提交 · 12-4-stable · 李少辉-开发者 / gitlab-foss

14 1月, 2020 1 次提交
- G
  
  Merge remote-tracking branch 'dev/12-4-stable' into 12-4-stable · 3f91efcd
  由 GitLab Release Tools Bot 提交于 1月 13, 2020
  
  3f91efcd
13 1月, 2020 2 次提交
- G
  
  Update VERSION to 12.4.8 · 24cecbe1
  由 GitLab Release Tools Bot 提交于 1月 13, 2020
  
  24cecbe1
- G
  Update CHANGELOG.md for 12.4.8 · 2c42669c
  由 GitLab Release Tools Bot 提交于 1月 13, 2020
```
[ci skip]
```
  2c42669c
10 1月, 2020 1 次提交
- G
  
  Add latest changes from gitlab-org/security/gitlab@12-4-stable-ee · 73e4dfe3
  由 GitLab Bot 提交于 1月 10, 2020
  
  73e4dfe3
03 1月, 2020 1 次提交
- G
  
  Merge remote-tracking branch 'dev/12-4-stable' into 12-4-stable · ec377c38
  由 GitLab Release Tools Bot 提交于 1月 02, 2020
  
  ec377c38
02 1月, 2020 2 次提交
- G
  
  Update VERSION to 12.4.7 · 5159b8de
  由 GitLab Release Tools Bot 提交于 1月 02, 2020
  
  5159b8de
- G
  Update CHANGELOG.md for 12.4.7 · 9c4673ab
  由 GitLab Release Tools Bot 提交于 1月 02, 2020
```
[ci skip]
```
  9c4673ab
31 12月, 2019 1 次提交
- G
  
  Add latest changes from gitlab-org/security/gitlab@12-4-stable-ee · c11b8def
  由 GitLab Bot 提交于 12月 31, 2019
  
  c11b8def
16 12月, 2019 1 次提交
- G
  
  Add latest changes from gitlab-org/gitlab@12-4-stable-ee · 52d0c833
  由 GitLab Bot 提交于 12月 16, 2019
  
  52d0c833
11 12月, 2019 1 次提交
- G
  
  Merge remote-tracking branch 'dev/12-4-stable' into 12-4-stable · d0fee3f5
  由 GitLab Release Tools Bot 提交于 12月 10, 2019
  
  d0fee3f5
09 12月, 2019 3 次提交
- G
  
  Update VERSION to 12.4.6 · 2efeb5d9
  由 GitLab Release Tools Bot 提交于 12月 09, 2019
  
  2efeb5d9
- G
  Update CHANGELOG.md for 12.4.6 · 0fb61d96
  由 GitLab Release Tools Bot 提交于 12月 09, 2019
```
[ci skip]
```
  0fb61d96
- A
  Merge branch 'security-37766-transfer-group-reindex-ce-12-4' into '12-4-stable' · 591c745c
  由 Alessio Caiazza 提交于 12月 09, 2019
```
Trigger Elasticsearch indexing when public group moved to private

See merge request gitlab/gitlabhq!3578
```
  591c745c
06 12月, 2019 2 次提交
- D
  Trigger Elasticsearch indexing when public group moved to private · 2509f797
  由 Dylan Griffith 提交于 12月 06, 2019
```
This fixes https://gitlab.com/gitlab-org/gitlab/issues/37766 which is
caused by the fact that we leave the stale permissions data in the index
after a group is moved to another group.
```
  2509f797
- G
  
  Add latest changes from gitlab-org/gitlab@12-4-stable-ee · 97a41ac6
  由 GitLab Bot 提交于 12月 06, 2019
  
  97a41ac6
28 11月, 2019 3 次提交
- G
  
  Merge remote-tracking branch 'dev/12-4-stable' into 12-4-stable · 6051a4b2
  由 GitLab Release Tools Bot 提交于 11月 27, 2019
  
  6051a4b2
- G
  
  Update VERSION to 12.4.5 · 539f5fc0
  由 GitLab Release Tools Bot 提交于 11月 27, 2019
  
  539f5fc0
- G
  Update CHANGELOG.md for 12.4.5 · 3f0859ad
  由 GitLab Release Tools Bot 提交于 11月 27, 2019
```
[ci skip]
```
  3f0859ad
27 11月, 2019 4 次提交
- G
  
  Merge remote-tracking branch 'dev/12-4-stable' into 12-4-stable · ed299e83
  由 GitLab Release Tools Bot 提交于 11月 27, 2019
  
  ed299e83
- G
  
  Update VERSION to 12.4.4 · 0a3b14ec
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
  
  0a3b14ec
- G
  Update CHANGELOG.md for 12.4.4 · b475ac65
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
[ci skip]
```
  b475ac65
- G
  Merge branch 'security-dos-issue-and-commit-comments-12-4' into '12-4-stable' · 8539ed88
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
Fix invalid byte sequence

See merge request gitlab/gitlabhq!3548
```
  8539ed88
26 11月, 2019 14 次提交
- G
  Merge branch 'security-29660-update-dependencies-12-4' into '12-4-stable' · f9db08fd
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
Update Workhorse and Gitaly to fix a security issue

See merge request gitlab/gitlabhq!3500
```
  f9db08fd
- G
  Merge branch 'security-dns-rebind-ssrf-in-slack-notifications-12-4-ce' into '12-4-stable' · 774a7ed2
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
Use Gitlab::HTTP for all chat notifications

See merge request gitlab/gitlabhq!3516
```
  774a7ed2
- G
  Merge branch 'security-33712-ce-12-4' into '12-4-stable' · 7e789039
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
Fix private comment Elasticsearch leak

See merge request gitlab/gitlabhq!3524
```
  7e789039
- G
  Merge branch 'security-aws-secret-key-2937-ce-12-4' into '12-4-stable' · 6bfdba8b
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
Hide AWS secret on Admin Integration page

See merge request gitlab/gitlabhq!3526
```
  6bfdba8b
- J
  
  Hide AWS secret on Admin Integration page · 4c192319
  由 Justin Ho Tuan Duong 提交于 11月 26, 2019
  
  4c192319
- G
  Merge branch 'security-ag-cycle-analytics-guest-permissions-12-4' into '12-4-stable' · ddd05f24
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
Prevent guests from seeing commits for cycle analytics

See merge request gitlab/gitlabhq!3533
```
  ddd05f24
- G
  Merge branch 'security-filter-related-branches-from-activity-feed-12.4' into '12-4-stable' · 1a51bc93
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
Related Branches Visible to Guests in Issue Activity

See merge request gitlab/gitlabhq!3539
```
  1a51bc93
- G
  Merge branch 'security-2943-encrypt-plaintext-tokens-12-4' into '12-4-stable' · 170c1104
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
GitLab stores AWS, Slack, Askimet, reCaptcha tokens in plaintext

See merge request gitlab/gitlabhq!3542
```
  170c1104
- G
  Merge branch 'security-fix-xss-in-label-namespace-12-4' into '12-4-stable' · 5d5c906b
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
Escape namespace in label references

See merge request gitlab/gitlabhq!3551
```
  5d5c906b
- G
  Merge branch 'security-28802-respect-fork-parent-visibility-12-4' into '12-4-stable' · b72162e7
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
Check permissions before showing a forked project's source

See merge request gitlab/gitlabhq!3556
```
  b72162e7
- G
  Merge branch 'security-exclude_ids_attribute_cleaning-12-4-ce' into '12-4-stable' · 52444f10
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
Ensure attributes that end in `_ids` are cleaned

See merge request gitlab/gitlabhq!3559
```
  52444f10
- I
  
  Spec to ensure `_ids` are cleaned by ImportExport::AttributeCleaner · 7aea2c20
  由 Imre Farkas 提交于 11月 26, 2019
  
  7aea2c20
- D
  Ensure attributes that end in `_ids` are cleaned · 483d36b2
  由 DJ Mountney 提交于 11月 25, 2019
```
This prevents an issue where you can steal other projects objects by
asking for ids that don't belong to you in import.
```
  483d36b2
- G
  
  Add latest changes from gitlab-org/gitlab@12-4-stable-ee · 3d7b56c5
  由 GitLab Bot 提交于 11月 26, 2019
  
  3d7b56c5
25 11月, 2019 3 次提交

N

Check permissions before showing a forked project's source · b49d06e4
由 Nick Thomas 提交于 11月 19, 2019

b49d06e4

Encrypt application settings with pre and post deployments · 4cb93023

由 Arturo Herrero 提交于 11月 22, 2019

We had concerns about the cached values on Redis with the previous two
releases strategy:

First release (this commit):
  - Create new encrypted fields in the database.
  - Start populating new encrypted fields, read the encrypted fields or
    fallback to the plaintext fields.
  - Backfill the data removing the plaintext fields to the encrypted
    fields.
Second release:
  - Remove the virtual attribute (created in step 2).
  - Drop plaintext columns from the database (empty columns after
    step 3).

We end up with a better strategy only using migration scripts in one
release:
  - Pre-deployment migration: Add columns required for storing encrypted
    values.
  - Pre-deployment migration: Store the encrypted values in the new
    columns.
  - Post-deployment migration: Remove the old unencrypted columns

4cb93023

Escape namespace in label references · ddfdc0dc

由 Heinrich Lee Yu 提交于 10月 26, 2019

When referencing cross-namespace labels, we append the namespace name
to the rendered label.

This MR escapes the name to prevent XSS attacks.

ddfdc0dc

22 11月, 2019 1 次提交
- P
  
  Fix invalid byte sequence · 0cc8e021
  由 Patrick Derichs 提交于 11月 22, 2019
  
  0cc8e021