- 27 11月, 2019 5 次提交
-
-
由 GitLab Bot 提交于
-
由 GitLab Release Tools Bot 提交于
-
由 GitLab Release Tools Bot 提交于
Fix invalid byte sequence See merge request gitlab/gitlabhq!3547
-
由 GitLab Release Tools Bot 提交于
-
由 GitLab Release Tools Bot 提交于
[ci skip]
-
- 26 11月, 2019 13 次提交
-
-
由 GitLab Release Tools Bot 提交于
Update Workhorse and Gitaly to fix a security issue See merge request gitlab/gitlabhq!3531
-
由 GitLab Release Tools Bot 提交于
Hide AWS secret on Admin Integration page See merge request gitlab/gitlabhq!3532
-
由 Justin Ho Tuan Duong 提交于
-
由 GitLab Release Tools Bot 提交于
Prevent guests from seeing commits for cycle analytics See merge request gitlab/gitlabhq!3534
-
由 GitLab Release Tools Bot 提交于
Related Branches Visible to Guests in Issue Activity See merge request gitlab/gitlabhq!3538
-
由 GitLab Release Tools Bot 提交于
GitLab stores AWS, Slack, Askimet, reCaptcha tokens in plaintext See merge request gitlab/gitlabhq!3543
-
由 GitLab Release Tools Bot 提交于
Use Gitlab::HTTP for all chat notifications See merge request gitlab/gitlabhq!3544
-
由 GitLab Release Tools Bot 提交于
Fix private comment Elasticsearch leak See merge request gitlab/gitlabhq!3546
-
由 GitLab Release Tools Bot 提交于
Escape namespace in label references See merge request gitlab/gitlabhq!3550
-
由 GitLab Release Tools Bot 提交于
Check permissions before showing a forked project's source See merge request gitlab/gitlabhq!3555
-
由 GitLab Release Tools Bot 提交于
Ensure attributes that end in `_ids` are cleaned See merge request gitlab/gitlabhq!3558
-
由 Imre Farkas 提交于
-
由 DJ Mountney 提交于
This prevents an issue where you can steal other projects objects by asking for ids that don't belong to you in import.
-
- 25 11月, 2019 3 次提交
-
-
由 Nick Thomas 提交于
-
由 Arturo Herrero 提交于
We had concerns about the cached values on Redis with the previous two releases strategy: First release (this commit): - Create new encrypted fields in the database. - Start populating new encrypted fields, read the encrypted fields or fallback to the plaintext fields. - Backfill the data removing the plaintext fields to the encrypted fields. Second release: - Remove the virtual attribute (created in step 2). - Drop plaintext columns from the database (empty columns after step 3). We end up with a better strategy only using migration scripts in one release: - Pre-deployment migration: Add columns required for storing encrypted values. - Pre-deployment migration: Store the encrypted values in the new columns. - Post-deployment migration: Remove the old unencrypted columns
-
由 Heinrich Lee Yu 提交于
When referencing cross-namespace labels, we append the namespace name to the rendered label. This MR escapes the name to prevent XSS attacks.
-
- 22 11月, 2019 11 次提交
-
-
由 GitLab Bot 提交于
-
由 Patrick Derichs 提交于
-
由 Dylan Griffith 提交于
-
由 Mark Chao 提交于
-
由 Mark Chao 提交于
Disabled features are ignored as they are grey areas
-
由 Mark Chao 提交于
Some feature allows GUEST to access only if project is not private. This method returns access level when targeting private projects.
-
由 Mark Chao 提交于
Guest are blocked to certain feature when project is private, therefore the scope would filter additionally with REPORTER level.
-
由 Mark Chao 提交于
Remove impossible cases due to private project's features can only be private or disabled. Fix spec due to sidekiq indexing not triggered. Update guest use cases: some features has additional constraint that "Guest users are able to perform action on public/internal projects, but not private ones."
-
由 GitLab Release Tools Bot 提交于
-
由 GitLab Release Tools Bot 提交于
[ci skip]
-
由 GitLab Bot 提交于
-
- 21 11月, 2019 5 次提交
-
-
由 Hordur Freyr Yngvason 提交于
-
由 Nick Thomas 提交于
-
由 Arturo Herrero 提交于
This is the plan to encrypt the plaintext tokens: First release (this commit): 1. Create new encrypted fields in the database. 2. Start populating new encrypted fields, read the encrypted fields or fallback to the plaintext fields. 3. Backfill the data removing the plaintext fields to the encrypted fields. Second release: 4. Remove the virtual attribute (created in step 2). 5. Drop plaintext columns from the database (empty columns after step 3).
-
由 GitLab Bot 提交于
-
由 GitLab Bot 提交于
-
- 20 11月, 2019 3 次提交
-
-
由 Kerri Miller 提交于
Notes related to branch creation should not be shown in an issue's activity feed when the user doesn't have access to :download_code.
-
由 GitLab Bot 提交于
-
由 GitLab Bot 提交于
-