- Jun 03, 2020
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
-
Alessio Caiazza authored
Prevent fetching repository code with unauthorized ci token See merge request gitlab-org/security/gitlab!588
-
- Jun 02, 2020
-
-
Furkan Ayhan authored
Users have ability to fetch other projects' code via gitlab-ci-token. This permission is controlled by "build_download_code". However, this permission is not prevented when "repository_disabled" for the users. This commit fixes this.
-
Stan Hu authored
Fix expired SSL cert in PagesDomain test See merge request gitlab-org/gitlab!33462
-
- May 27, 2020
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
-
Alessio Caiazza authored
Fix failing user spec See merge request gitlab-org/security/gitlab!553
-
Jan Provaznik authored
Assures that user.emails is not empty
-
- May 26, 2020
-
-
GitLab Release Tools Bot authored
Added data integrity check before update See merge request gitlab-org/security/gitlab!475
-
GitLab Release Tools Bot authored
Display only verified emails on notifications page See merge request gitlab-org/security/gitlab!548
-
GitLab Release Tools Bot authored
Limit resources when processing artifacts metadata - gitlab-rails See merge request gitlab-org/security/gitlab!534
-
-
Alessio Caiazza authored
Substitute variables using gsub in Prometheus proxy API See merge request gitlab-org/security/gitlab!471
-
GitLab Release Tools Bot authored
Fix email confirmation bug when soft email confirmation is enabled See merge request gitlab-org/security/gitlab!517
-
GitLab Release Tools Bot authored
Require confirmed email address for GitLab OAuth authentication See merge request gitlab-org/security/gitlab!538
-
GitLab Release Tools Bot authored
Merge branch 'security-fix-group-domain-allowed-email-should-be-verified-12-9' into '12-9-stable-ee' Allow only verified user to be members of group with domain restriction See merge request gitlab-org/security/gitlab!544
-
GitLab Release Tools Bot authored
Respect forked projects permissions See merge request gitlab-org/security/gitlab!438
-
Alessio Caiazza authored
Do not auto-confirm email in Trial registration See merge request gitlab-org/security/gitlab!512
-
GitLab Release Tools Bot authored
Hide EKS secret key in admin integrations settings See merge request gitlab-org/security/gitlab!547
-
GitLab Release Tools Bot authored
Fix file enuming using Group Import See merge request gitlab-org/security/gitlab!486
-
GitLab Release Tools Bot authored
Fix security issue in mermaid markdown See merge request gitlab-org/security/gitlab!477
-
GitLab Release Tools Bot authored
Prevent XSS in the monitoring dashboard See merge request gitlab-org/security/gitlab!452
-
This prevents the branch name from the duplicate dashboard modal to execute XSS scripts
-
GitLab Release Tools Bot authored
Do not expose Kubernetes cluster token See merge request gitlab-org/security/gitlab!505
-
GitLab Release Tools Bot authored
Disable caching on repo/blobs/[sha]/raw endpoint See merge request gitlab-org/security/gitlab!398
-
GitLab Release Tools Bot authored
Change the mirror user along with pull mirror settings See merge request gitlab-org/security/gitlab!497
-
Tiger Watson authored
Instead of rendering the key and masking it from the UI, don't render it at all.
-
mksionek authored
Validate confirmation of emails for user Add validation to notification settings Add different condition to validation Add possibility to pick only email in dropdown Fix user specs file Remove unused method Add changelog entry Add cr remarks Add cr remarks
-
Manoj M J authored
This change allows only user with a verified email to be member of a group when the group has restricted membership based on email domain
-
- May 22, 2020
-
-
Allowing users with unconfirmed/unverified email addresses to authenticate to an external service using GitLab OAuth is not secure. This change enforces that a user must have a confirmed primary email address to proceed with OAuth.
-
- May 20, 2020
-
-
Adam Hegyi authored
This introduces a test case for the bug, and 2 changes related to addressing it: 1) more accurately marking new email records as confirmed and 2) un-confirming users when they change their primary email to an un-confirmed email.
-
- May 19, 2020
-
-
Aishwarya authored
This MR prevents email addresses from being confirmed automatically for Trial registrations.
-
- May 18, 2020
-
-
Mikhail authored
This commit: - Removes Copy and Show buttons from the Kubernetes cluster details page - Still allows to set a new token
-
- May 13, 2020
-
-
GitLab Release Tools Bot authored
-