- 27 2月, 2019 14 次提交
-
-
由 Yorick Peterse 提交于
Check snippet attached file to be moved is within designated directory See merge request gitlab/gitlabhq!2942
-
由 Yorick Peterse 提交于
Fix blind SSRF in Prometheus Integration See merge request gitlab/gitlabhq!2945
-
由 Reuben Pereira 提交于
Check validity before querying so that if the dns entry for the api_url has been changed to something invalid after the model was saved and checked for validity, it will not query. This is to solve a toctou (time of check to time of use) issue.
-
由 Yorick Peterse 提交于
Fix leaking private repository information in API See merge request gitlab/gitlabhq!2949
-
由 Yorick Peterse 提交于
Arbitrary file read via MergeRequestDiff See merge request gitlab/gitlabhq!2952
-
由 Francisco Javier López 提交于
-
由 Yorick Peterse 提交于
Remove link after issue move when no permissions See merge request gitlab/gitlabhq!2956
-
由 Yorick Peterse 提交于
Block local URLs for Kubernetes integration See merge request gitlab/gitlabhq!2960
-
由 Yorick Peterse 提交于
Merge branch 'security-add-public-internal-groups-as-members-to-your-project-idor-11-7' into '11-7-stable' Add public/internal groups as members to your Project(IDOR) See merge request gitlab/gitlabhq!2963
-
由 Yorick Peterse 提交于
Catch possible Addressable::URI::InvalidURIError See merge request gitlab/gitlabhq!2967
-
由 Yorick Peterse 提交于
Stop linking to unrecognized package sources See merge request gitlab/gitlabhq!2970
-
由 Yorick Peterse 提交于
[11.7] Prevent disclosing project milestone titles See merge request gitlab/gitlabhq!2974
-
由 Yorick Peterse 提交于
Limit number of characters allowed in mermaidjs See merge request gitlab/gitlabhq!2979
-
由 Rajat Jain 提交于
-
- 26 2月, 2019 2 次提交
-
-
由 Oswaldo Ferreira 提交于
-
由 Felipe Artur 提交于
Prevent unauthorized users having access to milestone titles through autocomplete endpoint.
-
- 25 2月, 2019 2 次提交
-
-
由 Oswaldo Ferreira 提交于
-
由 Oswaldo Ferreira 提交于
-
- 23 2月, 2019 1 次提交
-
-
由 Brett Walker 提交于
-
- 21 2月, 2019 4 次提交
-
-
由 Thong Kuah 提交于
Use existing `public_url` validation to block various local urls. Note that this validation will allow local urls if the "Allow requests to the local network from hooks and services" admin setting is enabled. Block KubeClient from using local addresses It will also respect `allow_local_requests_from_hooks_and_services` so if that is enabled KubeClinet will allow local addresses
-
由 Mark Chao 提交于
Previously one could move any temp/ sub folder around. Align spec with actual usage, as currently we pass temp file path to FileMover.
-
由 Luke Duncalfe 提交于
-
由 Jarka Košanová 提交于
Don't show new issue link after move when a user does not have permissions to display the new issue
-
- 20 2月, 2019 3 次提交
-
-
由 Małgorzata Ksionek 提交于
-
由 Luke Duncalfe 提交于
defaultBranch and ciConfigPath should only be available to users with the :download_code permission for the Project, as the respository might be private. When implementing the authorize check on these properties, it was found that our current Graphql::Authorize::Instrumentation class does not work with fields that resolve to subclasses of GraphQL::Schema::Scalar, like GraphQL::STRING_TYPE. After discussion with other Create Team members, it has been decided that because the GraphQL API is not GA, to remove these properties from ProjectType, and instead implement them as part of epic https://gitlab.com/groups/gitlab-org/-/epics/711 Issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/55316
-
由 Luke Duncalfe 提交于
default_branch, statistics and config_ci_path are now only exposed if the user has permissions to the repository.
-
- 06 2月, 2019 14 次提交
-
-
由 GitLab Release Tools Bot 提交于
-
由 GitLab Release Tools Bot 提交于
[ci skip]
-
由 Alex Hanselka 提交于
Prepare 11.7.5 release See merge request gitlab-org/gitlab-ce!24941
-
由 Achilleas Pipinellis 提交于
Add documentation for new NGINX Ingress metrics Closes #56473 See merge request gitlab-org/gitlab-ce!24449
-
由 Rémy Coutable 提交于
Changed external wiki query method to prevent attribute caching Closes #57228 See merge request gitlab-org/gitlab-ce!24907 (cherry picked from commit 7ffbfeb1) 247bd122 Changed external wiki query method to prevent attribute caching
-
由 Nick Thomas 提交于
Fix Detect Host Keys not working Closes #56855 See merge request gitlab-org/gitlab-ce!24884 (cherry picked from commit 2b0f4df0) 4c1231ac Fix SSH Detect Host Keys not working
-
由 Douwe Maan 提交于
Fix migration when project repository is missing See merge request gitlab-org/gitlab-ce!24859 (cherry picked from commit c5d43124) db35a3ae Fix migration when project repository is missing
-
由 Mark Lapierre 提交于
Quarantine diff patch spec See merge request gitlab-org/gitlab-ce!24769 (cherry picked from commit 244f4f5f) 58ec656b Quarantine failing test
-
由 Filipa Lacerda 提交于
Init GLForm instance on form while editing tags Closes #56424 See merge request gitlab-org/gitlab-ce!24645 (cherry picked from commit 15a7f3c6) 7506275e Init GLForm instance on form while editing tags b0746e79 Add changelog entry
-
由 Lin Jen-Shin 提交于
Pass $CI_COMMIT_TAG as GITLAB_TAG to the CNG triggered pipelines See merge request gitlab-org/gitlab-ce!24639 (cherry picked from commit cc4b5656) 79eec047 Pass $CI_COMMIT_TAG as GITLAB_TAG to the CNG triggered pipelines
-
由 Phil Hughes 提交于
Adjusts suggestions unable to be applied Closes #56690 See merge request gitlab-org/gitlab-ce!24603 (cherry picked from commit 7c7916ba) 1b93b3b6 Adjusts suggestions unable to be applied
-
由 Mark Lapierre 提交于
[QA] Use public_email instead of email since it's available Closes gitlab-org/quality/staging#27 See merge request gitlab-org/gitlab-ce!24533 (cherry picked from commit 19add921) cbc3d1f9 [QA] Use public_email instead of email since it's available
-