Commits · d96e9a964df4ce3b32a1e7b0c4cd2347fd938b0a · gpt / large_projects / gitlabhq1

Dec 20, 2018
- Update VERSION to 11.3.14 · d96e9a96
  GitLab Release Tools Bot authored 6 years ago
  
  View commits for tag v11.3.14 v11.3.14
  
  d96e9a96
- Update CHANGELOG.md for 11.3.14 · 282d56bc
  GitLab Release Tools Bot authored 6 years ago
  
  [ci skip]
  282d56bc
- Merge branch 'security-import-symlink-11-3' of dev.gitlab.org:gitlab/gitlabhq into security-11-3 · b40f8d1d
  John Jarvis authored 6 years ago
  
  b40f8d1d
Dec 13, 2018
- Update VERSION to 11.3.13 · 366aa2be
  GitLab Release Tools Bot authored 6 years ago
  
  View commits for tag v11.3.13 v11.3.13
  
  366aa2be
- Update CHANGELOG.md for 11.3.13 · 6a83ee5b
  GitLab Release Tools Bot authored 6 years ago
  
  [ci skip]
  6a83ee5b
- Merge branch 'security-2754-fix-lfs-import-11-3' into 'security-11-3' · 72af766a
  John Jarvis authored 6 years ago
  
  [11.3] Validate LFS hrefs before downloading them See merge request gitlab/gitlabhq!2700
  72af766a
Dec 06, 2018
- Update VERSION to 11.3.12 · 60c89f44
  GitLab Release Tools Bot authored 6 years ago
  
  View commits for tag v11.3.12 v11.3.12
  
  60c89f44
- Update CHANGELOG.md for 11.3.12 · 8bead5f8
  GitLab Release Tools Bot authored 6 years ago
  
  [ci skip]
  8bead5f8
Dec 05, 2018
- Merge branch 'security-54857-fix-templates-path-traversal-11-3' into 'security-11-3' · 90d09306
  Cindy Pallares authored 6 years ago
  
  [11.3] Prevent a path traversal attack on global file templates See merge request gitlab/gitlabhq!2671
  Unverified
  
  90d09306
Nov 26, 2018
- Update VERSION to 11.3.11 · 9c30391c
  GitLab Release Tools Bot authored 6 years ago
  
  View commits for tag v11.3.11 v11.3.11
  
  9c30391c
- Update CHANGELOG.md for 11.3.11 · 9eff3873
  GitLab Release Tools Bot authored 6 years ago
  
  [ci skip]
  9eff3873
- Merge branch 'security-fix-uri-xss-applications-11-3' into 'security-11-3' · 7529d554
  Steve Xuereb authored 6 years ago
  
  [11.3] Reflected XSS in OAuth Authorize window due to redirect_uri allowing arbitrary protocols See merge request gitlab/gitlabhq!2581
  7529d554
- Merge branch 'security-11-3-fj-crlf-injection' into 'security-11-3' · f59f728f
  Steve Xuereb authored 6 years ago
  
  [11.3] Fix CRLF issue in UrlValidator See merge request gitlab/gitlabhq!2654
  f59f728f
- [11.3] Fix CRLF issue in UrlValidator · 536b7dca
  Francisco Javier López authored 6 years ago and Steve Xuereb committed 6 years ago
  
  536b7dca
- Merge branch 'security-182-update-workhorse-11-3' into 'security-11-3' · 707d210b
  Steve Xuereb authored 6 years ago
  
  [11.3] Redact sensitive information on workhorse log See merge request gitlab/gitlabhq!2586
  707d210b
- Merge branch 'security-11-3-fix-webhook-ssrf-ipv6' into 'security-11-3' · 4e1d9f16
  Steve Xuereb authored 6 years ago
  
  [11.3] Fix SSRF in project integrations See merge request gitlab/gitlabhq!2609
  4e1d9f16
- Merge branch 'security-email-change-notification-11-3' into 'security-11-3' · 778d14b1
  Steve Xuereb authored 6 years ago
  
  [11.3] Resolve: "Provide email notification when a user changes their email address" See merge request gitlab/gitlabhq!2604
  778d14b1
- Merge branch 'security-guest-comments-11-3' into 'security-11-3' · 9ec0a08a
  Steve Xuereb authored 6 years ago
  
  [11.3] Fixed ability to comment on and edit/delete comments on locked or confidential issues See merge request gitlab/gitlabhq!2648
  9ec0a08a
- [11.3] Fixed ability to comment on and edit/delete comments on locked or confidential issues · 05922e18
  Chantal Rollison authored 6 years ago and Steve Xuereb committed 6 years ago
  
  05922e18
- Resolve reflected XSS in Ouath authorize window · a4092225
  James Lopez authored 6 years ago
  
  Unverified
  
  a4092225
- Merge branch 'security-11-3-pages-toctou-race' into 'security-11-3' · a884c8f0
  Steve Xuereb authored 6 years ago
  
  [11.3] [pages] Possible symlink time of check to time of use race condition See merge request gitlab/gitlabhq!2651
  a884c8f0
- Merge branch 'security-fix-pat-web-access-11-3' into 'security-11-3' · 7a7f505f
  Steve Xuereb authored 6 years ago
  
  [11.3] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request" See merge request gitlab/gitlabhq!2657
  7a7f505f
Nov 23, 2018
- Update to gitlab-workhorse 6.1.2 · 4613c0bc
  Steve Azzopardi authored 6 years ago
  
  6.1.1 does not include the security fix, but 6.1.2 does.
  Unverified
  
  4613c0bc
- Merge branch... · 5a26a1ea
  Steve Xuereb authored 6 years ago
  
  Merge branch 'security-11-3-xss-in-markdown-following-unrecognized-html-element' into 'security-11-3' [11.3] XSS in markdown following unrecognized HTML element See merge request gitlab/gitlabhq!2633
  5a26a1ea
- Merge branch 'security-mermaid-xss-11-3' into 'security-11-3' · d0dadd3b
  Steve Xuereb authored 6 years ago
  
  [11.3] Fix XSS in mermaid diagrams See merge request gitlab/gitlabhq!2640
  d0dadd3b
- Merge branch 'security-bvl-exposure-in-commits-list-11-3' into 'security-11-3' · 7e1abc38
  Steve Xuereb authored 6 years ago
  
  [11.3] Don't expose confidential information in commit message list See merge request gitlab/gitlabhq!2644
  7e1abc38
- Merge branch 'security-issue_51301-11-3' into 'security-11-3' · c63c8451
  Steve Xuereb authored 6 years ago
  
  [11.3] Resolve: Promoting a milestone is missing an authorization check See merge request gitlab/gitlabhq!2621
  c63c8451
- Merge branch 'security-2736-prometheus-ssrf-11-3' into 'security-11-3' · cc474355
  Steve Xuereb authored 6 years ago
  
  [11.3] Do not follow redirects in prometheus service See merge request gitlab/gitlabhq!2625
  cc474355
- Merge branch 'security-11-3-stored-xss-for-environments' into 'security-11-3' · ecf97379
  Steve Xuereb authored 6 years ago
  
  [11.3] Stored XSS for Environments See merge request gitlab/gitlabhq!2616
  ecf97379
- Merge branch '11-3-stable' into security-11-3 · ac83d643
  Steve Azzopardi authored 6 years ago
  
  Unverified
  
  ac83d643
- Merge branch 'security-private-group-11-3' into 'security-11-3' · 56417b96
  Steve Xuereb authored 6 years ago
  
  [11.3] Fixed read name of private groups See merge request gitlab/gitlabhq!2592
  56417b96
- Update code to use API scope on PAT auth · e9dd33d3
  James Lopez authored 6 years ago
  
  Unverified
  
  e9dd33d3
Nov 21, 2018
- Upgrade GitLab Pages to v1.1.1 · 8f8fa36b
  Alessio Caiazza authored 6 years ago
  
  Unverified
  
  8f8fa36b
Nov 19, 2018

Don't use fragment cache on commit page · a819f14c

Bob Van Landuyt authored 6 years ago

This makes sure the user viewing the commit does not get to see
anything they're not allowed to see

a819f14c

Configure mermaid to not render HTML content in diagrams · 0d64da48

Winnie Hellmann authored 6 years ago

(cherry picked from commit f2e9f22f7d3d84abeea5ba2918ee5ffcc55f2dad)

Conflicts:
	app/assets/javascripts/behaviors/markdown/render_mermaid.js

0d64da48

Add failing test for XSS in mermaid diagrams · 58161315
Winnie Hellmann authored 6 years ago
```
(cherry picked from commit fdea799d37ae9ca3f5e80f191a55be543a79857a)
```
58161315

Nov 18, 2018
- Update VERSION to 11.3.10 · 82190ba7
  GitLab Release Tools Bot authored 6 years ago
  
  View commits for tag v11.3.10 v11.3.10
  
  82190ba7
- Update CHANGELOG.md for 11.3.10 · 23c87753
  GitLab Release Tools Bot authored 6 years ago
  
  [ci skip]
  23c87753
- Merge branch 'sh-fix-issue-54189-11-3' into 'security-11-3' · c1c45a97
  Steve Xuereb authored 6 years ago
  
  [11.3] Prevent templated services from being imported See merge request gitlab/gitlabhq!2637
  Unverified
  
  c1c45a97
- Merge branch 'security-11-3-2717-xss-username-autocomplete' into 'security-11-3' · 953f789f
  Steve Xuereb authored 6 years ago
  
  [11.3] Escape user fullname while rendering autocomplete template to prevent XSS See merge request gitlab/gitlabhq!2608
  Unverified
  
  953f789f

Admin message

Admin message