- 27 8月, 2019 3 次提交
-
-
由 Oswaldo Ferreira 提交于
When post-processing relative links to absolute links RelativeLinkFilter didn't take into consideration that internal repository data could be exposed for users that do not have repository access to the project. This commit solves that by checking whether the user can `download_code` at this repository, avoiding any processing of this filter if the user can't. Additionally, if we're processing for a group ( no project was given), we check if the user can read it in order to expand the href as an extra. That doesn't seem necessarily a breach now, but an extra check doesn't hurt as after all the user needs to be able to `read_group`.
-
由 GitLab Release Tools Bot 提交于
Ensure only authorised users can create notes on merge requests and issues See merge request gitlab/gitlabhq!3324
-
由 Alex Kalderimis 提交于
* Prevent creating notes on inaccessible MRs This applies the notes rules at the MR scope. Rather than adding extra rules to the Project level policy, preventing :create_note here is better since it only prevents creating notes on MRs. * Prevent creating notes in inaccessible Issues without this policy, non-team-members are allowed to comment on issues even when the project has the private-issues policy set. This means that without this change, users are allowed to comment on issues that they cannot read. * Add CHANGELOG entry
-
- 26 8月, 2019 22 次提交
-
-
由 GitLab Release Tools Bot 提交于
Prevent disclosure of merge request id via email See merge request gitlab/gitlabhq!3350
-
由 GitLab Release Tools Bot 提交于
Send TODOs for comments on commits correctly See merge request gitlab/gitlabhq!3365
-
由 GitLab Release Tools Bot 提交于
Gitaly: ignore git redirects See merge request gitlab/gitlabhq!3374
-
由 GitLab Release Tools Bot 提交于
Project visibility restriction bypass See merge request gitlab/gitlabhq!3330
-
由 Jacob Vosmaer 提交于
-
由 George Koltsov 提交于
Add Gitlab::VisibilityLevelChecker that verifies selected project visibility level (or overridden param) is not restricted when creating or importing a project
-
由 GitLab Release Tools Bot 提交于
DNS Rebind SSRF in Kubernetes Integration See merge request gitlab/gitlabhq!3268
-
由 GitLab Release Tools Bot 提交于
Filter out old system notes for epics in notes api endpoint response See merge request gitlab/gitlabhq!3314
-
由 GitLab Release Tools Bot 提交于
Fix HTML injection for label description See merge request gitlab/gitlabhq!3315
-
由 GitLab Release Tools Bot 提交于
Permission fix for MergeRequestsController#pipeline_status See merge request gitlab/gitlabhq!3322
-
由 GitLab Release Tools Bot 提交于
Limit the size of issuable description and comments See merge request gitlab/gitlabhq!3323
-
由 GitLab Release Tools Bot 提交于
Add merge note type as cross reference See merge request gitlab/gitlabhq!3328
-
由 GitLab Release Tools Bot 提交于
Use image proxy to mitigate stealing ip addresses See merge request gitlab/gitlabhq!3333
-
由 GitLab Release Tools Bot 提交于
Fix DNS rebind vulnerability for JIRA integration See merge request gitlab/gitlabhq!3338
-
由 GitLab Release Tools Bot 提交于
Introduce JobActivity limit for alive jobs See merge request gitlab/gitlabhq!3343
-
由 GitLab Release Tools Bot 提交于
Clear reset_password_tokens when login (email or username) change See merge request gitlab/gitlabhq!3346
-
由 GitLab Release Tools Bot 提交于
Require a captcha after unique failed logins from the same IP See merge request gitlab/gitlabhq!3349
-
由 GitLab Release Tools Bot 提交于
Enforce max chars and max render time in markdown math See merge request gitlab/gitlabhq!3353
-
由 GitLab Release Tools Bot 提交于
Restrict MergeRequests#test_reports to authenticated users with read-access on Builds See merge request gitlab/gitlabhq!3354
-
由 GitLab Release Tools Bot 提交于
Add direct upload support for personal snippets See merge request gitlab/gitlabhq!3359
-
由 GitLab Release Tools Bot 提交于
admin_group authorization for Groups::RunnersController See merge request gitlab/gitlabhq!3362
-
由 GitLab Release Tools Bot 提交于
Re-escape the whole HTML content when finding HTML references See merge request gitlab/gitlabhq!3370
-
- 24 8月, 2019 3 次提交
-
-
由 GitLab Release Tools Bot 提交于
-
由 GitLab Release Tools Bot 提交于
[ci skip]
-
由 John Skarbek 提交于
Prepare 12.2.1 release See merge request gitlab-org/gitlab-ce!32107
-
- 23 8月, 2019 12 次提交
-
-
由 Stan Hu 提交于
Reduce dedup calls to gc only See merge request gitlab-org/gitlab-ce!32083
-
由 Nick Thomas 提交于
At present, the TodoService uses the `:read_project` ability to decide whether a user can read a note on a commit. However, commits can have a visibility level that is more restricted than the project, so this is a security issue. This commit changes the code to use the `:read_commit` ability in this case instead, which ensures TODOs are only generated for commit notes if the users can see the commit.
-
由 Mayra Cabrera 提交于
Fix "ERR value is not an integer or out of range" errors Closes #66449 See merge request gitlab-org/gitlab-ce!32126 (cherry picked from commit 8832aa95) 6bda359b Fix "ERR value is not an integer or out of range" errors
-
由 Clement Ho 提交于
Embed metrics undefined param fix Closes #66177 See merge request gitlab-org/gitlab-ce!31975 (cherry picked from commit 04b37e42) 1ebc87e9 Remove dashboard param when undefined 8122a21a Insert additional assertion 2c4e17f9 Ensure all params have the option to be dropped when falsy 3812e4f3 Use isNil check 5ed2c263 Add tests and null check 2ebe1715 Add change log entry
-
由 Achilleas Pipinellis 提交于
Clarify when new values are valid See merge request gitlab-org/gitlab-ce!31951 (cherry picked from commit 47c069cc) 1efa52be Clarify when new values are valid
-
由 Sean McGivern 提交于
Fix Gitaly N+1 calls with listing issues/MRs via API Closes #66202 See merge request gitlab-org/gitlab-ce!31938 (cherry picked from commit 57ec78d5) ba7c501f Fix Gitaly N+1 calls with listing issues/MRs via API
-
由 Achilleas Pipinellis 提交于
Embed specific metrics chart in issue docs See merge request gitlab-org/gitlab-ce!31900 (cherry picked from commit aed489bf) 482642b0 Adds specific metric styles and prop 146243da Updated styles, removed css :D 0a5d49f7 Adds docs for embedding chart 4bbb0ddf Simpler null checks 758a195b Fix some wrapping issues d6550ad4 Fix lint and prop type 675639cc Remove everything that isn't docs eb27d0f1 Apply suggestion to doc/user/project/integrations/prometheus.md 364e7219 Compress generate_link_to_chart.png image
-
由 Achilleas Pipinellis 提交于
Merge branch '64950-move-download-csv-button-functionality-in-metrics-dashboard-cards-into-the-dropdown' into 'master' Add docs for csv download Closes #66291 See merge request gitlab-org/gitlab-ce!31870 (cherry picked from commit 8b0acc31) 40327645 Adds docs for downloading csv 11f959ad Compress download_as_csv.png image 5cf5a52f Merge remote-tracking branch 'origin/master' into...
-
由 Achilleas Pipinellis 提交于
Rename License Management to License Compliance Closes #63329 See merge request gitlab-org/gitlab-ce!31590 (cherry picked from commit 11fd6bdf) 80b05132 Rename License Management to License Compliance
-