Commits · 4c72a03ceab96df319c893d57c9807dbaed1879a · Léo-Paul Géneau / gitlab-ce

04 May, 2017 8 commits
- Merge branch 'fix-hamlit-xss' into 'security-9-1' · 4c72a03c
  Robert Speicher authored May 02, 2017
```
New Hamlit XSS fix, does not include extraneous changes

See merge request !2095
```
  4c72a03c
- Merge branch 'snippets-finder-visibility' into 'security' · bd35f223
  Douwe Maan authored Apr 28, 2017
```
Refactor snippets finder & dont return internal snippets for external users

See merge request !2094
```
  bd35f223
- Merge branch 'branch-name-escape' into 'security' · b74683ee
  Robert Speicher authored May 03, 2017
```
Fix XSS in branches dropdown

See merge request !2093
```
  b74683ee
- Merge branch '31157-respect-project-features-in-wiki-search' into 'security' · 28b4d18f
  Douwe Maan authored Apr 24, 2017
```
Respect project features in wiki and blob search

See merge request !2089
```
  28b4d18f
- Merge branch 'snippets_visibility' into 'security' · 4621fa2b
  Sean McGivern authored Apr 25, 2017
```
Fix snippets visibility for show action - external users can not see internal snippets

See merge request !2087
```
  4621fa2b
- Merge branch 'rs-sanitize-submodule-urls' into 'security' · ecbd9da8
  Douwe Maan authored Apr 10, 2017
```
Sanitize submodule URLs before linking to them in the file tree view

See merge request !2084
```
  ecbd9da8
- Merge branch 'bvl-markup-pipeline' into 'security' · bfab73b0
  Robert Speicher authored May 02, 2017
```
Render asciidoc & other markup using banzai in a pipeline

See merge request !2088
```
  bfab73b0
- Merge branch 'bvl-validate-urls-in-markdown-using-uri' into 'security' · 401ab708
  Robert Speicher authored May 02, 2017
```
Add correct `rel` attributes to external links when rendering markdown

See merge request !2086
```
  401ab708
06 Apr, 2017 2 commits
- Update VERSION to 8.17.5 · 2e93947c
  DJ Mountney authored Apr 05, 2017
  
  2e93947c
- Update CHANGELOG.md for 8.17.5 · 9df1f13e
  DJ Mountney authored Apr 05, 2017
```
[ci skip]
```
  9df1f13e
05 Apr, 2017 6 commits
- Merge branch 'open-redirect-host-fix' into 'security' · 1c500992
  Sean McGivern authored Apr 05, 2017
```
Fix for three open redirect vulns using redirect_to url_for(params.merge)))

See merge request !2082
```
  1c500992
- Merge branch 'path-disclosure-proj-import-export' into 'security' · c4b71fc4
  DJ Mountney authored Apr 05, 2017
```
Fix for path disclosure in project import/export

See merge request !2080
```
  c4b71fc4
- Fix bug with conflict resolution for security release for the events_helper spec · aa21d8cc
  DJ Mountney authored Apr 05, 2017
```
Previously accidently added a test for a feature that does not exist in this release
: preserved styles in labels
```
  aa21d8cc
- Merge branch 'open-redirect-fix-continue-to' into 'security' · 8fae6a3d
  Sean McGivern authored Apr 05, 2017
```
Fix for open redirect vuln involving continue[to] params

See merge request !2083
```
  8fae6a3d
- Merge branch '29364-private-projects-mr-fix' into 'security' · 191e748c
  Sean McGivern authored Apr 03, 2017
```
Don’t show source project name when user does not have access

See merge request !2081
```
  191e748c
- Merge branch '30125-markdown-security' into 'security' · 806b4ad5
  Robert Speicher authored Apr 02, 2017
```
Remove class from SanitizationFilter whitelist

See merge request !2079
```
  806b4ad5
19 Mar, 2017 2 commits
- Update VERSION to 8.17.4 · 3d2890c8
  James Lopez authored Mar 19, 2017
  
  3d2890c8
- Update CHANGELOG.md for 8.17.4 · 1f4af97f
  James Lopez authored Mar 19, 2017
```
[ci skip]
```
  1f4af97f
18 Mar, 2017 5 commits

Merge branch 'ssrf' into 'security' · 78d47070
Rubén Dávila authored Mar 18, 2017
```
nil check for url_blocker?

See merge request !2076
```
78d47070

Merge branch 'render-json-leak' into 'security' · a70346fc

DJ Mountney authored Mar 18, 2017

fix for render json include leaks

See merge request !2074
Conflicts:
	app/controllers/projects/merge_requests_controller.rb
	spec/controllers/projects/issues_controller_spec.rb

a70346fc

Merge branch 'fix-links-target-blank' into 'security' · f71103df

Jacob Schatz authored Mar 15, 2017

Adds rel="noopener noreferrer" to all links with target="_blank"

See merge request !2071
Conflicts:
	app/assets/javascripts/environments/components/environment_external_url.js

f71103df

Merge branch 'ssrf' into 'security' · 026fc91c
Douwe Maan authored Mar 15, 2017
```
Protect server against SSRF in project import URLs

See merge request !2068
```
026fc91c
Merge branch '28058-hide-emails-in-atom-feeds' into 'security' · 2d05a040
Rémy Coutable authored Feb 16, 2017
```
Only show public emails in atom feeds

See merge request !2066
```
2d05a040

15 Mar, 2017 4 commits
- Merge branch 'cherry-pick-bba00a8a' into '8-17-stable' · 8fb40829
  Robert Speicher authored Mar 15, 2017
```
Backport GitLab.com Pages IP change to 8.17

[ci skip]

See merge request !9934
```
  8fb40829
- Fix migrations not specifying DOWNTIME · a8812aaa
  Rémy Coutable authored Mar 15, 2017
```
Signed-off-by: Rémy Coutable <remy@rymai.me>
```
  a8812aaa
- Add `DOWNTIME = false` to 20160620115026_add_index_on_runners_locked.rb · 67de3543
  Rémy Coutable authored Mar 15, 2017
```
Signed-off-by: Rémy Coutable <remy@rymai.me>
```
  67de3543
- Add `DOWNTIME = false` to db/migrate/20160615142710_add_index_on_requested_at_to_members · 6b21a4bf
  Rémy Coutable authored Mar 15, 2017
```
Signed-off-by: Rémy Coutable <remy@rymai.me>
```
  6b21a4bf
14 Mar, 2017 3 commits
- Merge branch 'docs/include-gitlab-defaul-example-in-updates-stable' into '8-17-stable' · bebb620e
  Rémy Coutable authored Mar 14, 2017
```
Include instructions to update /etc/default/gitlab

See merge request !9926
```
  bebb620e
- Merge branch 'update-new-ip-pages-docs' into 'master' · 205d268a
  Achilleas Pipinellis authored Mar 06, 2017
```
Docs: update GL Pages IP on GL.com

See merge request !9739
```
  205d268a
- Include instructions to update /etc/default/gitlab · 1a716768
  Achilleas Pipinellis authored Mar 14, 2017
```
We were missing some info on updating /etc/default/gitlab

In particular, changes needed to be made in order for Pages to work,
see https://gitlab.com/gitlab-org/gitlab-ce/issues/29372
```
  1a716768
07 Mar, 2017 3 commits
- Update VERSION to 8.17.3 · f0c970ec
  Regis authored Mar 07, 2017
  
  f0c970ec
- Update CHANGELOG.md for 8.17.3 · 122de93b
  Regis authored Mar 07, 2017
```
[ci skip]
```
  122de93b
- Fix rubocop failure · 8f9b3b6c
  Felipe Artur authored Mar 07, 2017
  
  8f9b3b6c
06 Mar, 2017 6 commits
- Merge branch 'docs/pages-backport' into '8-17-stable' · 63b2b827
  Felipe Artur authored Mar 06, 2017
```
Move all Pages related content to a single location

See merge request !9695
```
  63b2b827
- Rename DestroyService to DeleteService on BlobsController#destroy · 976957c3
  Felipe Artur authored Mar 06, 2017
  
  976957c3
- Merge branch 'dm-fix-api-create-file-on-empty-repo' into 'master' · c36418aa
  Robert Speicher authored Mar 02, 2017
```
Fix creating a file in an empty repo using the API

Closes #28626

See merge request !9632
```
  c36418aa
- Revert "Merge branch 'dm-fix-api-create-file-on-empty-repo' into 'master'" · fb274568
  Felipe Artur authored Mar 06, 2017
```
This reverts commit 4b692487.
```
  fb274568
- Revert "Merge branch '28010-mr-merge-button-default-to-danger' into 'master'" · 1782ec0b
  Felipe Artur authored Mar 06, 2017
```
This reverts commit 071bf3b7.
```
  1782ec0b
- Merge branch 'add-additional-checks-to-ca-data' into 'master' · 5343a65b
  Jacob Schatz authored Feb 18, 2017
```
Small improvements for Cycle Analytics

See merge request !9153
```
  5343a65b
03 Mar, 2017 1 commit
- Move all Pages related content to a single location · 9bb0b584
  Achilleas Pipinellis authored Feb 28, 2017
  
  9bb0b584