Commits · v13.8.6-ee · ci-test-user-mk / GitLab

Mar 17, 2021
- Update VERSION files · 19edc636
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v13.8.6-ee v13.8.6-ee
  
  19edc636
- Update CHANGELOG.md for 13.8.6-ee · c2f95557
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  c2f95557
- Update CHANGELOG-EE.md for 13.8.6-ee · 2a3caeab
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  2a3caeab
- Update Gitaly version to 13.8.6 · 2757e17b
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  2757e17b
Mar 16, 2021
- Merge branch 'security/patch-kramdown-13-8' into '13-8-stable-ee' · e614aff1
  Yorick Peterse authored 3 years ago
  
  Patch Kramdown syntax highlighter gem See merge request gitlab-org/security/gitlab!1292
  e614aff1
Mar 15, 2021

Patch Kramdown syntax highlighter gem · 6f075e3d

Stan Hu authored 3 years ago

This restricts Rouge formatters to the Rouge::Formatters namespace to
prevent arbitrary classes from being instantiated.

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/324452

6f075e3d

Mar 04, 2021
- Merge remote-tracking branch 'dev/13-8-stable-ee' into 13-8-stable-ee · 0dc2c4ac
  GitLab Release Tools Bot authored 4 years ago
  
  0dc2c4ac
- Update VERSION files · cf644d8c
  GitLab Release Tools Bot authored 4 years ago
  
  [merge-train skip]
  View commits for tag v13.8.5-ee v13.8.5-ee
  
  cf644d8c
- Update CHANGELOG.md for 13.8.5-ee · bb14b8d7
  GitLab Release Tools Bot authored 4 years ago
  
  [ci skip]
  bb14b8d7
- Update CHANGELOG-EE.md for 13.8.5-ee · 14b169ec
  GitLab Release Tools Bot authored 4 years ago
  
  [ci skip]
  14b169ec
- Update Gitaly version to 13.8.5 · 9af09525
  GitLab Release Tools Bot authored 4 years ago
  
  [ci skip]
  9af09525
Mar 03, 2021
- Merge branch 'security-jv-workhorse-router-13-8' into '13-8-stable-ee' · 6b9f45dc
  Robert Speicher authored 4 years ago
  
  Workhorse: prevent escaped router path traversal See merge request gitlab-org/security/gitlab!1266
  6b9f45dc
- Merge branch 'security-13-8-fj-fix-xss-wiki-email' into '13-8-stable-ee' · 76fd9391
  Robert Speicher authored 4 years ago
  
  Possible XSS in wiki author name See merge request gitlab-org/security/gitlab!1251
  76fd9391
- Merge branch 'security-clean-up-active-sessions-13-8' into '13-8-stable-ee' · 066a2ba6
  GitLab Release Tools Bot authored 4 years ago
  
  Clean up active session file See merge request gitlab-org/security/gitlab!1270
  066a2ba6
- Merge branch 'security-upgrade-swagger-ui-13-8' into '13-8-stable-ee' · c3269208
  GitLab Release Tools Bot authored 4 years ago
  
  Bump swagger-ui-dist version See merge request gitlab-org/security/gitlab!1277
  c3269208
- Merge branch 'security-bvl-update-thrift-gem-13-8' into '13-8-stable-ee' · 70010b11
  GitLab Release Tools Bot authored 4 years ago
  
  Bump thrift to 0.14.0 See merge request gitlab-org/security/gitlab!1273
  70010b11
- Merge branch 'security-ci-api-variables-permissions-13-8' into '13-8-stable-ee' · 60d1fbbc
  GitLab Release Tools Bot authored 4 years ago
  
  Allow only group owners to manage group variables See merge request gitlab-org/security/gitlab!1257
  60d1fbbc
- Update vendored workhorse to v8.59.2 · d4e4f8a5
  Patrick Bajao authored 4 years ago
  
  d4e4f8a5
- Update GITLAB_WORKHORSE_VERSION · 05020457
  Patrick Bajao authored 4 years ago
  
  05020457
- Update VERSION to 8.59.2 · 5036c90e
  Alessio Caiazza authored 4 years ago
  
  5036c90e
- Update CHANGELOG for 8.59.2 · d7244bdc
  Alessio Caiazza authored 4 years ago
  
  [ci skip]
  d7244bdc
- Merge branch 'security-remove-validate-path-logging-8-59' into '8-59-stable' · 2f81bd4e
  Alessio Caiazza authored 4 years ago
  
  Stop logging when path is excluded See merge request gitlab-org/security/gitlab-workhorse!32
  2f81bd4e
- Stop logging when path is excluded · 49e57eb8
  Patrick Bajao authored 4 years ago
  
  This causes logging a lot and reporting to sentry which can cause performance issues.
  49e57eb8
Mar 02, 2021
- Bump swagger-ui-dist version · 6549936e
  Jacques Erasmus authored 4 years ago and Paul Slaughter committed 4 years ago
  
  Bumped the swagger-ui-dist version to the latest
  6549936e
- Merge branch 'ps-fix-13-8-date-dependent-spec' into '13-8-stable-ee' · 19b4123e
  Robert Speicher authored 4 years ago
  
  Fix date dependent spec with useFakeDate See merge request gitlab-org/gitlab!55515
  19b4123e
- Fix date dependent spec with useFakeDate · dfff5bad
  Paul Slaughter authored 4 years ago
  
  - Blocking other 13.8 backports
  Unverified
  
  dfff5bad
Feb 25, 2021

Bump thrift to 0.14.0 · c923dc30

Bob Van Landuyt authored 4 years ago

This is a minor bump of the thrift gem. This is a dependency of labkit
through jaeger-client

c923dc30

Clean up active session file · be68c117

mksionek authored 4 years ago

From to-do items

Remove binding.pry

Fix warden to-do

Add warden guard clause

Add changelog entry

Change naming in changelog

be68c117

Feb 24, 2021
- Update vendored workhorse to v8.59.1 · e82f4d44
  Jacob Vosmaer (GitLab) authored 4 years ago
  
  e82f4d44
- Use Workhorse 8.59.1 · 0571be41
  Jacob Vosmaer (GitLab) authored 4 years ago
  
  0571be41
- Update VERSION to 8.59.1 · d47d79db
  Patrick Bajao authored 4 years ago
  
  d47d79db
- Update CHANGELOG for 8.59.1 · 2dd730f2
  Patrick Bajao authored 4 years ago
  
  [ci skip]
  2dd730f2
- Merge branch 'jv-router-escape-path-8-59' into '8-59-stable' · 639dbae0
  Patrick Bajao authored 4 years ago
  
  Use URL.EscapePath() in upstream router (8-59-stable) See merge request gitlab-org/security/gitlab-workhorse!27
  639dbae0
Feb 23, 2021
- Use URL.EscapePath() in upstream router · eb1fd755
  Jacob Vosmaer (GitLab) authored 4 years ago
  
  eb1fd755
Feb 19, 2021

Allow only group owners to manage group variables · b70f969b

Marius Bobin authored 4 years ago

Before this change we were allowing maintainers to manage
group variables even though our permissions page list only owners.

Unverified

b70f969b

Feb 15, 2021
- Fix XSS in wiki author email and name · b116b575
  Francisco Javier López authored 4 years ago
  
  In this commit we fix a XSS when rendering the wiki commit info in the header.
  Unverified
  
  b116b575
Feb 11, 2021
- Merge remote-tracking branch 'dev/13-8-stable-ee' into 13-8-stable-ee · 276cb4c0
  GitLab Release Tools Bot authored 4 years ago
  
  276cb4c0
- Update VERSION files · f65d7b6f
  GitLab Release Tools Bot authored 4 years ago
  
  [merge-train skip]
  View commits for tag v13.8.4-ee v13.8.4-ee
  
  f65d7b6f
- Update CHANGELOG.md for 13.8.4-ee · e0dd779e
  GitLab Release Tools Bot authored 4 years ago
  
  [ci skip]
  e0dd779e
- Update CHANGELOG-EE.md for 13.8.4-ee · a50d2bfa
  GitLab Release Tools Bot authored 4 years ago
  
  [ci skip]
  a50d2bfa

Admin message

Admin message