Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • 12-9-stable
  • 12-7-stable
  • 12-6-stable
  • 12-8-stable
  • github/fork/Kloppi313/patch-1
  • 12-5-stable
  • 12-4-stable
  • github/fork/ramalokesh8477/master
  • 12-1-stable
  • 12-2-stable
  • 12-0-stable
  • 12-3-stable
  • 42-42-stable
  • github/fork/hussamgit398/patch-2
  • 12-3-auto-deploy-20190911
  • 12-3-auto-deploy-20190916
  • 12-3-auto-deploy-20190908
  • 12-3-auto-deploy-20190901
  • 12-3-auto-deploy-20190901-32664
  • v12.10.0.pre
  • v12.9.0
  • v12.9.0-rc42
  • v12.8.7
  • v12.8.6
  • v12.8.5
  • v12.8.4
  • v12.8.3
  • v12.6.8
  • v12.7.7
  • v12.8.2
  • v12.8.1
  • v12.9.0.pre
  • v12.8.0
  • v12.8.0-rc42
  • v12.5.10
  • v12.7.6
  • v12.6.7
  • v12.7.5
  • v12.5.9
40 results
Search by author
  • Any Author
  • Grant Young Grant Young grantyoung
  • Nailia Iskhakova Nailia Iskhakova niskhakova
  • gitlab-qa-bot gitlab-qa-bot gitlab-qa-bot
3 authors
  1. Sep 04, 2019
  3. Jan 31, 2019
    • Kamil Trzcińśki's avatar
      Extract GitLab Pages using RubyZip · 66744469
      Kamil Trzcińśki authored 
      RubyZip allows us to perform strong validation of
expanded paths where we do extract file.

We introduce the following additional checks
to extract routines:

1. None of path components can be symlinked,
2. We drop privileges support for directories,
3. Symlink source needs to point within the target directory,
   like `public/`,
4. The symlink source needs to exist ahead of time.
      Verified
      66744469
  5. Jan 22, 2019
    • Kamil Trzcińśki's avatar
      Extract GitLab Pages using RubyZip · 1a8100cf
      Kamil Trzcińśki authored 
      RubyZip allows us to perform strong validation of
expanded paths where we do extract file.

We introduce the following additional checks
to extract routines:

1. None of path components can be symlinked,
2. We drop privileges support for directories,
3. Symlink source needs to point within the target directory,
   like `public/`,
4. The symlink source needs to exist ahead of time.
      1a8100cf
  7. Jul 17, 2018
  9. Apr 27, 2018
  11. Apr 03, 2018
  13. Mar 30, 2018
  15. Mar 09, 2018
  17. Mar 06, 2018
  19. Feb 28, 2018
  21. Feb 05, 2018
    • Grzegorz Bizon's avatar
      Revert create job service because of load balancing · 5f57c7a5
      Grzegorz Bizon authored 
      Currently we still need to run EnsureStageService within a transaction,
because when it runs within in a transaction we are going to stick to
the primary database when using database load balancing. Extracting this
out of the transaction makes it possible to hit into problems with
replication lag in pipeline commit status API, which can cause a lot of
trouble.
      5f57c7a5
  23. Feb 02, 2018
  25. Jan 24, 2018
  27. Dec 03, 2017
  29. Sep 05, 2017
  31. Aug 31, 2017
    • Sean McGivern's avatar
      `current_application_settings` belongs on `Gitlab::CurrentSettings` · 5883ce95
      Sean McGivern authored 
      The initializers including this were doing so at the top level, so every object
loaded after them had a `current_application_settings` method. However, if
someone had rack-attack enabled (which was loaded before these initializers), it
would try to load the API, and fail, because `Gitlab::CurrentSettings` didn't
have that method.

To fix this:

1. Don't include `Gitlab::CurrentSettings` at the top level. We do not need
   `Object.new.current_application_settings` to work.
2. Make `Gitlab::CurrentSettings` explicitly `extend self`, as we already use it
   like that in several places.
3. Change the initializers to use that new form.
      5883ce95
  33. Aug 10, 2017
  35. Jul 31, 2017
  37. Jul 26, 2017
  39. Jul 25, 2017
  41. Jun 28, 2017
  43. Mar 31, 2017
  45. Mar 05, 2017
  47. Feb 23, 2017
  49. Feb 01, 2017
  51. Jan 31, 2017