Commits · f8dea2e214266c82541a6a1fbf34aa778d5ad216 · nexedi / gitlab-ce

03 Dec, 2018 1 commit
- Implement migration strategy for token authenticatable · f8dea2e2
  Grzegorz Bizon authored Dec 03, 2018
  
  f8dea2e2
29 Nov, 2018 21 commits
- Merge commit '68526805' into fix/gb/encrypt-runners-tokens · a7fec177
  Grzegorz Bizon authored Nov 29, 2018
```
* commit '68526805': (57 commits)
```
  a7fec177
- Merge branch '33705-merge-request-rebase-api' into 'master' · 68526805
  Sean McGivern authored Nov 29, 2018
```
Add a rebase API endpoint for merge requests

Closes #33705

See merge request gitlab-org/gitlab-ce!23296
```
  68526805
- Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq · c07183f0
  Steve Azzopardi authored Nov 29, 2018
  
  c07183f0
- Merge branch 'restore-ssh-host-keys' into 'master' · a5f46278
  Evan Read authored Nov 29, 2018
```
Update documentation with note regarding restoring ssh host keys

See merge request gitlab-org/gitlab-ce!23392
```
  a5f46278
- Merge branch 'sh-bump-gitlab-shell-8.4.3' into 'master' · 14b7b0d9
  Stan Hu authored Nov 29, 2018
```
Bump gitlab-shell to 8.4.3

See merge request gitlab-org/gitlab-ce!23429
```
  14b7b0d9
- Merge branch 'doc-for-knative-ip-address' into 'master' · c7a19d37
  Evan Read authored Nov 29, 2018
```
Update Knative IP address docs

See merge request gitlab-org/gitlab-ce!23380
```
  c7a19d37
- Merge branch 'security-11-5-fix-webhook-ssrf-ipv6' into 'security-11-5' · a9f5b223
  Steve Azzopardi authored Nov 26, 2018
```
[11.5] Fix SSRF in project integrations

See merge request gitlab/gitlabhq!2611
```
  a9f5b223
- Merge branch 'security-email-change-notification' into 'master' · 82f455a8
  Cindy Pallares authored Nov 28, 2018
```
[master] Resolve: "Provide email notification when a user changes their email address"

See merge request gitlab/gitlabhq!2587
```
  82f455a8
- Merge branch 'security-fix-uri-xss-applications' into 'master' · 5736d660
  Cindy Pallares authored Nov 28, 2018
```
[master] Resolve "Reflected XSS in OAuth Authorize window due to redirect_uri allowing arbitrary protocols"

See merge request gitlab/gitlabhq!2572
```
  5736d660
- Merge branch 'security-fj-crlf-injection' into 'master' · c0e5d9af
  Cindy Pallares authored Nov 28, 2018
```
[master] Fix CRLF issue in UrlValidator

See merge request gitlab/gitlabhq!2627
```
  c0e5d9af
- Merge branch 'security-fix-pat-web-access' into 'master' · fe5f7593
  Cindy Pallares authored Nov 28, 2018
```
[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"

See merge request gitlab/gitlabhq!2583
```
  fe5f7593
- Merge branch 'security-guest-comments' into 'master' · e122e14a
  Cindy Pallares authored Nov 28, 2018
```
[master]Fixed ability to comment on and edit/delete comments on locked or confidential issues

See merge request gitlab/gitlabhq!2612
```
  e122e14a
- Merge branch 'security-pages-toctou-race' into 'master' · ffd1c4cd
  Cindy Pallares authored Nov 28, 2018
```
[master] [pages] Possible symlink time of check to time of use race condition

Closes #2742

See merge request gitlab/gitlabhq!2638
```
  ffd1c4cd
- Merge branch 'security-xss-in-markdown-following-unrecognized-html-element' into 'master' · b5b475c2
  Cindy Pallares authored Nov 28, 2018
```
[master] XSS in markdown following unrecognized HTML element

Closes #2732

See merge request gitlab/gitlabhq!2599
```
  b5b475c2
- Merge branch 'security-mermaid-xss' into 'master' · c4bb0a11
  Cindy Pallares authored Nov 28, 2018
```
[master] Fix XSS in mermaid diagrams

See merge request gitlab/gitlabhq!2597
```
  c4bb0a11
- Merge branch 'security-bvl-exposure-in-commits-list' into 'master' · e3a5ce58
  Cindy Pallares authored Nov 28, 2018
```
[master] Don't expose confidential information in commit message list

See merge request gitlab/gitlabhq!2626
```
  e3a5ce58
- Merge branch 'security-issue_51301' into 'master' · 17f83726
  Cindy Pallares authored Nov 28, 2018
```
[master] Resolve: Promoting a milestone is missing an authorization check

See merge request gitlab/gitlabhq!2598
```
  17f83726
- Merge branch 'security-2736-prometheus-ssrf' into 'master' · 94ab2d5f
  Cindy Pallares authored Nov 28, 2018
```
[master] Do not follow redirects in prometheus service

See merge request gitlab/gitlabhq!2617
```
  94ab2d5f
- Merge branch 'security-stored-xss-for-environments' into 'master' · 4bc6f2e3
  Cindy Pallares authored Nov 28, 2018
```
[master] Stored XSS for Environments

Closes #2727

See merge request gitlab/gitlabhq!2594
```
  4bc6f2e3
- Merge branch 'security-private-group' into 'master' · 1be0174b
  Cindy Pallares authored Nov 28, 2018
```
[master] Fixed read private group names

See merge request gitlab/gitlabhq!2589
```
  1be0174b
- Merge branch 'security-182-update-workhorse' into 'master' · 3881285c
  Cindy Pallares authored Nov 28, 2018
```
[Master] Redact sensitive information on gitlab-workhorse log

See merge request gitlab/gitlabhq!2584
```
  3881285c
28 Nov, 2018 18 commits
- Bump gitlab-shell to 8.4.3 · bf062ecc
  Stan Hu authored Nov 28, 2018
```
See https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG
```
  bf062ecc
- Add clarification on Host Keys · d34e4ba9
  Davin Walker authored Nov 28, 2018
  
  d34e4ba9
- Merge branch 'security-email-change-notification' into 'master' · 31f9223a
  Cindy Pallares authored Nov 28, 2018
```
[master] Resolve: "Provide email notification when a user changes their email address"

See merge request gitlab/gitlabhq!2587
```
  31f9223a
- Merge branch 'security-fix-uri-xss-applications' into 'master' · 82cd250b
  Cindy Pallares authored Nov 28, 2018
```
[master] Resolve "Reflected XSS in OAuth Authorize window due to redirect_uri allowing arbitrary protocols"

See merge request gitlab/gitlabhq!2572
```
  82cd250b
- Merge branch 'gt-externalize-app-views-snippets' into 'master' · 335434ca
  Fatih Acet authored Nov 28, 2018
```
Externalize strings from `/app/views/snippets`

See merge request gitlab-org/gitlab-ce!23351
```
  335434ca
- Merge branch 'tc-improve-add-reference-cop' into 'master' · 529aca35
  Andreas Brandl authored Nov 28, 2018
```
Make add_reference cop accept a hash for :index

See merge request gitlab-org/gitlab-ce!23375
```
  529aca35
- Merge branch 'sh-bump-workhorse-7.2.1' into 'master' · c31fd5a2
  Nick Thomas authored Nov 28, 2018
```
Bump GitLab Workhorse to 7.2.1

See merge request gitlab-org/gitlab-ce!23424
```
  c31fd5a2
- Merge branch 'docs/better-alignment-of-tables' into 'master' · b8e5acb2
  Achilleas Pipinellis authored Nov 28, 2018
```
Force better alignment in tables

See merge request gitlab-org/gitlab-ce!23393
```
  b8e5acb2
- Merge branch 'include-new-link-in-breadcrumb' into 'master' · 63344c0e
  Clement Ho authored Nov 28, 2018
```
Include new and edit links in breadcrumb for project milestones, group milestones, and labels

Closes #43998

See merge request gitlab-org/gitlab-ce!18515
```
  63344c0e
- Include new and edit links in breadcrumb for project milestones, group milestones, and labels · 0e75378b
  George Tsiolis authored Nov 28, 2018
  
  0e75378b
- Merge branch 'jramsay/improve-resolve-conflicts-docs' into 'master' · 88254cd3
  Achilleas Pipinellis authored Nov 28, 2018
```
Improve detail of resolve conflict docs

See merge request gitlab-org/gitlab-ce!22927
```
  88254cd3
- Merge branch 'security-fj-crlf-injection' into 'master' · 0eba3277
  Cindy Pallares authored Nov 28, 2018
```
[master] Fix CRLF issue in UrlValidator

See merge request gitlab/gitlabhq!2627
```
  0eba3277
- [master] Fix CRLF issue in UrlValidator · 2327897e
  Francisco Javier López authored Nov 28, 2018
  
  2327897e
- Merge branch 'security-fix-pat-web-access' into 'master' · a7ae5c0c
  Cindy Pallares authored Nov 28, 2018
```
[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"

See merge request gitlab/gitlabhq!2583
```
  a7ae5c0c
- Merge branch 'security-guest-comments' into 'master' · b0e37232
  Cindy Pallares authored Nov 28, 2018
```
[master]Fixed ability to comment on and edit/delete comments on locked or confidential issues

See merge request gitlab/gitlabhq!2612
```
  b0e37232
- [master]Fixed ability to comment on and edit/delete comments on locked or confidential issues · 387a9c4e
  Chantal Rollison authored Nov 28, 2018
  
  387a9c4e
- Merge branch 'security-pages-toctou-race' into 'master' · 163469e9
  Cindy Pallares authored Nov 28, 2018
```
[master] [pages] Possible symlink time of check to time of use race condition

Closes #2742

See merge request gitlab/gitlabhq!2638
```
  163469e9
- Merge branch 'security-xss-in-markdown-following-unrecognized-html-element' into 'master' · 5a06bb11
  Cindy Pallares authored Nov 28, 2018
```
[master] XSS in markdown following unrecognized HTML element

Closes #2732

See merge request gitlab/gitlabhq!2599
```
  5a06bb11