Commits · 12-1-stable · gpt / large_projects / gitlabhq1

Dec 13, 2019
- Update VERSION to 12.1.17 · e2ef0904
  GitLab Release Tools Bot authored 5 years ago
  
  View commits for tag v12.1.17 v12.1.17
  
  e2ef0904
- Update CHANGELOG.md for 12.1.17 · f12df55b
  GitLab Release Tools Bot authored 5 years ago
  
  [ci skip]
  f12df55b
- Merge branch 'ac-fix-12-1' into 12-1-stable · 85d95020
  Alessio Caiazza authored 5 years ago
  
  85d95020
- Simplify static-analysis output generation · aa79ec3c
  Stan Hu authored 5 years ago and Alessio Caiazza committed 5 years ago
  
  The buffering of the output may be causing issues, so let's disable it for now.
  aa79ec3c
- Merge branch 'backport-21510-12-1' into '12-1-stable' · feb48996
  John Skarbek authored 5 years ago
  
  Install lsb-release for repo URL construction See merge request gitlab/gitlabhq!3591
  feb48996
- Install lsb-release for repo URL construction · c3f2e9dd
  Kyle Wiebers authored 5 years ago
  
  c3f2e9dd
- Adds message to indicate we are skipping release 12.1.16 · b7318768
  John Skarbek authored 5 years ago
  
  Unverified
  
  b7318768
- Revert "Update CHANGELOG.md for 12.1.16" · a5525dca
  John Skarbek authored 5 years ago
  
  This reverts commit 0455f2f3.
  Unverified
  
  a5525dca
- Revert "Update VERSION to 12.1.16" · 02d19940
  John Skarbek authored 5 years ago
  
  This reverts commit d2e3962c.
  Unverified
  
  02d19940
Dec 12, 2019
- Update VERSION to 12.1.16 · d2e3962c
  GitLab Release Tools Bot authored 5 years ago
  
  View commits for tag v12.1.16 v12.1.16
  
  d2e3962c
- Update CHANGELOG.md for 12.1.16 · 0455f2f3
  GitLab Release Tools Bot authored 5 years ago
  
  [ci skip]
  0455f2f3
- Adds message to indicate we are skipping release 12.1.15 · 050c4bae
  John Skarbek authored 5 years ago
  
  Unverified
  
  050c4bae
- Revert "Update CHANGELOG.md for 12.1.15" · c3efab6f
  John Skarbek authored 5 years ago
  
  This reverts commit 2404e6c7.
  Unverified
  
  c3efab6f
- Revert "Update VERSION to 12.1.15" · 7cb933eb
  John Skarbek authored 5 years ago
  
  This reverts commit fa242b39.
  Unverified
  
  7cb933eb
Dec 11, 2019
- Update VERSION to 12.1.15 · fa242b39
  GitLab Release Tools Bot authored 5 years ago
  
  View commits for tag v12.1.15 v12.1.15
  
  fa242b39
- Update CHANGELOG.md for 12.1.15 · 2404e6c7
  GitLab Release Tools Bot authored 5 years ago
  
  [ci skip]
  2404e6c7
Dec 10, 2019
- Merge branch '12-1-stable-backport-reliable-fetcher' into '12-1-stable' · c6d2d169
  John Skarbek authored 5 years ago
  
  Backport reliable fetcher to 12.1 See merge request gitlab/gitlabhq!3584
  c6d2d169
Dec 09, 2019

Valery Sizov authored 5 years ago

backport https://gitlab.com/gitlab-org/gitlab/commit/2be136b6cdf59f4664d9fbbe91e16498a47ba227
see https://gitlab.com/gitlab-org/gitlab/commit/3baeb0c7fd6829b8c083a43370163d16f7700263
see https://gitlab.com/gitlab-org/gitlab/merge_requests/21161

8a53d47d

Backport reliable fetcher · a2af8dc5
Valery Sizov authored 5 years ago

a2af8dc5

Oct 24, 2019

Merge branch 'security-stored-xss-using-find-file-12-1' into '12-1-stable' · 41948c2c
GitLab Release Tools Bot authored 5 years ago
```
Sanitize search text to prevent XSS

See merge request gitlab/gitlabhq!3471
```
41948c2c
Merge branch 'security-xss-grafana-url-12-1' into '12-1-stable' · 27e6daa2
GitLab Release Tools Bot authored 5 years ago
```
Handle Stored XSS for Grafana URL in settings

See merge request gitlab/gitlabhq!3483
```
27e6daa2

Handle Stored XSS for Grafana URL in settings · 9a0dc3fa

David Wilkins authored 5 years ago

- Extend Gitlab::UrlBlocker to allow relative urls (require_absolute
  setting).  The new `require_absolute` setting defaults to true,
  which is the existing behavior.

- Extend AddressableUrlValidator to accept `require_abosolute` and
  default to the existing behavior

- Add validation for ApplicationSetting#grafana_url to validate that
  the URL does not contain XSS but can be a valid relative or absolute
  url.

- In the case of existing stored URLs, validate the stored URL does
  not contain XSS. If the stored URL contains stored XSS or is an
  otherwise invalid URL, return the default database column value.

- Add tests for Gitlab::UrlBlocker to test require_absolute setting

- Add tests for AddressableUrlValidator

- Add tests for ApplicationSetting#grafana_url

9a0dc3fa

Oct 10, 2019
- Sanitize search text to prevent XSS · 88f00c71
  Samantha Ming authored 5 years ago and Samantha Ming committed 5 years ago
  
  88f00c71
Oct 07, 2019
- Merge remote-tracking branch 'dev/12-1-stable' into 12-1-stable · 3e2d0afa
  GitLab Release Tools Bot authored 5 years ago
  
  3e2d0afa
- Update VERSION to 12.1.14 · ef8aaefd
  GitLab Release Tools Bot authored 5 years ago
  
  View commits for tag v12.1.14 v12.1.14
  
  ef8aaefd
- Update CHANGELOG.md for 12.1.14 · 6e62be75
  GitLab Release Tools Bot authored 5 years ago
  
  [ci skip]
  6e62be75
Oct 02, 2019
- Merge remote-tracking branch 'dev/12-1-stable' into 12-1-stable · ed21ca8e
  GitLab Release Tools Bot authored 5 years ago
  
  ed21ca8e
Oct 01, 2019
- Update VERSION to 12.1.13 · c6128d82
  GitLab Release Tools Bot authored 5 years ago
  
  View commits for tag v12.1.13 v12.1.13
  
  c6128d82
- Update CHANGELOG.md for 12.1.13 · 6317d49c
  GitLab Release Tools Bot authored 5 years ago
  
  [ci skip]
  6317d49c
- Merge branch 'security-29491-12-1-ce' into '12-1-stable' · cdfcbb00
  Marin Jankovski authored 5 years ago
  
  Fix private feature Elasticsearch leak See merge request gitlab/gitlabhq!3452
  cdfcbb00
- EE port: Fix private feature Elasticsearch leak · ccb6a5a5
  Mark Chao authored 5 years ago
  
  Add spec to test different combinations. Accept string for required_minimum_access_level Allow more flexible project membership query
  ccb6a5a5
Sep 30, 2019

Merge branch 'fix_expired_gpg_key_specs' into 'master' · f84dc8c1

Stan Hu authored 5 years ago

Fix broken specs : Generate new GPG key in place of expired one

Closes #32956

See merge request gitlab-org/gitlab!17853

Unverified

f84dc8c1

Sep 26, 2019
- Update VERSION to 12.1.12 · fd62f3a1
  GitLab Release Tools Bot authored 5 years ago
  
  View commits for tag v12.1.12 v12.1.12
  
  fd62f3a1
- Update CHANGELOG.md for 12.1.12 · e728ba7e
  GitLab Release Tools Bot authored 5 years ago
  
  [ci skip]
  e728ba7e
- Merge branch 'security-gitaly-1-53-4' into '12-1-stable' · 47949f6a
  GitLab Release Tools Bot authored 5 years ago
  
  Fix Gitaly SearchBlobs flag RPC injection [Gitaly v1.53.4] See merge request gitlab/gitlabhq!3435
  47949f6a
- Merge branch 'security-sarcila-verify-saml-request-origin-12-1' into '12-1-stable' · 1791e3e6
  GitLab Release Tools Bot authored 5 years ago
  
  Check that SAML identity linking validates the origin of the request See merge request gitlab/gitlabhq!3376
  1791e3e6
- Merge branch 'security-xss-mermaid-12-1' into '12-1-stable' · 65a022ad
  GitLab Release Tools Bot authored 5 years ago
  
  Gitlab XSS in markdown preview page See merge request gitlab/gitlabhq!3400
  65a022ad
- Merge branch... · 254b09ef
  GitLab Release Tools Bot authored 5 years ago
  
  Merge branch 'security-12717-fix-confidential-issue-assignee-visible-to-guests-12-1' into '12-1-stable' Display only participants that user has permission to see See merge request gitlab/gitlabhq!3403
  254b09ef
- Merge branch 'security-bypass-email-verification-using-salesforce-12-1' into '12-1-stable' · 116fb15b
  GitLab Release Tools Bot authored 5 years ago
  
  Prevent Bypassing Email Verification using Salesforce See merge request gitlab/gitlabhq!3407
  116fb15b
- Merge branch 'security-mermaid-block-12-1' into '12-1-stable' · 84fd8316
  GitLab Release Tools Bot authored 5 years ago
  
  Only render fixed number of mermaid blocks See merge request gitlab/gitlabhq!3413
  84fd8316

Admin message

Admin message