- 22 11月, 2019 3 次提交
-
-
由 GitLab Release Tools Bot 提交于
-
由 GitLab Release Tools Bot 提交于
[ci skip]
-
由 GitLab Bot 提交于
-
- 21 11月, 2019 2 次提交
-
-
由 GitLab Bot 提交于
-
由 GitLab Bot 提交于
-
- 20 11月, 2019 5 次提交
-
-
由 GitLab Bot 提交于
-
由 GitLab Bot 提交于
-
由 GitLab Bot 提交于
-
由 GitLab Release Tools Bot 提交于
-
由 GitLab Bot 提交于
-
- 19 11月, 2019 2 次提交
-
-
由 GitLab Release Tools Bot 提交于
-
由 GitLab Release Tools Bot 提交于
[ci skip]
-
- 15 11月, 2019 1 次提交
-
-
由 GitLab Bot 提交于
-
- 04 11月, 2019 3 次提交
-
-
由 GitLab Release Tools Bot 提交于
-
由 GitLab Release Tools Bot 提交于
[ci skip]
-
由 GitLab Bot 提交于
-
- 30 10月, 2019 1 次提交
-
-
由 GitLab Release Tools Bot 提交于
-
- 28 10月, 2019 2 次提交
-
-
由 GitLab Release Tools Bot 提交于
-
由 GitLab Release Tools Bot 提交于
[ci skip]
-
- 26 10月, 2019 1 次提交
-
-
由 GitLab Release Tools Bot 提交于
Mask Sentry auth token See merge request gitlab/gitlabhq!3504
-
- 25 10月, 2019 14 次提交
-
-
由 GitLab Release Tools Bot 提交于
Private/internal repository enumeration via bruteforce on a vulnerable URL See merge request gitlab/gitlabhq!3491
-
由 GitLab Release Tools Bot 提交于
Return 404 on LFS request if project doesn't exist See merge request gitlab/gitlabhq!3506
-
由 Igor Drozdov 提交于
-
由 GitLab Release Tools Bot 提交于
Only assign merge params when allowed See merge request gitlab/gitlabhq!3487
-
由 GitLab Release Tools Bot 提交于
Pass all wiki markup formats through our Banzai pipeline filters See merge request gitlab/gitlabhq!3485
-
由 GitLab Release Tools Bot 提交于
Require Maintainer permission on group where project is transferred to See merge request gitlab/gitlabhq!3486
-
由 GitLab Release Tools Bot 提交于
Use the '\A' and '\z' regex anchors in `InternalRedirect` to mitigate an Open Redirect issue. See merge request gitlab/gitlabhq!3488
-
由 GitLab Release Tools Bot 提交于
Merge branch 'security-2914-labels-visible-despite-no-access-to-issues-repositories-12-4' into '12-4-stable' Labels visible despite no access to issues & repositories See merge request gitlab/gitlabhq!3489
-
由 GitLab Release Tools Bot 提交于
Project path reveals labels from Private project if the issue is moved to public project See merge request gitlab/gitlabhq!3490
-
由 GitLab Release Tools Bot 提交于
Nested GraphQL query with circular relationship can cause Denial of Service See merge request gitlab/gitlabhq!3492
-
由 GitLab Release Tools Bot 提交于
Filter out search results based on permissions to avoid bugs leaking data See merge request gitlab/gitlabhq!3496
-
由 GitLab Release Tools Bot 提交于
Merge branch 'security-65756-ex-admin-attacker-can-comment-in-internalsecurity-65756-ex-admin-attacker-can-comment-in-internal-12-4' into '12-4-stable' Improper access control allows the attacker to comment in internal commit after they are no longer admin See merge request gitlab/gitlabhq!3497
-
由 GitLab Release Tools Bot 提交于
Merge branch 'security-ag-hide-private-members-in-project-member-autocomplete-12-4' into '12-4-stable' Hide private members in project member autocomplete See merge request gitlab/gitlabhq!3503
-
由 Ryan Cobb 提交于
This makes it so we mask Sentry's auth token. This mask only occurs in the UI.
-
- 24 10月, 2019 2 次提交
-
-
由 Eugenia Grieff 提交于
- Include new types in SystemNoteMetadata - Add Label and Milestone reference_pattern to Mentionable::ReferenceRegexes to be checked for cross references
-
由 Aakriti Gupta 提交于
in a project members' list. Add tests for possible scenarios Re-factor and remove N + 1 queries Remove author from changelog Don't use memoisation when not needed Include users part of parents of project's group Re-factor tests Create and add users according to roles Re-use group created earlier Add incomplete test for ancestoral groups Rename method to clarify category of groups Skip pending test, remove comments not needed Remove extra line Include ancestors from invited groups as well Add specs for participants service Add more specs Add more specs use instead of Use public group owner instead of project maintainer to test owner acess Remove tests that have now been moved into participants_service_spec Use :context instead of :all Create nested group instead of creating an ancestor separately Add comment explaining doubt on the failing spec Imrpove test setup Optimize sql queries Refactor specs file Add rubocop disablement Add special case for project owners Add small refactor Add explanation to the docs Fix wording Refactor group check Add small changes in specs Add cr remarks Add cr remarks Add specs Add small refactor Add code review remarks Refactor for better database usage Fix failing spec Remove rubocop offences Add cr remarks
-
- 23 10月, 2019 4 次提交
-
-
由 manojmj 提交于
-
由 Bob Van Landuyt 提交于
When a user updates a merge request coming from a fork, they should not be able to set `force_remove_source_branch` if they cannot push code to the source project. Otherwise developers of the target project could remove the source branch of the source project by setting this flag through the API.
-
由 charlieablett 提交于
-
由 charlieablett 提交于
-