提交 · v11.7.8 · 李少辉-开发者 / gitlab-foss

27 3月, 2019 5 次提交
- G
  
  Update VERSION to 11.7.8 · 5789fdca
  由 GitLab Release Tools Bot 提交于 3月 26, 2019
  
  5789fdca
- G
  Update CHANGELOG.md for 11.7.8 · eccc8f05
  由 GitLab Release Tools Bot 提交于 3月 26, 2019
```
[ci skip]
```
  eccc8f05
- Y
  Merge branch 'security-55503-fix-pdf-js-11-7' into '11-7-stable' · e0a40301
  由 Yorick Peterse 提交于 3月 26, 2019
```
Fix PDF.js vulnerability

See merge request gitlab/gitlabhq!3026
```
  e0a40301
- Y
  Merge branch 'security-mass-assignment-on-project-update-11-7' into '11-7-stable' · 9426a45f
  由 Yorick Peterse 提交于 3月 26, 2019
```
Disallow changing namespace of a project in update method

See merge request gitlab/gitlabhq!3031
```
  9426a45f
- G
  Merge branch 'security-milestone-labels-11-7' into '11-7-stable' · 8ab12f76
  由 GitLab Release Tools Bot 提交于 3月 26, 2019
```
Check label_ids parent when updating issue board

See merge request gitlab/gitlabhq!3037
```
  8ab12f76
26 3月, 2019 7 次提交
- G
  Merge branch 'security-use-untrusted-regexp-11-7' into '11-7-stable' · 915ab7e4
  由 GitLab Release Tools Bot 提交于 3月 26, 2019
```
Use UntrustedRegexp for CI refs matching

See merge request gitlab/gitlabhq!3008
```
  915ab7e4
- G
  Merge branch 'security-exif-migration-11-7' into '11-7-stable' · 7dbabf74
  由 GitLab Release Tools Bot 提交于 3月 26, 2019
```
Rake task for removing exif from uploads

See merge request gitlab/gitlabhq!3012
```
  7dbabf74
- G
  Merge branch 'security-2819-xss-resolve-conflicts-branch-name-11-7' into '11-7-stable' · 5db323b2
  由 GitLab Release Tools Bot 提交于 3月 26, 2019
```
Fix XSS in resolve conflicts form

See merge request gitlab/gitlabhq!2988
```
  5db323b2
- G
  Merge branch 'security-56224-11-7' into '11-7-stable' · f6474895
  由 GitLab Release Tools Bot 提交于 3月 26, 2019
```
Fix related branches visible in issues for guests

See merge request gitlab/gitlabhq!3020
```
  f6474895
- G
  Merge branch 'security-disallow-guests-to-access-releases-11-7' into '11-7-stable' · 90578991
  由 GitLab Release Tools Bot 提交于 3月 26, 2019
```
Disallow guest users from accessing Releases

See merge request gitlab/gitlabhq!3044
```
  90578991
- S
  Disallow guest users from accessing Releases · 535761c9
  由 Shinya Maeda 提交于 3月 22, 2019
```
As they do not have a permission to read git tag
```
  535761c9
- M
  
  Refactor specs according to the code review · e70564ff
  由 Małgorzata Ksionek 提交于 3月 26, 2019
  
  e70564ff
25 3月, 2019 3 次提交
- J
  Rake task for removing exif from uploads · bbc9fde9
  由 Jan Provaznik 提交于 1月 30, 2019
```
Adds a rake task which can be used for removing EXIF
data from existing uploads.
```
  bbc9fde9
- M
  
  Add cr remarks · 8e281c9e
  由 Małgorzata Ksionek 提交于 3月 25, 2019
  
  8e281c9e
- J
  Check if labels are available for target issuable · 392650e3
  由 Jarka Košanová 提交于 2月 12, 2019
```
- labels have to be in the same project/group
as an issuable
```
  392650e3
21 3月, 2019 1 次提交
- M
  
  Disallow changing namespace of a project in update method · 41af40d4
  由 Małgorzata Ksionek 提交于 3月 20, 2019
  
  41af40d4
20 3月, 2019 2 次提交
- N
  Updated PDF.js to 2.0.943 · 6582c653
  由 Natalia Tepluhina 提交于 3月 20, 2019
```
fix: changed PDFJS prop to GlobalWorkerOptions

Fixed pdf tests

Added changelog entry
```
  6582c653
- M
  Hide related branches when user does not have permission · 53e34ced
  由 Mark Chao 提交于 3月 11, 2019
```
Guest user of a project should not see branches
```
  53e34ced
19 3月, 2019 4 次提交
- G
  
  Update VERSION to 11.7.7 · 9d826aed
  由 GitLab Release Tools Bot 提交于 3月 19, 2019
  
  9d826aed
- G
  Update CHANGELOG.md for 11.7.7 · 772c302c
  由 GitLab Release Tools Bot 提交于 3月 19, 2019
```
[ci skip]
```
  772c302c
- Y
  Merge branch 'security-11-7-2826-fix-project-serialization-in-quick-actions' into '11-7-stable' · 794e4471
  由 Yorick Peterse 提交于 3月 19, 2019
```
Fix project serialization in quick actions response

See merge request gitlab/gitlabhq!3017
```
  794e4471
- H
  Only return `commands_changes` used in frontend · ac76ec79
  由 Heinrich Lee Yu 提交于 3月 15, 2019
```
When executing quick actions, this limits the `commands_changes`
response to only those used by the frontend
```
  ac76ec79
15 3月, 2019 1 次提交

Make CI refs matching to to use UntrustedRegexp · 0b6dc415

由 Kamil Trzciński 提交于 2月 25, 2019

This makes ref validation to use always `UntrustedRegexp`.
This also splits the existing RubySyntax into separate
class.

0b6dc415

05 3月, 2019 2 次提交

Fix XSS in resolve conflicts form · ad7d7bed

由 Paul Slaughter 提交于 2月 26, 2019

The issue arose when the branch name contained Vue template
JavaScript. The fix is to use `v-pre` which disables Vue
compilation in a template.

ad7d7bed

Y
Merge branch 'security-shared-project-private-group-11-7' into '11-7-stable' · 68df5737
由 Yorick Peterse 提交于 3月 04, 2019
```
Sharing a public project with a private group makes the group page publicly accessible

See merge request gitlab/gitlabhq!2985
```
68df5737

28 2月, 2019 8 次提交
- M
  
  Secure vulerability and add specs · 97b595d4
  由 Małgorzata Ksionek 提交于 2月 11, 2019
  
  97b595d4
- G
  
  Update VERSION to 11.7.6 · bcd4e1f5
  由 GitLab Release Tools Bot 提交于 2月 28, 2019
  
  bcd4e1f5
- G
  Update CHANGELOG.md for 11.7.6 · 75da2f5e
  由 GitLab Release Tools Bot 提交于 2月 28, 2019
```
[ci skip]
```
  75da2f5e
- R
  Merge branch '11-7-security-2774-milestones-detail' into '11-7-stable' · a94c8852
  由 Robert Speicher 提交于 2月 27, 2019
```
Display only information visible to current user on Milestone detail

See merge request gitlab/gitlabhq!2918
```
  a94c8852
- J
  Display only informaton visible to current user · ac13d729
  由 Jarka Košanová 提交于 1月 17, 2019
```
Display only labels and assignees of issues
visible by the currently logged user
Display only issues visible to user in the burndown chart
```
  ac13d729
- Y
  Merge branch 'security-id-fix-mr-visibility-11-7' into '11-7-stable' · 8a37856c
  由 Yorick Peterse 提交于 2月 27, 2019
```
Display the correct number of MRs a user has access to

See merge request gitlab/gitlabhq!2928
```
  8a37856c
- I
  
  Display the correct number of MRs a user has access to · 3c90c6ff
  由 Igor Drozdov 提交于 2月 27, 2019
  
  3c90c6ff
- Y
  Merge branch 'security-2818_filter_impersonated_sessions-11-7' into '11-7-stable' · ab8185ed
  由 Yorick Peterse 提交于 2月 27, 2019
```
Filter impersonated sessions from active sessions and remove ability to revoke session

See merge request gitlab/gitlabhq!2982
```
  ab8185ed
27 2月, 2019 7 次提交
- Y
  Merge branch 'security-id-restricted-access-to-private-repo-11-7' into '11-7-stable' · 2eb2d081
  由 Yorick Peterse 提交于 2月 27, 2019
```
Forbid creating discussions for users with restricted access

See merge request gitlab/gitlabhq!2891
```
  2eb2d081
- Y
  Merge branch '11-7-security-2773-milestones-fix' into '11-7-stable' · cf35ec58
  由 Yorick Peterse 提交于 2月 27, 2019
```
Check issue milestone availability

See merge request gitlab/gitlabhq!2905
```
  cf35ec58
- Y
  Merge branch 'security-tags-oracle-11-7' into '11-7-stable' · 969855d5
  由 Yorick Peterse 提交于 2月 27, 2019
```
Prevent Releases links API to leak tag existence

See merge request gitlab/gitlabhq!2909
```
  969855d5
- Y
  Merge branch 'security-2798-fix-boards-policy-11-7' into '11-7-stable' · b7cfcb5a
  由 Yorick Peterse 提交于 2月 27, 2019
```
Disable issue board policies when issues are disabled

See merge request gitlab/gitlabhq!2911
```
  b7cfcb5a
- Y
  Merge branch '11-7-security-2797-milestone-mrs' into '11-7-stable' · dae57f56
  由 Yorick Peterse 提交于 2月 27, 2019
```
Show only MRs visible to user on milestone detail

See merge request gitlab/gitlabhq!2924
```
  dae57f56
- Y
  Merge branch 'security-commit-private-related-mr-11-7' into '11-7-stable' · 7018c57a
  由 Yorick Peterse 提交于 2月 27, 2019
```
Don't allow non-members to see private related MRs

See merge request gitlab/gitlabhq!2931
```
  7018c57a
- Y
  Merge branch 'security-kubernetes-google-login-csrf-11-7' into '11-7-stable' · fd785650
  由 Yorick Peterse 提交于 2月 27, 2019
```
Validate session key when authorizing with GCP to create a cluster

See merge request gitlab/gitlabhq!2935
```
  fd785650