[ci skip]

[11.4] Prevent templated services from being imported

See merge request gitlab/gitlabhq!2636

[11.4] Escape user fullname while rendering autocomplete template to prevent XSS

See merge request gitlab/gitlabhq!2607

[ci skip]

Filipa Lacerda authored 6 years ago and Jan Provaznik committed 6 years ago

The default value of the selected stage was a translated string.
This commit removes the string and uses a flag property instead.
The stage dropdown is now only rendered after the stages endpoint
is received.

Achilleas Pipinellis authored 6 years ago and Jan Provaznik committed 6 years ago

Documentation: Add mention that recovery codes are downloadable.

See merge request gitlab-org/gitlab-ce!22483

Marcia Ramos authored 6 years ago and Jan Provaznik committed 6 years ago

Document highlighted mentions

See merge request gitlab-org/gitlab-ce!22488

Stan Hu authored 6 years ago and Thiago Presa committed 6 years ago

Fix usage ping link

Closes #53070

See merge request gitlab-org/gitlab-ce!22545

Filipa Lacerda authored 6 years ago and Thiago Presa committed 6 years ago

Fixed merge request fill tree not respecting fluid width

Closes #52916

See merge request gitlab-org/gitlab-ce!22487

[ci skip]

[11.4] Security kubeclient ssrf

See merge request gitlab/gitlabhq!2573

[ci skip]

Robert Speicher authored 6 years ago and Thiago Presa committed 6 years ago

[11.4] Fix Token lookup for Git over HTTP and registry authentication

See merge request gitlab/gitlabhq!2577

[ci skip]

Block additional localhost addresses in UrlBlocker

See merge request gitlab/gitlabhq!2487

Jan Provaznik authored 6 years ago and Thiago Presa committed 6 years ago

[11.4] Escape issue title while template rendering to prevent XSS

See merge request gitlab/gitlabhq!2571

Jan Provaznik authored 6 years ago and Thiago Presa committed 6 years ago

[11.4] Redact unsubscribe links in issuable texts

See merge request gitlab/gitlabhq!2565

Jan Provaznik authored 6 years ago and Thiago Presa committed 6 years ago

: [11.4] Resolve "Sensitive information is stored in browser history"

See merge request gitlab/gitlabhq!2562

[11.4] Validate Wiki attachments are valid temporary files

See merge request gitlab/gitlabhq!2569

Jan Provaznik authored 6 years ago and Thiago Presa committed 6 years ago

[11.4] JUnit test reports endpoint exposes full stack trace in production mode

See merge request gitlab/gitlabhq!2517

Jan Provaznik authored 6 years ago and Thiago Presa committed 6 years ago

[11.4] Persist only SHA digest of PersonalAccessToken#token

See merge request gitlab/gitlabhq!2551

[ci skip]

[11.4] Fix XSS in MR source branch name

See merge request gitlab/gitlabhq!2550

[11.4] Prevent SSRF attacks in HipChat integration

See merge request gitlab/gitlabhq!2547

[ci skip]

Prepare 11.4 RC8 release

See merge request gitlab-org/gitlab-ce!22452

Evan Read authored 6 years ago and Jan Provaznik committed 6 years ago

Add Git protocol v2 docs

See merge request gitlab-org/gitlab-ce!22227

Rémy Coutable authored 6 years ago and Jan Provaznik committed 6 years ago

QA: Add support for pushing and viewing files

See merge request gitlab-org/gitlab-ce!21911