1. 06 Jul, 2016 1 commit
    • Rémy Coutable's avatar
      Merge branch '18310-improve-request-access-button' into 'master' · ee4e6659
      Rémy Coutable authored
      Improve the request / withdraw access button
      
      It implements the design proposed in #18310.
      
      No.
      
      To close #18310.
      
      Closes #18310.
      
      | Medium | Large |
      | ----------- | ------- |
      | ![request_access_button](/uploads/a1de370dcbb8ac9a63d2df5c68591db7/request_access_button.png) | ![request_access_button-large](/uploads/0a1c70380268e620a6ca4d3e1661d58c/request_access_button-large.png) |
      
      | Medium | Large |
      | ----------- | ------- |
      | ![withdraw_access_request_button](/uploads/c9df39d04b61566ec143d5e9cc43ada2/withdraw_access_request_button.png) | ![withdraw_access_request_button-large](/uploads/10fdaa94d72956e06bdb995e65b51472/withdraw_access_request_button-large.png) |
      
      | Medium | Large |
      | ----------- | ------- |
      | ![request_access_button](/uploads/8e71395041a5cea996a35df2083bb723/request_access_button.png) | ![project-request_access_button-large](/uploads/adb2dec0eccec8e5171dc0e26e6b03a6/project-request_access_button-large.png) |
      
      | Medium | Large |
      | ----------- | ------- |
      | ![withdraw_access_request_button](/uploads/12be06f0a2bf9426a5e043f52c4d1dab/withdraw_access_request_button.png) | ![project-withdraw_access_request_button-large](/uploads/93fda7767ee5f02186c4c954ea346254/project-withdraw_access_request_button-large.png) |
      
      - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
      - [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
      - Tests
        - [x] All builds are passing
      - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
      - [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
      - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
      
      See merge request !4860
      (cherry picked from commit c578fb06)
      ee4e6659
  2. 05 Jul, 2016 2 commits
  3. 30 Jun, 2016 13 commits
    • Robert Speicher's avatar
      Update VERSION to 8.9.4 · 24f3eb9c
      Robert Speicher authored
      24f3eb9c
    • Jacob Schatz's avatar
      Merge branch 'sidebar-breakpoint' into 'master' · 8cbbcee3
      Jacob Schatz authored
      Updated breakpoint for sidebar pinning
      
      Updates the breakpoint for sidebar pinning to 1024px.
      
      Think we will have the same issue as before when picking into stable with `$window` not being defined.
      
      See merge request !5019
      (cherry picked from commit c5d164d1)
      8cbbcee3
    • Jacob Schatz's avatar
      Merge branch 'pin-nav-cookie-expiry' into 'master' · 10a17ade
      Jacob Schatz authored
      Expiry date on pinned nav cookie
      
      Adds an expiry date far into the future for the pinned nav cookie so that it survives logout & browser closing.
      
      See merge request !5009
      (cherry picked from commit 73196fbd)
      10a17ade
    • Robert Speicher's avatar
      Merge branch 'fix-external-issue-rendering' into 'master' · e2692686
      Robert Speicher authored
      Handle external issues in IssueReferenceFilter
      
      Rendering issue references such as `#1` was broken for projects using an external issues tracker.
      
      See gitlab-org/gitlab-ce#19036
      
      See merge request !4988
      (cherry picked from commit 6e82c0e0)
      e2692686
    • Rémy Coutable's avatar
      Merge branch 'fix_restore_warning' into 'master' · a700bc4c
      Rémy Coutable authored
      Fix restore warning message
      
      ## What does this MR do?
      
      Fix the restore Rake task so it properly outputs the database warning. This is a pretty important warning and it was not even being output. After this fix, the output looks like the screenshot below.
      
      ![Screen_Shot_2016-06-28_at_3.53.46_PM](/uploads/d250189d39fcacd0c8ec0aacf9cd930d/Screen_Shot_2016-06-28_at_3.53.46_PM.png)
      
      See merge request !4980
      (cherry picked from commit 0144dce7)
      a700bc4c
    • Robert Speicher's avatar
      Merge branch 'fix/build-retry-button-in-view' into 'master' · ce8db128
      Robert Speicher authored
      Do not show build retry link when build is active
      
      Closes #19244
      
      See merge request !4967
      (cherry picked from commit dc2d0051)
      ce8db128
    • Fatih Acet's avatar
      Merge branch 'commit-avatar-alignment' into 'master' · 04c2c88b
      Fatih Acet authored
      Fixed comit avatar alignment
      
      ## What does this MR do?
      
      Fixes the alignment of the avatar on https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG
      
      Also fixes potential issues in other places.
      
      ## Screenshots (if relevant)
      
      ![Screen_Shot_2016-06-27_at_10.58.26](/uploads/fa4f50cfc30a870422d1afa63a4331d1/Screen_Shot_2016-06-27_at_10.58.26.png)![Screen_Shot_2016-06-27_at_10.58.35](/uploads/bd7dc3cf77464c1775fabb45b8079f02/Screen_Shot_2016-06-27_at_10.58.35.png)
      
      See merge request !4933
      (cherry picked from commit 8cada02d)
      04c2c88b
    • Jacob Schatz's avatar
      Merge branch 'label-filter-path-fix' into 'master' · eb7356a4
      Jacob Schatz authored
      Fixed URL on label button when filtering
      
      ## What does this MR do?
      
      Gives the filtered labels the correct URL. Previously they tried to link to `labels#show` whereas now it links to the correct filter path.
      
      ## What are the relevant issue numbers?
      
      Closes #19005
      
      See merge request !4897
      (cherry picked from commit d3d9df5a)
      eb7356a4
    • Fatih Acet's avatar
      Merge branch 'fix_filebrowser_reload' into 'master' · aae44444
      Fatih Acet authored
      File Browser navigation fixes
      
      Fixes a double request being made when clicking the file name when navigating through file browser and also fixes opening a file in a new tab or when doing ctrl + click.
      
      Closes #19050
      
      **Before**
      
      ![navigation-old](/uploads/f9a40c91e430e31beae3a896cffb1c68/navigation-old.gif)
      
      **After**
      
      ![navigation](/uploads/dec9b43894c00cc09d80d19c83506530/navigation.gif)
      
      See merge request !4891
      (cherry picked from commit b32a6add)
      aae44444
    • Dmitriy Zaporozhets's avatar
      Merge branch '19003-file-view-subnav' into 'master' · d3b28207
      Dmitriy Zaporozhets authored
      Resolve "Sub nav isn't showing on file view"
      
      ## What does this MR do?
      Adds subnav to `Repository` > `File` view
      
      ## What are the relevant issue numbers?
      Closes #19003
      Part of #18844
      
      ## Screenshots (if relevant)
      ![Screen_Shot_2016-06-23_at_5.33.05_PM](/uploads/aa6993b2376dbe454af87d852aa74f5e/Screen_Shot_2016-06-23_at_5.33.05_PM.png)
      
      cc @dzaporozhets
      
      See merge request !4890
      (cherry picked from commit 2efee5f6)
      d3b28207
    • Jacob Schatz's avatar
      Merge branch 'search-input-blur' into 'master' · 966eedd3
      Jacob Schatz authored
      Fixed search field blur not removing focus
      
      ## What does this MR do?
      
      Adds a blur event to remove focus styling from the search input.
      
      Any particular reason we were looking for clicks on the document? I can't see why we would be.
      
      ## What are the relevant issue numbers?
      
      Closes #18670
      
      ## Screenshots (if relevant)
      
      ![tab](/uploads/4c74d4f76ec7b45bfcf581606d2defb5/tab.gif)
      
      See merge request !4704
      (cherry picked from commit c051630a)
      966eedd3
    • Douwe Maan's avatar
      Merge branch '18033-private-repo-mentions' into 'master' · 70fd0177
      Douwe Maan authored
      Ensure logged-out users can't see private refs
      
      https://gitlab.com/gitlab-org/gitlab-ce/issues/18033
      
      I'm still not sure what to do about the CHANGELOG on security issues - should I add to a patch release? This issue was assigned to 8.10.
      
      See merge request !1974
      (cherry picked from commit 3a6ebb1f)
      70fd0177
    • Douwe Maan's avatar
      Merge branch '19312-confidential-issue' into 'master' · ad421b3a
      Douwe Maan authored
      Fix privilege escalation issue with OAuth external users
      
      Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/19312
      
      This MR fixes a privilege escalation issue, where manually set external users would be reverted back to internal users if they logged in via OAuth and that provider was not in the `external_providers` list.
      
      /cc @douwe
      
      See merge request !1975
      (cherry picked from commit 5e6342b7)
      ad421b3a
  4. 29 Jun, 2016 6 commits
  5. 28 Jun, 2016 11 commits
  6. 27 Jun, 2016 6 commits
    • Robert Speicher's avatar
      Update CHANGELOG for 8.9.2 · a87c99f7
      Robert Speicher authored
      [ci skip]
      a87c99f7
    • Robert Speicher's avatar
      Update VERSION to 8.9.2 · bf922fbd
      Robert Speicher authored
      bf922fbd
    • Stan Hu's avatar
      Merge branch 'update-omniauth-saml' into 'master' · 7cf41bf5
      Stan Hu authored
      Update omniauth-saml to 1.6.0 to address a security vulnerability in ruby-saml
      
      ## What does this MR do?
      
      Updates `omniauth-saml` to bring in the new `ruby-saml` dependency that addresses [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697)
      
      Fixes #19206
      
      See merge request !4951
      7cf41bf5
    • Robert Speicher's avatar
      Merge branch 'fix-18997' into 'master' · a61b4013
      Robert Speicher authored
      Fix visibility of snippets when searching
      
      Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18997
      
      See merge request !1972
      a61b4013
    • Robert Speicher's avatar
      Merge branch '19102-fix' into 'master' · 7917cbbb
      Robert Speicher authored
      Fix an information disclosure when requesting access to a group containing private projects
      
      Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/19102.
      
      The commit speaks for itself:
      
          Fix an information disclosure when requesting access to a group containing private projects
          
          The issue was with the `User#groups` and `User#projects` associations
          which goes through the `User#group_members` and `User#project_members`.
          
          Initially I chose to use a secure approach by storing the requester's
          user ID in `Member#created_by_id` instead of `Member#user_id` because I
          was aware that there was a security risk since I didn't know the
          codebase well enough.
          
          Then during the review, we decided to change that and directly store the
          requester's user ID into `Member#user_id` (for the sake of simplifying
          the code I believe), meaning that every `group_members` / `project_members`
          association would include the requesters by default...
          
          My bad for not checking that all the `group_members` / `project_members`
          associations and the ones that go through them (e.g. `Group#users` and
          `Project#users`) were made safe with the `where(requested_at: nil)` /
          `where(members: { requested_at: nil })` scopes.
          
          Now they are all secure.
      
      See merge request !1973
      7917cbbb
    • Rémy Coutable's avatar
      Merge branch 'fix-changelog-entries' into 'master' · 78596dcd
      Rémy Coutable authored
      Remove duplicate changelog entry
      
      ## What does this MR do?
      
      Removes a changelog entry from 8.9.1, which is only present in 8.10
      
      
      
      See merge request !4937
      78596dcd
  7. 26 Jun, 2016 1 commit