- May 05, 2017
-
-
-
Lin Jen-Shin authored
[ci skip]
-
Lin Jen-Shin authored
[ci skip]
-
Lin Jen-Shin authored
* 8-17-stable: Backport rake downtime_check otherwise it's not passing
-
Lin Jen-Shin authored
-
Lin Jen-Shin authored
* 8-17-stable: Don't need to check this old migration Escape single quotes from gl dropdown Fix specs
-
-
- May 04, 2017
-
-
Felipe Artur authored
-
Felipe Artur authored
-
Felipe Artur authored
-
Felipe Artur authored
-
Felipe Artur authored
-
Felipe Artur authored
-
Lin Jen-Shin authored
* 8-17-stable: Merge branch 'fix-hamlit-xss' into 'security-9-1' Merge branch 'snippets-finder-visibility' into 'security' Merge branch 'branch-name-escape' into 'security' Merge branch '31157-respect-project-features-in-wiki-search' into 'security' Merge branch 'snippets_visibility' into 'security' Merge branch 'rs-sanitize-submodule-urls' into 'security' Merge branch 'bvl-markup-pipeline' into 'security' Merge branch 'bvl-validate-urls-in-markdown-using-uri' into 'security' Update VERSION to 8.17.5 Update CHANGELOG.md for 8.17.5
-
Douwe Maan authored
Respect project features when searching alternative branches with elasticsearch enabled See merge request !508
-
Robert Speicher authoredNew Hamlit XSS fix, does not include extraneous changes See merge request !2095
-
Douwe Maan authored
Refactor snippets finder & dont return internal snippets for external users See merge request !2094
-
Robert Speicher authored
Fix XSS in branches dropdown See merge request !2093
-
Douwe Maan authored
Respect project features in wiki and blob search See merge request !2089
-
Sean McGivern authored
Fix snippets visibility for show action - external users can not see internal snippets See merge request !2087
-
Douwe Maan authored
Sanitize submodule URLs before linking to them in the file tree view See merge request !2084
-
Robert Speicher authored
Render asciidoc & other markup using banzai in a pipeline See merge request !2088
-
Robert Speicher authored
Add correct `rel` attributes to external links when rendering markdown See merge request !2086
-
- Apr 06, 2017
-
-
DJ Mountney authored
-
DJ Mountney authored
[ci skip]
-
-
DJ Mountney authored
[ci skip]
-
DJ Mountney authored
[ci skip]
-
- Apr 05, 2017
-
-
DJ Mountney authored
-
Sean McGivern authored
Fix for three open redirect vulns using redirect_to url_for(params.merge))) See merge request !2082
-
DJ Mountney authored
Fix for path disclosure in project import/export See merge request !2080
-
DJ Mountney authored
-
DJ Mountney authored
Previously accidently added a test for a feature that does not exist in this release : preserved styles in labels
-
DJ Mountney authored
-
Sean McGivern authored
Fix for open redirect vuln involving continue[to] params See merge request !2083
-
Sean McGivern authored
Don’t show source project name when user does not have access See merge request !2081
-
Robert Speicher authored
Remove class from SanitizationFilter whitelist See merge request !2079
-
- Mar 19, 2017
-
-
James Lopez authored
-
James Lopez authored
[ci skip]
-
-
