- 28 2月, 2019 6 次提交
-
-
由 GitLab Release Tools Bot 提交于
[ci skip]
-
由 Robert Speicher 提交于
Display only information visible to current user on Milestone detail See merge request gitlab/gitlabhq!2918
-
由 Jarka Košanová 提交于
Display only labels and assignees of issues visible by the currently logged user Display only issues visible to user in the burndown chart
-
由 Yorick Peterse 提交于
Display the correct number of MRs a user has access to See merge request gitlab/gitlabhq!2928
-
由 Igor Drozdov 提交于
-
由 Yorick Peterse 提交于
Filter impersonated sessions from active sessions and remove ability to revoke session See merge request gitlab/gitlabhq!2982
-
- 27 2月, 2019 24 次提交
-
-
由 Yorick Peterse 提交于
Forbid creating discussions for users with restricted access See merge request gitlab/gitlabhq!2891
-
由 Yorick Peterse 提交于
Check issue milestone availability See merge request gitlab/gitlabhq!2905
-
由 Yorick Peterse 提交于
Prevent Releases links API to leak tag existence See merge request gitlab/gitlabhq!2909
-
由 Yorick Peterse 提交于
Disable issue board policies when issues are disabled See merge request gitlab/gitlabhq!2911
-
由 Yorick Peterse 提交于
Show only MRs visible to user on milestone detail See merge request gitlab/gitlabhq!2924
-
由 Yorick Peterse 提交于
Don't allow non-members to see private related MRs See merge request gitlab/gitlabhq!2931
-
由 Yorick Peterse 提交于
Validate session key when authorizing with GCP to create a cluster See merge request gitlab/gitlabhq!2935
-
由 Yorick Peterse 提交于
Fix git clone revealing private repo's presence See merge request gitlab/gitlabhq!2939
-
由 Yorick Peterse 提交于
Check snippet attached file to be moved is within designated directory See merge request gitlab/gitlabhq!2942
-
由 Yorick Peterse 提交于
Fix blind SSRF in Prometheus Integration See merge request gitlab/gitlabhq!2945
-
由 Reuben Pereira 提交于
Check validity before querying so that if the dns entry for the api_url has been changed to something invalid after the model was saved and checked for validity, it will not query. This is to solve a toctou (time of check to time of use) issue.
-
由 Yorick Peterse 提交于
Fix leaking private repository information in API See merge request gitlab/gitlabhq!2949
-
由 Yorick Peterse 提交于
Arbitrary file read via MergeRequestDiff See merge request gitlab/gitlabhq!2952
-
由 Francisco Javier López 提交于
-
由 Yorick Peterse 提交于
Remove link after issue move when no permissions See merge request gitlab/gitlabhq!2956
-
由 Yorick Peterse 提交于
Block local URLs for Kubernetes integration See merge request gitlab/gitlabhq!2960
-
由 Yorick Peterse 提交于
Merge branch 'security-add-public-internal-groups-as-members-to-your-project-idor-11-7' into '11-7-stable' Add public/internal groups as members to your Project(IDOR) See merge request gitlab/gitlabhq!2963
-
由 Yorick Peterse 提交于
Catch possible Addressable::URI::InvalidURIError See merge request gitlab/gitlabhq!2967
-
由 Yorick Peterse 提交于
Stop linking to unrecognized package sources See merge request gitlab/gitlabhq!2970
-
由 Yorick Peterse 提交于
[11.7] Prevent disclosing project milestone titles See merge request gitlab/gitlabhq!2974
-
由 Yorick Peterse 提交于
Limit number of characters allowed in mermaidjs See merge request gitlab/gitlabhq!2979
-
由 Imre Farkas 提交于
Session ID is used as a parameter for the revoke session endpoint but it should never be included in the HTML as an attacker could obtain it via XSS.
-
由 Imre Farkas 提交于
-
由 Rajat Jain 提交于
-
- 26 2月, 2019 2 次提交
-
-
由 Oswaldo Ferreira 提交于
-
由 Felipe Artur 提交于
Prevent unauthorized users having access to milestone titles through autocomplete endpoint.
-
- 25 2月, 2019 2 次提交
-
-
由 Oswaldo Ferreira 提交于
-
由 Oswaldo Ferreira 提交于
-
- 23 2月, 2019 1 次提交
-
-
由 Brett Walker 提交于
-
- 21 2月, 2019 4 次提交
-
-
由 Thong Kuah 提交于
Use existing `public_url` validation to block various local urls. Note that this validation will allow local urls if the "Allow requests to the local network from hooks and services" admin setting is enabled. Block KubeClient from using local addresses It will also respect `allow_local_requests_from_hooks_and_services` so if that is enabled KubeClinet will allow local addresses
-
由 Mark Chao 提交于
Previously one could move any temp/ sub folder around. Align spec with actual usage, as currently we pass temp file path to FileMover.
-
由 Luke Duncalfe 提交于
-
由 Jarka Košanová 提交于
Don't show new issue link after move when a user does not have permissions to display the new issue
-
- 20 2月, 2019 1 次提交
-
-
由 Małgorzata Ksionek 提交于
-