- 04 Mar, 2019 40 commits
-
-
Yorick Peterse authored
-
Yorick Peterse authored
[master] Check issue milestone availability See merge request gitlab/gitlabhq!2788
-
Yorick Peterse authored
Don't allow non-members to see private related MRs Closes #2787 See merge request gitlab/gitlabhq!2866
-
Yorick Peterse authored
Forbid creating discussions for users with restricted access Closes #2788 See merge request gitlab/gitlabhq!2868
-
Igor Drozdov authored
-
Yorick Peterse authored
Fix leaking private repository information in API See merge request gitlab/gitlabhq!2881
-
Yorick Peterse authored
Prevent Releases links API to leak tag existence Closes #2795 See merge request gitlab/gitlabhq!2893
-
Yorick Peterse authored
Disable issue board policies when issues are disabled Closes #2798 See merge request gitlab/gitlabhq!2894
-
Yorick Peterse authored
Show only MRs visible to user on milestone detail See merge request gitlab/gitlabhq!2895
-
Yorick Peterse authored
Sharing a public project with a private group makes the group page publicly accessible See merge request gitlab/gitlabhq!2896
-
Yorick Peterse authored
Merge branch '2802-security-add-public-internal-groups-as-members-to-your-project-idor' into 'master' Add public/internal groups as members to your Project(IDOR) See merge request gitlab/gitlabhq!2898
-
Yorick Peterse authored
Block local URLs for Kubernetes integration See merge request gitlab/gitlabhq!2901
-
Yorick Peterse authored
Validate session key when authorizing with GCP to create a cluster Closes #2805 See merge request gitlab/gitlabhq!2902
-
Yorick Peterse authored
Check snippet attached file to be moved is within designated directory Closes #2806 See merge request gitlab/gitlabhq!2903
-
Yorick Peterse authored
Fix blind SSRF in Prometheus Integration See merge request gitlab/gitlabhq!2907
-
Reuben Pereira authored
Check validity before querying so that if the dns entry for the api_url has been changed to something invalid after the model was saved and checked for validity, it will not query. This is to solve a toctou (time of check to time of use) issue.
-
Yorick Peterse authored
[master] Remove link after issue move when no permissions See merge request gitlab/gitlabhq!2921
-
Yorick Peterse authored
Stop linking to unrecognized package sources See merge request gitlab/gitlabhq!2933
-
Yorick Peterse authored
Fix git clone revealing private repo's presence See merge request gitlab/gitlabhq!2937
-
Yorick Peterse authored
Arbitrary file read via MergeRequestDiff Closes #2814 See merge request gitlab/gitlabhq!2947
-
Francisco Javier López authored
-
Yorick Peterse authored
Limit number of characters allowed in mermaidjs See merge request gitlab/gitlabhq!2964
-
Yorick Peterse authored
[master] Prevent disclosing project milestone titles Closes #2794 See merge request gitlab/gitlabhq!2965
-
Yorick Peterse authored
Filter impersonated sessions from active sessions and remove ability to revoke session See merge request gitlab/gitlabhq!2968
-
Yorick Peterse authored
Ensure request to link GroupSAML acount was GitLab initiated See merge request gitlab/gitlabhq!2976
-
Stan Hu authored
sidekiq: terminate child processes at shutdown See merge request gitlab-org/gitlab-ce!25669
-
Mark Lapierre authored
Quarantine git protocol v2 tests See merge request gitlab-org/gitlab-ce!25744
-
Phil Hughes authored
Removes EE differences from ci_icon.vue Closes gitlab-ee#10084 See merge request gitlab-org/gitlab-ce!25742
-
Nick Thomas authored
Sidekiq jobs frequently spawn long-lived child processes to do work. In some circumstances, these can be reparented to init when sidekiq is terminated, leading to duplication of work and strange concurrency problems. This commit changes sidekiq so that, if run as a process group leader, it will forward `INT` and `TERM` signals to the whole process group. If the memory killer is active, it will also use the process group when resorting to `kill -9` to shut down. These changes mean that a naive `kill <pid-of-sidekiq>` will now do the right thing, killing any child processes spawned by sidekiq, as long as the process supervisor placed it in its own process group. If sidekiq isn't a process group leader, this new code is skipped.
-
Mark Lapierre authored
-
Ramya Authappan authored
De-quarantine project activity test Closes gitlab-org/quality/staging#21 See merge request gitlab-org/gitlab-ce!25630
-
Filipa Lacerda authored
-
Douwe Maan authored
Types::BaseField accepts authorize after reload See merge request gitlab-org/gitlab-ce!25694
-
Douwe Maan authored
Update Gitaly docs now NFS isn't required anymore See merge request gitlab-org/gitlab-ce!25397
-
Zeger-Jan van de Weg authored
-
Tim Zallmann authored
CE Add error string formatter for stylelint See merge request gitlab-org/gitlab-ce!25668
-
Rémy Coutable authored
Resolve some Rake task differences See merge request gitlab-org/gitlab-ce!25644
-
Phil Hughes authored
Resolve "Move files in the Web IDE" Closes #49397 See merge request gitlab-org/gitlab-ce!25431
-
Natalia Tepluhina authored
- fixed test spec - added warning only if file is deleted
-
Filipa Lacerda authored
CE backport of issuable-ee-differences See merge request gitlab-org/gitlab-ce!25730
-