Commits · v13.8.8-ee · Quang-Minh Nguyen / GitLab

Apr 13, 2021
- Update VERSION files · 5760c3c5
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v13.8.8-ee v13.8.8-ee
  
  5760c3c5
- Update CHANGELOG.md for 13.8.8-ee · 74224e42
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  74224e42
- Update CHANGELOG-EE.md for 13.8.8-ee · 84b76702
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  84b76702
- Update Gitaly version to 13.8.8 · 3d77f87d
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  3d77f87d
- Merge branch 'content-type-check-13-8' into '13-8-stable-ee' · a15bb930
  Robert Speicher authored 3 years ago
  
  Check content type before running exiftool See merge request gitlab-org/security/gitlab!1348
  a15bb930
- Merge branch 'security-ruby-saml-auth-bypass-fix-13-8' into '13-8-stable-ee' · 4957b8b7
  Robert Speicher authored 3 years ago
  
  Security ruby saml auth bypass fix See merge request gitlab-org/security/gitlab!1335
  4957b8b7
- Merge branch 'security-327154-only-jpeg-tiff-13-8' into '13-8-stable-ee' · b3e7f5e4
  Robert Speicher authored 3 years ago
  
  Detect file format before checking exif headers See merge request gitlab-org/security/gitlab!1340
  b3e7f5e4
Apr 12, 2021
- Update vendored workhorse to v8.59.3 · 6adf4dff
  Jan Provaznik authored 3 years ago
  
  6adf4dff
- Update GITLAB_WORKHORSE_VERSION · 65f5b3fb
  Jan Provaznik authored 3 years ago
  
  65f5b3fb
- Update VERSION to 8.59.3 · a6c9f34c
  Jacob Vosmaer (GitLab) authored 3 years ago
  
  a6c9f34c
- Update CHANGELOG for 8.59.3 · d3a7cedb
  Jacob Vosmaer (GitLab) authored 3 years ago
  
  [ci skip]
  d3a7cedb
- Merge branch 'security-content-type-check-13-8' into '8-59-stable' · 3471463d
  Jacob Vosmaer (GitLab) authored 3 years ago
  
  Check content type before running exiftool See merge request gitlab-org/security/gitlab-workhorse!36
  3471463d
Apr 11, 2021
- Check content type before running exiftool · 15df58dc
  Jan Provaznik authored 3 years ago
  
  Assures that exiftool runs for jpeg/tiff images only.
  15df58dc
Apr 09, 2021
- Detect file MIME type before checking exif headers · 5f4c10b7
  Charlie Ablett authored 3 years ago and Jan Provaznik committed 3 years ago
  
  Before running exiftool from rake task, file's MIME type is checked.
  5f4c10b7
Apr 08, 2021
- Update ruby-saml and rexml gems · 3e1fd72c
  alex pooley authored 3 years ago and Imre (Admin) committed 3 years ago
  
  3e1fd72c
Mar 31, 2021
- Merge remote-tracking branch 'dev/13-8-stable-ee' into 13-8-stable-ee · 7168edcc
  GitLab Release Tools Bot authored 3 years ago
  
  7168edcc
- Update VERSION files · 2378e1fe
  GitLab Release Tools Bot authored 3 years ago
  
  [merge-train skip]
  View commits for tag v13.8.7-ee v13.8.7-ee
  
  2378e1fe
- Update CHANGELOG.md for 13.8.7-ee · 44473967
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  44473967
- Update CHANGELOG-EE.md for 13.8.7-ee · 92656a0a
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  92656a0a
- Update Gitaly version to 13.8.7 · 8830e6a4
  GitLab Release Tools Bot authored 3 years ago
  
  [ci skip]
  8830e6a4
Mar 30, 2021
- Merge branch 'security-291004-scoped-label-xss-13-8' into '13-8-stable-ee' · 9d2da55e
  Robert Speicher authored 3 years ago
  
  Escape HTML on scoped labels tooltip See merge request gitlab-org/security/gitlab!1325
  9d2da55e
- Merge branch 'security-fix-xss-in-mr-sidebar-13-8' into '13-8-stable-ee' · 93e50b51
  GitLab Release Tools Bot authored 3 years ago
  
  Fixes XSS with source branch in the merge request sidebar See merge request gitlab-org/security/gitlab!1320
  93e50b51
- Merge branch... · ce559a4f
  GitLab Release Tools Bot authored 3 years ago
  
  Merge branch 'security-360-prevent-any-users-from-deleting-metrics-issue-images-13-8' into '13-8-stable-ee' Adjust issuable policy for metric images See merge request gitlab-org/security/gitlab!1307
  ce559a4f
- Merge branch 'security-trigger-system-hook-by-post-13-8' into '13-8-stable-ee' · 61a60e08
  GitLab Release Tools Bot authored 3 years ago
  
  Only accept POST request to trigger system hooks See merge request gitlab-org/security/gitlab!1313
  61a60e08
- Merge branch 'security-id-leave-pool-for-private-forks-13-8' into '13-8-stable-ee' · 2821763d
  GitLab Release Tools Bot authored 3 years ago
  
  Leave pool repository on fork unlinking See merge request gitlab-org/security/gitlab!1297
  2821763d
- Merge branch 'security-projects-branch-collaboration-loop-13-8' into '13-8-stable-ee' · 61f459ac
  GitLab Release Tools Bot authored 3 years ago
  
  Prevent infinite loop when checking if collaboration is allowed See merge request gitlab-org/security/gitlab!1295
  61f459ac
- Merge branch 'security-kroki-arbitraryfile-read-write-13-8' into '13-8-stable-ee' · 40507019
  GitLab Release Tools Bot authored 3 years ago
  
  Kroki Arbitrary File Read/Write See merge request gitlab-org/security/gitlab!1285
  40507019
Mar 29, 2021
- Escape HTML on scoped labels tooltip · b91a2774
  Mario Sebastián Celi Calderón authored 3 years ago
  
  Unverified
  
  b91a2774
Mar 26, 2021
- Merge branch 'rs-mimemagic-13-8' into '13-8-stable-ee' · 9f0c3180
  Robert Speicher authored 3 years ago
  
  Cherry-pick mimemagic-related changes to 13-8-stable-ee See merge request gitlab-org/gitlab!57616
  9f0c3180
- Merge branch 'update-ruby-magic' into 'master' · e6170875
  Yorick Peterse authored 3 years ago
  
  Use ruby-magic-static for the time being See merge request gitlab-org/gitlab!57487
  Unverified
  
  e6170875
- Merge branch 'sh-use-upstream-ruby-magic' into 'master' · e4139990
  Heinrich Lee Yu authored 3 years ago
  
  Use upstream ruby-magic project See merge request gitlab-org/gitlab!57463
  Unverified
  
  e4139990
- Merge branch 'mimemagic-git-shim' into 'master' · 67f9d74f
  Robert Speicher authored 3 years ago
  
  Don't use Git in the mimemagic shim See merge request gitlab-org/gitlab!57516
  Unverified
  
  67f9d74f
- Merge branch 'sh-update-ruby-magic-static' into 'master' · 34cac54e
  Heinrich Lee Yu authored 3 years ago
  
  Update ruby-magic-static to v0.3.1 See merge request gitlab-org/gitlab!57458
  Unverified
  
  34cac54e
- Merge branch 'mimemagic_shim' into 'master' · 8142ef3f
  Heinrich Lee Yu authored 3 years ago
  
  Create a fake mimemagic gem in the vendors folder [RUN ALL RSPEC] [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!57443
  Unverified
  
  8142ef3f
- Merge branch 'remove-direct-mimemagic-dependency' into 'master' · c7a5529a
  Dylan Griffith authored 3 years ago
  
  Replace mimemagic dependency and introduce a Gitlab::Utils::MimeType class See merge request gitlab-org/gitlab!57387
  Unverified
  
  c7a5529a
- Merge branch 'remove-direct-mimemagic-dependency-minimal' into 'master' · 05fca47d
  Thong Kuah authored 3 years ago
  
  Initial introduction of Gitlab::Utils::MimeType class See merge request gitlab-org/gitlab!57421
  Unverified
  
  05fca47d
- Merge branch 'remove_hipchat_gem' into 'master' · d5afe568
  Luke Duncalfe authored 3 years ago
  
  Remove hipchat gem, and make HipChat service a no-op See merge request gitlab-org/gitlab!57434
  Unverified
  
  d5afe568
- Fixes XSS with source branch in the merge request sidebar · 26526fdd
  Phil Hughes authored 3 years ago
  
  https://gitlab.com/gitlab-org/security/gitlab/-/issues/365
  Unverified
  
  26526fdd
Mar 23, 2021

Only accept POST request to trigger system hooks · b0864898

Ron Chan authored 3 years ago

Adding changelog for system hooks trigger

Adding the changelog file security-trigger-system-hook-by-post.yml

Added spec for POST request to system hooks

Remove GET request endpoints for system hooks

b0864898

Mar 22, 2021
- Adjust issuable policy for metric images · be92a3c5
  Sean Arnold authored 3 years ago
  
  - Prevent non members from having destructive permisions
  be92a3c5

Admin message

Admin message