- 05 2月, 2019 2 次提交
-
-
由 Yorick Peterse 提交于
[11.7] Markdown of release notes leaks confidential issue titles and MR titles to any users See merge request gitlab/gitlabhq!2871 (cherry picked from commit f7d842f0521f6d209e1b390c9fb733c8bfe7918f) f2e331c1 Fix Markdown of release notes
-
由 Tim Zallmann 提交于
[11.7] Use sanitized user status message in user popover See merge request gitlab/gitlabhq!2839 (cherry picked from commit e5d355eb04e165fa1b9ccce1253b909a785d4bed) 21e70bba Use sanitized user status message for user popover
-
- 31 1月, 2019 3 次提交
-
-
由 GitLab Release Tools Bot 提交于
-
由 GitLab Release Tools Bot 提交于
[ci skip]
-
由 Yorick Peterse 提交于
[11.7] Fix requiring the rubyzip Gem See merge request gitlab/gitlabhq!2879
-
- 30 1月, 2019 7 次提交
-
-
由 Yorick Peterse 提交于
In commit 6fa5fd85 the `require: false` was removed to ensure the Gem was loaded at run time. Unfortunately, the `require` necessary for the rubyzip Gem is "zip" and not "rubyzip". As a result, Bundler would not require the Gem. This meant that we would still run into constant errors when referring to `Zip::File`.
-
由 GitLab Release Tools Bot 提交于
-
由 GitLab Release Tools Bot 提交于
[ci skip]
-
由 Robert Speicher 提交于
[ci skip]
-
由 Robert Speicher 提交于
This reverts commit 1d469732.
-
由 Robert Speicher 提交于
[11.7] Fix uninitialized constant with GitLab Pages See merge request gitlab/gitlabhq!2872
-
由 Stan Hu 提交于
pages:deploy step was failing with the following error: ``` unitialized constant SafeZip::Extract::Zip ``` Since license_finder already pulls in rubyzip, we can make it a required gem. We also use the scope operator to make the reference to Zip::File explicit.
-
- 29 1月, 2019 2 次提交
-
-
由 GitLab Release Tools Bot 提交于
-
由 GitLab Release Tools Bot 提交于
[ci skip]
-
- 28 1月, 2019 1 次提交
-
-
Fix a JS race in a spec Closes #56860 See merge request gitlab-org/gitlab-ce!24684 (cherry picked from commit b5e10cd3)
-
- 26 1月, 2019 1 次提交
-
-
由 Yorick Peterse 提交于
[11.7] Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs See merge request gitlab/gitlabhq!2828 (cherry picked from commit a38c1f3567a2c89eeb82dc79ca9f0bf620acbb5a) 1c1b45da Add `sanitize_name` helper to sanitize URLs in user full name aa974e9a Use `sanitize_name` to sanitize URL in user full name 0a09919e Add changelog entry
-
- 25 1月, 2019 4 次提交
-
-
由 Yorick Peterse 提交于
[11.7] Resolve "Removing a user from a private group doesn't remove them from group's project, if their project's role was changed" See merge request gitlab/gitlabhq!2867 (cherry picked from commit 26937476710811845c7818e987cd016c43c66d1e) 0eef2f34 Add subresources removal to member destroy service
-
由 Yorick Peterse 提交于
[11.7] Disable git v2 protocol temporarily See merge request gitlab/gitlabhq!2859 (cherry picked from commit f20f2b452fe91849645249044a9b3d3e381697a2) 49ebf1a3 Allow Gitaly to be built from a custom URL 0cab1a90 Disable git v2 protocol temporarily
-
由 Yorick Peterse 提交于
[11.7] Resolve "[Security] Stored XSS via KaTeX" See merge request gitlab/gitlabhq!2820 (cherry picked from commit 53d5ce14f5b08a9733b8041b768ace2d1ec04d47) 63d8d0de 11.7 backport of fix for XSS in KaTex Links 699d42e4 Merge branch 'security-11-7' of https://dev.gitlab.org/gitlab/gitlabhq into...
-
由 Yorick Peterse 提交于
[11.7] Alias GitHub and BitBucket OAuth2 callback URLs See merge request gitlab/gitlabhq!2845 (cherry picked from commit 7d3c6d8ba58e0e9875fdd2dfbe7690ddc50fad81) 9ec0072d Alias GitHub and BitBucket OAuth2 callback URLs
-
- 24 1月, 2019 19 次提交
-
-
由 Yorick Peterse 提交于
[11.7] Security fix user email tag push leak See merge request gitlab/gitlabhq!2809 (cherry picked from commit f59786036d65a881370073d55f8ab531405d3093) cbfa6282 Prefer build() rather than create() d34ea609 Fix private user email being visible in tag webhooks
-
由 Yorick Peterse 提交于
[11.7] Fix error disclosure on Project Import See merge request gitlab/gitlabhq!2763 (cherry picked from commit 290faddb699a81b4d6fea415d712081a021f050b) c76d91ea Fix path disclosure on Project Import
-
由 Yorick Peterse 提交于
[11.7] Contributed projects info is still visible even user enable private profile See merge request gitlab/gitlabhq!2764 (cherry picked from commit 8bc7243251f23a9e4e12b49eb47f5c3e81ebe5eb) 912627a5 Fix contributed projects finder shown private info
-
由 Yorick Peterse 提交于
[11.7] Fix Imported Project Retains Prior Visibility Setting See merge request gitlab/gitlabhq!2854 (cherry picked from commit b1463fb9d098d8064111a0dc896d52f9217c217b) 4ff58136 Fix tree restorer visibility level
-
由 Yorick Peterse 提交于
[11.7] Sent notification only to authorized users See merge request gitlab/gitlabhq!2856 (cherry picked from commit 578b8f124aa3edc2e3d2b937b5f9e842aec6eaef) e9f82b57 Sent notification only to authorized users
-
由 Yorick Peterse 提交于
[11.7] GitLab vulnerable to IDN homograph attacks and RTLO attacks See merge request gitlab/gitlabhq!2821
-
由 Yorick Peterse 提交于
[11.7] Do not expose trigger token when user should not see it See merge request gitlab/gitlabhq!2855 (cherry picked from commit 17ce10bc58a06e202d2194dc64ec132a1f6305bc) 74b4bb38 Do not expose trigger token when user should not see it
-
由 Yorick Peterse 提交于
[11.7] Fix DoS in reference extraction regexes See merge request gitlab/gitlabhq!2777 (cherry picked from commit f6d9535085c5d155545865e3443dd96b5d6ecc5a) cfa6bf24 Fix slow project reference pattern regex
-
由 Yorick Peterse 提交于
[11.7] Don't process MR refs for guests in the notes See merge request gitlab/gitlabhq!2780 (cherry picked from commit f97d526d0837476eccbf6178bfebf1ed01c652eb) e9793936 Don't process MR refs for guests in the notes
-
由 Yorick Peterse 提交于
[11.7] Fix access to internal wiki when external wiki is enabled See merge request gitlab/gitlabhq!2800 (cherry picked from commit 0779e55ae65f18aa1f60fa042f5ba38f51a58c9e) 2801e1db Fixed bug when external wiki is enabled
-
由 Yorick Peterse 提交于
[11.7] Pipelines section is available to unauthorized users See merge request gitlab/gitlabhq!2804 (cherry picked from commit 2bf899ed3a5306bb934507dc0584fd3d26f490bc) 627c00da Backport security fix 4c369519 Add CHANGELOG entry
-
由 Yorick Peterse 提交于
[11.7] Use common error for not logged in users when creating issues See merge request gitlab/gitlabhq!2811 (cherry picked from commit f51985622240a3ea84b122a01c0fdb20c4320443) 8179795d Use common error for unauthenticated users
-
由 Yorick Peterse 提交于
[11.7] Group Guests are no longer able to see merge requests See merge request gitlab/gitlabhq!2814 (cherry picked from commit 190167d542fab9bfe8d41b6f87f5be4fbeb699f7) fe6504ed Group Guests are no longer able to see merge requests
-
由 Yorick Peterse 提交于
[11.7] LFS object forgery in project import See merge request gitlab/gitlabhq!2817 (cherry picked from commit d618b5b493d9c8d5e50a4e98f0f3f9bd590db9dc) 5aeac80a Added validations to prevent LFS object forgery
-
由 Yorick Peterse 提交于
[11.7] Fix discussion replies permissions check See merge request gitlab/gitlabhq!2824 (cherry picked from commit 9b4e7708495abe1fc3d8dc7f8ab41cc86206fff4) d845ca7d Prevent comments by email when issue is locked
-
由 Yorick Peterse 提交于
[11.7] Stop showing ci for guest users See merge request gitlab/gitlabhq!2832 (cherry picked from commit a40c184fb36be7c61fc3ad643fa89b0097106304) 566b58d1 Stop showing ci for guest users
-
由 Yorick Peterse 提交于
[11.7] Security extract pages with rubyzip See merge request gitlab/gitlabhq!2833 (cherry picked from commit 043aa20e5c2e6bd51fea2184ed91d3aea950dc1a) 1aaec24c Extract GitLab Pages using RubyZip
-
由 Yorick Peterse 提交于
[11.7] Revoke award_emoji permissions for confidential issues See merge request gitlab/gitlabhq!2849 (cherry picked from commit 0ead6f886e437d3a99c22e0adf85f768d8293cad) 0be8c4c9 Prevent award_emoji to notes not visible to user
-
由 Yorick Peterse 提交于
[11.7] Verify that LFS upload requests are genuine See merge request gitlab/gitlabhq!2862 (cherry picked from commit 54f089a47ef1706edc809ac90cbd6ef889de4e5e) 006f5e6b Verify that LFS upload requests are genuine
-
- 22 1月, 2019 1 次提交
-
-
由 GitLab Release Tools Bot 提交于
-