Commits · fa395d88d5232209aec5fd8010b5d9ee5f9f7dfe · Quang-Minh Nguyen / GitLab

Apr 13, 2021
- Update VERSION files · fa395d88
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v13.9.6-ee v13.9.6-ee
  
  fa395d88
- Update CHANGELOG.md for 13.9.6-ee · f68b6e59
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  f68b6e59
- Update CHANGELOG-EE.md for 13.9.6-ee · 7e223b41
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  7e223b41
- Update Gitaly version to 13.9.6 · bf4e68b9
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  bf4e68b9
- Merge branch 'content-type-check-13-9' into '13-9-stable-ee' · fe603883
  Robert Speicher authored 3 years ago
  
  Check content type before running exiftool See merge request gitlab-org/security/gitlab!1347
  fe603883
- Merge branch 'security-ruby-saml-auth-bypass-fix-13-9' into '13-9-stable-ee' · 3498f0c5
  Robert Speicher authored 3 years ago
  
  Security ruby saml auth bypass fix See merge request gitlab-org/security/gitlab!1333
  3498f0c5
- Merge branch 'security-327154-only-jpeg-tiff-13-9' into '13-9-stable-ee' · 0e7a2981
  Robert Speicher authored 3 years ago
  
  Detect file format before checking exif headers See merge request gitlab-org/security/gitlab!1339
  0e7a2981
Apr 12, 2021
- Update vendored workhorse to v8.63.3 · 78bce038
  Jan Provaznik authored 3 years ago
  
  78bce038
- Update GITLAB_WORKHORSE_VERSION · bd3c01a5
  Jan Provaznik authored 3 years ago
  
  bd3c01a5
- Update VERSION to 8.63.3 · 15cd9693
  Jacob Vosmaer (GitLab) authored 3 years ago
  
  15cd9693
- Update CHANGELOG for 8.63.3 · a24f66ea
  Jacob Vosmaer (GitLab) authored 3 years ago
  
  [ci skip]
  a24f66ea
- Merge branch 'security-content-type-check-13-9' into '8-63-stable' · b4bdce3d
  Jacob Vosmaer (GitLab) authored 3 years ago
  
  Check content type before running exiftool See merge request gitlab-org/security/gitlab-workhorse!35
  b4bdce3d
Apr 11, 2021
- Check content type before running exiftool · 09598ad5
  Jan Provaznik authored 3 years ago
  
  Assures that exiftool runs for jpeg/tiff images only.
  09598ad5
Apr 09, 2021
- Detect file MIME type before checking exif headers · 811ed902
  Charlie Ablett authored 3 years ago and Jan Provaznik committed 3 years ago
  
  Before running exiftool from rake task, file's MIME type is checked.
  811ed902
Apr 08, 2021
- Update ruby-saml and rexml gems · 47a068bb
  alex pooley authored 3 years ago
  
  47a068bb
Mar 31, 2021
- Merge remote-tracking branch 'dev/13-9-stable-ee' into 13-9-stable-ee · e2899b50
  GitLab Release Tools Bot authored 3 years ago
  
  e2899b50
- Update VERSION files · b5cf6b82
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v13.9.5-ee v13.9.5-ee
  
  b5cf6b82
- Update CHANGELOG.md for 13.9.5-ee · 820e45e5
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  820e45e5
- Update CHANGELOG-EE.md for 13.9.5-ee · 9072c854
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  9072c854
- Update Gitaly version to 13.9.5 · 55c9e7b9
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  55c9e7b9
Mar 30, 2021
- Merge branch 'security-291004-scoped-label-xss-13-9' into '13-9-stable-ee' · 0b19362a
  GitLab Release Tools Bot authored 3 years ago
  
  Escape HTML on scoped labels tooltip See merge request gitlab-org/security/gitlab!1324
  0b19362a
- Merge branch 'security-fix-xss-in-mr-sidebar-13-9' into '13-9-stable-ee' · c2d72aca
  GitLab Release Tools Bot authored 3 years ago
  
  Fixes XSS with source branch in the merge request sidebar See merge request gitlab-org/security/gitlab!1319
  c2d72aca
- Merge branch 'security/sh-json-validator-open-uri-patch-13-9' into '13-9-stable-ee' · eeee9bfa
  Robert Speicher authored 3 years ago
  
  Disable arbitrary URI and file reads in JSON validator See merge request gitlab-org/security/gitlab!1315
  eeee9bfa
- Merge branch... · 7b458728
  GitLab Release Tools Bot authored 3 years ago
  
  Merge branch 'security-360-prevent-any-users-from-deleting-metrics-issue-images-13-9' into '13-9-stable-ee' Adjust issuable policy for metric images See merge request gitlab-org/security/gitlab!1306
  7b458728
- Merge branch 'security-trigger-system-hook-by-post-13-9' into '13-9-stable-ee' · ff9f4c49
  GitLab Release Tools Bot authored 3 years ago
  
  Only accept POST request to trigger system hooks See merge request gitlab-org/security/gitlab!1312
  ff9f4c49
- Merge branch 'security-id-leave-pool-for-private-forks-13-9' into '13-9-stable-ee' · 063a16b0
  GitLab Release Tools Bot authored 3 years ago
  
  Leave pool repository on fork unlinking See merge request gitlab-org/security/gitlab!1296
  063a16b0
- Merge branch 'security-projects-branch-collaboration-loop-13-9' into '13-9-stable-ee' · becf5c76
  GitLab Release Tools Bot authored 3 years ago
  
  Prevent infinite loop when checking if collaboration is allowed See merge request gitlab-org/security/gitlab!1294
  becf5c76
- Merge branch 'security-kroki-arbitraryfile-read-write-13-9' into '13-9-stable-ee' · 0187ed35
  GitLab Release Tools Bot authored 3 years ago
  
  Kroki Arbitrary File Read/Write See merge request gitlab-org/security/gitlab!1286
  0187ed35
Mar 29, 2021
- Escape HTML on scoped labels tooltip · a2e4911c
  Mario Sebastián Celi Calderón authored 3 years ago
  
  Unverified
  
  a2e4911c
Mar 26, 2021
- Merge branch 'rs-mimemagic-13-9' into '13-9-stable-ee' · ea930ff9
  Robert Speicher authored 3 years ago
  
  Cherry-pick mimemagic-related changes to 13-9-stable-ee See merge request gitlab-org/gitlab!57613
  ea930ff9
- Merge branch 'update-ruby-magic' into 'master' · 66ddaa87
  Yorick Peterse authored 3 years ago
  
  Use ruby-magic-static for the time being See merge request gitlab-org/gitlab!57487
  Unverified
  
  66ddaa87
- Merge branch 'sh-use-upstream-ruby-magic' into 'master' · 2a927556
  Heinrich Lee Yu authored 3 years ago
  
  Use upstream ruby-magic project See merge request gitlab-org/gitlab!57463
  Unverified
  
  2a927556
- Merge branch 'mimemagic-git-shim' into 'master' · 40637e0d
  Robert Speicher authored 3 years ago
  
  Don't use Git in the mimemagic shim See merge request gitlab-org/gitlab!57516
  Unverified
  
  40637e0d
- Merge branch 'sh-update-ruby-magic-static' into 'master' · 033fafec
  Heinrich Lee Yu authored 3 years ago
  
  Update ruby-magic-static to v0.3.1 See merge request gitlab-org/gitlab!57458
  Unverified
  
  033fafec
- Merge branch 'mimemagic_shim' into 'master' · 0d26370f
  Heinrich Lee Yu authored 3 years ago
  
  Create a fake mimemagic gem in the vendors folder [RUN ALL RSPEC] [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!57443
  Unverified
  
  0d26370f
- Merge branch 'remove-direct-mimemagic-dependency' into 'master' · 657de9c8
  Dylan Griffith authored 3 years ago
  
  Replace mimemagic dependency and introduce a Gitlab::Utils::MimeType class See merge request gitlab-org/gitlab!57387
  Unverified
  
  657de9c8
- Merge branch 'remove-direct-mimemagic-dependency-minimal' into 'master' · ead2d6ac
  Thong Kuah authored 3 years ago
  
  Initial introduction of Gitlab::Utils::MimeType class See merge request gitlab-org/gitlab!57421
  Unverified
  
  ead2d6ac
- Merge branch 'remove_hipchat_gem' into 'master' · 8908f07f
  Luke Duncalfe authored 3 years ago
  
  Remove hipchat gem, and make HipChat service a no-op See merge request gitlab-org/gitlab!57434
  Unverified
  
  8908f07f
- Fixes XSS with source branch in the merge request sidebar · adb6d3ef
  Phil Hughes authored 3 years ago
  
  https://gitlab.com/gitlab-org/security/gitlab/-/issues/365
  Unverified
  
  adb6d3ef
Mar 25, 2021
- Disable arbitrary URI and file reads in JSON validator · a5c39482
  Stan Hu authored 3 years ago
  
  Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/325562
  a5c39482

Admin message

Admin message