提交 · 23d8718bf3a114f7b832a9c493b1efcdc6decedb · 李少辉-开发者 / gitlab-foss

29 11月, 2019 2 次提交
- G
  
  Add latest changes from gitlab-org/gitlab@master · 23d8718b
  由 GitLab Bot 提交于 11月 29, 2019
  
  23d8718b
- G
  
  Add latest changes from gitlab-org/gitlab@master · 4f05a630
  由 GitLab Bot 提交于 11月 28, 2019
  
  4f05a630
28 11月, 2019 6 次提交
- G
  
  Add latest changes from gitlab-org/gitlab@master · 7cdd70dc
  由 GitLab Bot 提交于 11月 28, 2019
  
  7cdd70dc
- G
  
  Add latest changes from gitlab-org/gitlab@master · 79348fac
  由 GitLab Bot 提交于 11月 28, 2019
  
  79348fac
- G
  
  Add latest changes from gitlab-org/gitlab@master · 45a05a8b
  由 GitLab Bot 提交于 11月 28, 2019
  
  45a05a8b
- G
  
  Add latest changes from gitlab-org/gitlab@master · 284ae7dd
  由 GitLab Bot 提交于 11月 28, 2019
  
  284ae7dd
- G
  
  Add latest changes from gitlab-org/gitlab@master · 2c0b1b62
  由 GitLab Bot 提交于 11月 28, 2019
  
  2c0b1b62
- G
  
  Add latest changes from gitlab-org/gitlab@master · 20758bc3
  由 GitLab Bot 提交于 11月 27, 2019
  
  20758bc3
27 11月, 2019 24 次提交
- G
  
  Add latest changes from gitlab-org/gitlab@master · a98649b7
  由 GitLab Bot 提交于 11月 27, 2019
  
  a98649b7
- A
  
  Merge remote-tracking branch 'dev/master' · a4484fd2
  由 Alessio Caiazza 提交于 11月 27, 2019
  
  a4484fd2
- G
  
  Add latest changes from gitlab-org/gitlab@master · 3269a206
  由 GitLab Bot 提交于 11月 27, 2019
  
  3269a206
- G
  
  Add latest changes from gitlab-org/gitlab@master · c02f5328
  由 GitLab Bot 提交于 11月 27, 2019
  
  c02f5328
- G
  
  Add latest changes from gitlab-org/gitlab@master · 688e3395
  由 GitLab Bot 提交于 11月 27, 2019
  
  688e3395
- G
  
  Add latest changes from gitlab-org/gitlab@master · 91f027ed
  由 GitLab Bot 提交于 11月 27, 2019
  
  91f027ed
- G
  
  Add latest changes from gitlab-org/gitlab@master · bd8a202d
  由 GitLab Bot 提交于 11月 27, 2019
  
  bd8a202d
- G
  Update CHANGELOG.md for 12.4.4 · f220df53
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
[ci skip]
```
  f220df53
- G
  
  Add latest changes from gitlab-org/gitlab@master · 59a34981
  由 GitLab Bot 提交于 11月 26, 2019
  
  59a34981
- G
  
  Add latest changes from gitlab-org/gitlab@master · 581c10e3
  由 GitLab Bot 提交于 11月 26, 2019
  
  581c10e3
- G
  Update CHANGELOG.md for 12.3.7 · 7278d3f1
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
[ci skip]
```
  7278d3f1
- G
  Merge branch 'security-29660-update-dependencies' into 'master' · dfac6800
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
Update Workhorse and Gitaly to fix a security issue

See merge request gitlab/gitlabhq!3499
```
  dfac6800
- G
  Merge branch 'security-fix-xss-in-label-namespace' into 'master' · 6b50c98f
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
Escape namespace in label references

Closes #2941

See merge request gitlab/gitlabhq!3509
```
  6b50c98f
- G
  Merge branch 'security-dns-rebind-ssrf-in-slack-notifications-ce' into 'master' · 5df019e8
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
Use Gitlab::HTTP for all chat notifications

See merge request gitlab/gitlabhq!3517
```
  5df019e8
- G
  Merge branch 'security-2943-encrypt-plaintext-tokens' into 'master' · 63df5d32
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
GitLab stores AWS, Slack, Askimet, reCaptcha tokens in plaintext

See merge request gitlab/gitlabhq!3518
```
  63df5d32
- G
  Merge branch 'security-ag-cycle-analytics-guest-permissions' into 'master' · 0844bbf6
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
Prevent guests from seeing commits for cycle analytics

See merge request gitlab/gitlabhq!3519
```
  0844bbf6
- G
  Merge branch 'security-33712-ce' into 'master' · 402c7500
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
Fix private comment Elasticsearch leak

See merge request gitlab/gitlabhq!3521
```
  402c7500
- G
  Merge branch 'security-aws-secret-key-2937-ce' into 'master' · 6c34c892
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
Hide AWS secret on Admin Integration page

See merge request gitlab/gitlabhq!3525
```
  6c34c892
- J
  
  Hide AWS secret on Admin Integration page · 78f85399
  由 Justin Ho Tuan Duong 提交于 11月 26, 2019
  
  78f85399
- G
  Merge branch 'security-filter-related-branches-from-activity-feed' into 'master' · 17bf8a8f
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
Related Branches Visible to Guests in Issue Activity

See merge request gitlab/gitlabhq!3537
```
  17bf8a8f
- G
  Merge branch 'security-dos-issue-and-commit-comments-master' into 'master' · f1830540
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
Fix invalid byte sequence

See merge request gitlab/gitlabhq!3545
```
  f1830540
- G
  Merge branch 'security-28802-respect-fork-parent-visibility' into 'master' · f92bc7b1
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
Check permissions before showing a forked project's source

See merge request gitlab/gitlabhq!3554
```
  f92bc7b1
- G
  Merge branch 'security-exclude_ids_attribute_cleaning-ce' into 'master' · 088c3f9a
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
Ensure attributes that end in `_ids` are cleaned

See merge request gitlab/gitlabhq!3561
```
  088c3f9a
- G
  Update CHANGELOG.md for 12.5.1 · 3169ba6b
  由 GitLab Release Tools Bot 提交于 11月 26, 2019
```
[ci skip]
```
  3169ba6b
26 11月, 2019 8 次提交

G

Add latest changes from gitlab-org/gitlab@master · 68d3f33d
由 GitLab Bot 提交于 11月 26, 2019

68d3f33d

Encrypt application settings with pre and post deployments · aaae14c0

由 Arturo Herrero 提交于 11月 22, 2019

We had concerns about the cached values on Redis with the previous two
releases strategy:

First release (this commit):
  - Create new encrypted fields in the database.
  - Start populating new encrypted fields, read the encrypted fields or
    fallback to the plaintext fields.
  - Backfill the data removing the plaintext fields to the encrypted
    fields.
Second release:
  - Remove the virtual attribute (created in step 2).
  - Drop plaintext columns from the database (empty columns after
    step 3).

We end up with a better strategy only using migration scripts in one
release:
  - Pre-deployment migration: Add columns required for storing encrypted
    values.
  - Pre-deployment migration: Store the encrypted values in the new
    columns.
  - Post-deployment migration: Remove the old unencrypted columns

aaae14c0

Encrypt application setting tokens · 9183bf94

由 Arturo Herrero 提交于 11月 05, 2019

This is the plan to encrypt the plaintext tokens:

First release (this commit):
  1. Create new encrypted fields in the database.
  2. Start populating new encrypted fields, read the encrypted fields or
     fallback to the plaintext fields.
  3. Backfill the data removing the plaintext fields to the encrypted fields.

Second release:
  4. Remove the virtual attribute (created in step 2).
  5. Drop plaintext columns from the database (empty columns after step 3).

9183bf94

G

Add latest changes from gitlab-org/gitlab@master · 6a4ffad4
由 GitLab Bot 提交于 11月 26, 2019

6a4ffad4
I

Spec to ensure `_ids` are cleaned by ImportExport::AttributeCleaner · b308c803
由 Imre Farkas 提交于 11月 26, 2019

b308c803

Ensure attributes that end in `_ids` are cleaned · 0531a338

由 DJ Mountney 提交于 11月 25, 2019

This prevents an issue where you can steal other projects objects by
asking for ids that don't belong to you in import.

0531a338

G

Add latest changes from gitlab-org/gitlab@master · 23d23711
由 GitLab Bot 提交于 11月 26, 2019

23d23711
G

Add latest changes from gitlab-org/gitlab@master · 274dff4f
由 GitLab Bot 提交于 11月 26, 2019

274dff4f