- Jul 06, 2020
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
-
Yorick Peterse authored
Use the uploaded file set by multipart.rb in Maven packages See merge request gitlab-org/security/gitlab!705
-
- Jul 02, 2020
-
-
David Fernandez authored
Avoid calling UploadedFile.from_params
-
- Jul 01, 2020
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
-
- Jun 29, 2020
-
-
Mayra Cabrera authored
Merge branch 'security-fj-add-snippet-repository-validation-bundle-import-13-0' into '13-0-stable-ee' Lack of validations importing snippet repository from bundle See merge request gitlab-org/security/gitlab!612
-
GitLab Release Tools Bot authored
Do not show activity for users with private profiles See merge request gitlab-org/security/gitlab!688
-
GitLab Release Tools Bot authored
Check access when sending TODOs related to merge requests See merge request gitlab-org/security/gitlab!673
-
GitLab Release Tools Bot authored
Disable caching for wiki attachments See merge request gitlab-org/security/gitlab!659
-
GitLab Release Tools Bot authored
Fix null byte error in upload path See merge request gitlab-org/security/gitlab!573
-
GitLab Release Tools Bot authored
Resolve "Cross-Site Scripting In BitbucketServer Import" See merge request gitlab-org/security/gitlab!679
-
GitLab Release Tools Bot authored
Fix note author name rendering See merge request gitlab-org/security/gitlab!658
-
GitLab Release Tools Bot authored
Disable github import api by seetings See merge request gitlab-org/security/gitlab!559
-
GitLab Release Tools Bot authored
Fixed group deploy token API authorizations See merge request gitlab-org/security/gitlab!676
-
GitLab Release Tools Bot authored
Change from hybrid to JSON cookies serializer See merge request gitlab-org/security/gitlab!691
-
JSON has been the default serializer since Rails 4.1. Hybrid serializer was meant to allow backward compatibility when upgrading pre-Rails 4.1. It's been some time since we upgraded to Rails 4.1 so now we don't need the hybrid serializer anymore. This also causes security concerns since the previous serializer was Marshal.
-
GitLab Release Tools Bot authored
Stored XSS on the Error Tracking page See merge request gitlab-org/security/gitlab!626
-
GitLab Release Tools Bot authored
Upgrade swagger-ui to solve XSS issues See merge request gitlab-org/security/gitlab!636
-
GitLab Release Tools Bot authored
Validate group names with Rails HTML sanitizer See merge request gitlab-org/security/gitlab!630
-
GitLab Release Tools Bot authored
Fix XSS in Banzai's `#data_attributes_for` See merge request gitlab-org/security/gitlab!599
-
GitLab Release Tools Bot authored
Update xterm js dependency to latest stable 3.X version See merge request gitlab-org/security/gitlab!607
-
GitLab Release Tools Bot authored
Update permissions for time tracking endpoints See merge request gitlab-org/security/gitlab!617
-
-
GitLab Release Tools Bot authored
Update Kaminari gem See merge request gitlab-org/security/gitlab!670
-
GitLab Release Tools Bot authored
Make sure user info is sanitized when rendered See merge request gitlab-org/security/gitlab!597
-
-
GitLab Release Tools Bot authored
Merge branch 'security-fix_project_authorizations_for_security_dashboard-13-0' into '13-0-stable-ee' Security fix project authorizations for security dashboard See merge request gitlab-org/security/gitlab!583
-
-
GitLab Release Tools Bot authored
Fixes pypi XSS See merge request gitlab-org/security/gitlab!557
-
Michelle Gill authored
-
- Jun 25, 2020
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
-