Commits · 5265942b751f41022393df2f52bc8e005d1ca168 · gpt / large_projects / gitlabhq1

Jan 24, 2019
- Revert "Merge branch 'security-pipeline-trigger-tokens-exposure-11-4' into 'security-11-4'" · 5265942b
  Yorick Peterse authored 6 years ago
  
  This reverts commit 426716d1
  5265942b
- Merge branch 'security-pipeline-trigger-tokens-exposure-11-4' into 'security-11-4' · 426716d1
  Yorick Peterse authored 6 years ago
  
  [11.4] Do not expose trigger token when user should not see it See merge request gitlab/gitlabhq!2761 (cherry picked from commit bc660b08642de2a68e39a443566e7665f057a0a8) 1b81cbce Do not expose trigger token when user should not see it
  426716d1
Jan 15, 2019
- Update VERSION to 11.4.14 · c69471c7
  GitLab Release Tools Bot authored 6 years ago
  
  View commits for tag v11.4.14 v11.4.14
  
  c69471c7
- Update CHANGELOG.md for 11.4.14 · e2cb37ff
  GitLab Release Tools Bot authored 6 years ago
  
  [ci skip]
  e2cb37ff
- Merge branch 'security-2770-verify-bundle-import-files-11-4' into 'security-11-4' · 56c0f733
  Yorick Peterse authored 6 years ago
  
  [11.4] Validate bundle files before unpacking them See merge request gitlab/gitlabhq!2776 (cherry picked from commit 6176b02aa6577079986410719884bd253dc5e7be) e5e5e77e Validate bundle files before unpacking them
  56c0f733
Jan 10, 2019
- Merge branch 'fix-prepare-build-script' into 'master' · ee33bcba
  Marin Jankovski authored 6 years ago
  
  Stop using deprecated argument to `gem` See merge request gitlab-org/gitlab-ce!24079
  ee33bcba
Dec 28, 2018
- Update VERSION to 11.4.13 · 837a61be
  GitLab Release Tools Bot authored 6 years ago
  
  View commits for tag v11.4.13 v11.4.13
  
  837a61be
- Update CHANGELOG.md for 11.4.13 · 3649904e
  GitLab Release Tools Bot authored 6 years ago
  
  [ci skip]
  3649904e
Dec 27, 2018
- Merge branch 'security-11-4' of dev.gitlab.org:gitlab/gitlabhq into 11-4-stable · 11174c34
  John Jarvis authored 6 years ago
  
  11174c34
- Merge branch 'security-fix/security-group-user-removal-11-4' into 'security-11-4' · 19aa797f
  John Jarvis authored 6 years ago
  
  [11.4] Resolve "Removing a user from a private group doesn't remove them from group's project, if their project's role was changed" See merge request gitlab/gitlabhq!2714
  19aa797f
- Merge remote-tracking branch 'origin/security-48259-private-snippet-11-4' into security-11-4 · 39c502fd
  John Jarvis authored 6 years ago
  
  39c502fd
- Merge branch 'security-11-4' into 'security-fix/security-group-user-removal-11-4' · 19a278b9
  James Lopez authored 6 years ago
  
  # Conflicts: # app/services/members/destroy_service.rb
  19a278b9
- Merge branch 'security-11-4' of dev.gitlab.org:gitlab/gitlabhq into 11-4-stable · cd02c079
  John Jarvis authored 6 years ago
  
  cd02c079
- Merge branch 'security-11-4-group-cicd-settings-accessible-to-maintainer' into 'security-11-4' · 7703a04b
  John Jarvis authored 6 years ago
  
  [11.4] Group Ex-Maintainer Could maintain Access to Project's Source Code/Jobs/Pipelines/Artifacts if it had Shared Group Runner Configured See merge request gitlab/gitlabhq!2752
  7703a04b
- Merge branch 'security-11-4' of dev.gitlab.org:gitlab/gitlabhq into 11-4-stable · 278490c8
  John Jarvis authored 6 years ago
  
  278490c8
- Merge branch 'sh-disble-docs-internal-links-lint' into 'master' · 88fb4b75
  Clement Ho authored 6 years ago
  
  Disable docs lint internal_links check Closes #55038 See merge request gitlab-org/gitlab-ce!23665
  Unverified
  
  88fb4b75
- Merge branch 'security-11-4-secret-ci-variables-exposed' into 'security-11-4' · 6e793e16
  John Jarvis authored 6 years ago
  
  [11.4] Secret CI variables can exposed by creating a tag with the same name as an existing protected branch See merge request gitlab/gitlabhq!2683
  6e793e16
- Merge branch... · 364ec359
  John Jarvis authored 6 years ago
  
  Merge branch 'security-11-4-53543-user-keeps-access-to-mr-issue-when-removed-from-team' into 'security-11-4' [11.4] Adds validation to check if user can read project See merge request gitlab/gitlabhq!2680
  364ec359
- Merge branch 'security-11-4-refs-available-to-project-guest' into 'security-11-4' · f43991c9
  John Jarvis authored 6 years ago
  
  [11.4] Project guests no longer are able to see refs page See merge request gitlab/gitlabhq!2688
  f43991c9
- Merge branch 'security-11-4-fix-ssrf-lfs-project-import' into 'security-11-4' · 34f442d7
  John Jarvis authored 6 years ago
  
  [11.4] SSRF in project imports with LFS See merge request gitlab/gitlabhq!2727
  34f442d7
- Merge branch 'security-wiki-svg-attachment' into 'security-11-4' · 8a78b622
  John Jarvis authored 6 years ago
  
  [11.4] Stored XSS in latest IE See merge request gitlab/gitlabhq!2674
  8a78b622
- [11.4] Stored XSS in latest IE · e60da0c5
  Francisco Javier López authored 6 years ago and John Jarvis committed 6 years ago
  
  e60da0c5
- Merge branch 'security-label-xss-11-4' into 'security-11-4' · b5fe07e4
  John Jarvis authored 6 years ago
  
  [11.4] Escape html entities when no label found See merge request gitlab/gitlabhq!2749
  b5fe07e4
- Merge branch 'security-11-4-guests-jobs-api' into 'security-11-4' · dc4f76e3
  John Jarvis authored 6 years ago
  
  [11.4] Guest users have access to all Job information via the API See merge request gitlab/gitlabhq!2746
  dc4f76e3
- Merge branch 'ensure-that-build-token-is-always-running-11-4' into 'security-11-4' · f6669b78
  John Jarvis authored 6 years ago
  
  [11.4] Ensure that build token is always running See merge request gitlab/gitlabhq!2663
  f6669b78
- Merge branch 'security-11-4-fix-ssrf-import-url-remote-mirror' into 'security-11-4' · ece60143
  John Jarvis authored 6 years ago
  
  [11.4] SSRF - Scan Internal Ports and GCP/AWS endpoints See merge request gitlab/gitlabhq!2710
  ece60143
- [11.4] SSRF - Scan Internal Ports and GCP/AWS endpoints · 21969c4a
  Francisco Javier López authored 6 years ago and John Jarvis committed 6 years ago
  
  21969c4a
Dec 26, 2018
- Merge branch 'security-11-4-54377-label-milestone-name-xss' into 'security-11-4' · afcbd4ed
  John Jarvis authored 6 years ago
  
  [11.4] Escape label and milestone titles to prevent XSS in GFM autocomplete See merge request gitlab/gitlabhq!2742
  afcbd4ed
- Merge branch 'security-11-4-url-rel' into 'security-11-4' · a02518ad
  John Jarvis authored 6 years ago
  
  [11.4] Set URL rel attribute for broken URLs See merge request gitlab/gitlabhq!2713
  a02518ad
- Merge branch 'security-todos_not_redacted_for_guests-11-4' into 'security-11-4' · 1b903046
  John Jarvis authored 6 years ago
  
  [11.4] Delete confidential issue todos for guests See merge request gitlab/gitlabhq!2724
  1b903046
- Merge branch 'security-bvl-fix-cross-project-mr-exposure-11-4' into 'security-11-4' · 6c6ba6b3
  John Jarvis authored 6 years ago
  
  [11.4] Validate projects in MR build service See merge request gitlab/gitlabhq!2705
  6c6ba6b3
Dec 24, 2018
- Use old-style controller request params · a9e23ac4
  Matija Čupić authored 6 years ago
  
  Verified
  
  a9e23ac4
Dec 23, 2018
- Add CHANGELOG entry · 0840401e
  Matija Čupić authored 6 years ago
  
  Verified
  
  0840401e
- Check for group admin permissions · 23be2ea4
  Matija Čupić authored 6 years ago
  
  Verified
  
  23be2ea4
Dec 22, 2018
- Escape html entities when no label found · 3d4ffa2f
  Jarka Kadlecova authored 6 years ago
  
  3d4ffa2f
- Add CHANGELOG entry · b9c70e0d
  Matija Čupić authored 6 years ago
  
  Verified
  
  b9c70e0d
- Move pipeline auth above pipeline assignment · bda33af6
  Matija Čupić authored 6 years ago
  
  Verified
  
  bda33af6
- Authorize read_pipeline before read_build · 10ba7141
  Matija Čupić authored 6 years ago
  
  Verified
  
  10ba7141
- Authorize read_build when listing pipeline jobs · 6d1cb1f2
  Matija Čupić authored 6 years ago
  
  Verified
  
  6d1cb1f2
- Authorize read_build action when listing jobs · 37954d62
  Matija Čupić authored 6 years ago
  
  Verified
  
  37954d62

Admin message

Admin message