3178
- Merge branch 'security-http-hostname-override-11-11' into '11-11-stable' · eee1eb3b
  GitLab Release Tools Bot authored May 28, 2019
```
Protect Gitlab::HTTP against DNS rebinding attack

See merge request gitlab/gitlabhq!3113
```
  eee1eb3b
- Merge branch 'security-pb-fix-get-archive-11-11' into '11-11-stable' · 13213f7d
  GitLab Release Tools Bot authored May 28, 2019
```
Update Gitaly to fix GetArchive vulnerability

See merge request gitlab/gitlabhq!3118
```
  13213f7d
- Merge branch 'security-jej/prevent-web-sign-in-bypass-11-11' into '11-11-stable' · 32a64720
  GitLab Release Tools Bot authored May 28, 2019
```
Prevent password sign in restriction bypass

See merge request gitlab/gitlabhq!3121
```
  32a64720
27 May, 2019 1 commit

Reject slug+uri concat if slug is deemed unsafe · d71a4d5c

Kerri Miller authored May 20, 2019

First reported:
  https://gitlab.com/gitlab-org/gitlab-ce/issues/60143

When the page slug is "javascript:" and we attempt to link to a relative
path (using `.` or `..`) the code will concatenate the slug and the uri.
This MR adds a guard to that concat step that will return `nil` if the
incoming slug matches against any of the "unsafe" slug regexes;
currently this is only for the slug "javascript:" but can be extended if
needed. Manually tested against a non-exhaustive list from OWASP of
common javascript XSS exploits that have to to with mangling the
"javascript:" method, and all are caught by this change or by existing
code that ingests the user-specified slug.

d71a4d5c

24 May, 2019 1 commit

Merge branch '62283-fix-job-app-spec' into 'master' · c22ab474

Filipa Lacerda authored May 24, 2019

Replaces a hard-coded date in the job app spec

Closes #62283

See merge request gitlab-org/gitlab-ce!28709

c22ab474

23 May, 2019 2 commits
- Prevent password sign in restriction bypass · 88de1681
  James Edwards-Jones authored Dec 12, 2018
  
  88de1681
- Update Gitaly to fix GetArchive vulnerability · 7961a5dc
  Patrick Bajao authored May 23, 2019
  
  7961a5dc