Commits · 5fbbd3dd6e965f76ecf1767373bddd236a78a4be · nexedi / gitlab-ce

07 Aug, 2019 1 commit

Add support for Content-Security-Policy · 5fbbd3dd

Stan Hu authored Aug 05, 2019

A nonce-based Content-Security-Policy thwarts XSS attacks by allowing
inline JavaScript to execute if the script nonce matches the header
value. Rails 5.2 supports nonce-based Content-Security-Policy headers,
so provide configuration to enable this and make it work.

To support this, we need to change all `:javascript` HAML filters to the
following form:

```
= javascript_tag nonce: true do
  :plain
    ...
```

We use `%script` throughout our HAML to store JSON and other text, but
since this doesn't execute, browsers don't appear to block this content
from being used and require the nonce value to be present.

5fbbd3dd

06 Aug, 2019 3 commits

Merge branch 'sh-use-redis-caching-store' into 'master' · fa216b0e
Ash McKenzie authored Aug 06, 2019
```
Use Rails 5.2 Redis caching store

Closes #64794

See merge request gitlab-org/gitlab-ce!30966
```
fa216b0e

Merge branch 'docs-fix-links-to-low-weight-issues' into 'master' · 68221f50

Ray Paik authored Aug 06, 2019

Fix links to unassigned, low weight issues for first time contributors

See merge request gitlab-org/gitlab-ce!31485

68221f50

Merge branch 'fix-diverging-counts-ruby2.5' into 'master' · f2b8f357

Stan Hu authored Aug 06, 2019

(Really) Fix Ruby 2.5 compatibility for diverging counts of branches

Closes #64143

See merge request gitlab-org/gitlab-ce!31491

f2b8f357

05 Aug, 2019 36 commits
- Merge branch 'dblessing-fix-admin-user-radio-labels' into 'master' · 8adcc599
  Clement Ho authored Aug 05, 2019
```
Fix Admin area user access level radio button labels

See merge request gitlab-org/gitlab-ce!31154
```
  8adcc599
- Fix Admin area user access level radio button labels · 81f44275
  Drew Blessing authored Jul 25, 2019
```
In the admin user edit form, access level radio button labels didn't have
the correct 'for' value. Clicking on the label did not select the radio
button. This makes usability a bit nicer since the click area is increased
when the label is clickable.
```
  81f44275
- Use Rails 5.2 Redis caching store · b5771bcc
  Stan Hu authored Jul 19, 2019
```
This is the first step in providing a fault-tolerant and distributed
Redis caching store. We disable compression to avoid introducing a
change that could have an adverse effect in production.

Note that we won't be able to take advantage of the fault-tolerance and
distributed features yet until we solve
https://gitlab.com/gitlab-org/gitlab-ce/issues/64829.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/64794
```
  b5771bcc
- Fix Ruby 2.5 compatibility for diverging counts of branches · 33e10d70
  Daniel Gerhardt authored Aug 05, 2019
```
!31480 does not fully restore compatibility because another Ruby 2.6
feature besides `Enumerable#filter` was used in commit ca5cd7b7. The use
of `Enumerable#to_h`'s block is now replaced by an explicit
`Enumerable#map` call.

Error message:

	TypeError (wrong element type Gitlab::Git::Branch at 0 (expected array)):
  	app/controllers/projects/branches_controller.rb:53:in `to_h'

See https://bugs.ruby-lang.org/issues/15143.

Fixes #64143.
```
  33e10d70
- Merge branch '64831-add-padding-to-merged-by-widget' into 'master' · 029381b1
  Clement Ho authored Aug 05, 2019
```
Resolve "Add padding to "merged by" widget"

Closes #64831

See merge request gitlab-org/gitlab-ce!30972
```
  029381b1
- Revert "Make status icon in merge widget borderless" · 96d10213
  Marcel van Remmerden authored Aug 05, 2019
```
This reverts commit c3751046d217008404a0bd371e59d6ffd6734923.
```
  96d10213
- Merge branch 'renovate/gitlab-ui-5.x' into 'master' · d2aeae58
  Clement Ho authored Aug 05, 2019
```
Update dependency @gitlab/ui to v5.14.0

See merge request gitlab-org/gitlab-ce!31482
```
  d2aeae58
- Merge branch 'rz_extend_plugins' into 'master' · 0555bc64
  Evan Read authored Aug 05, 2019
```
Add example to plugins file

See merge request gitlab-org/gitlab-ce!30508
```
  0555bc64
- Add example to plugins file · 79a39a5c
  Ronald van Zon authored Aug 05, 2019
  
  79a39a5c
- Merge branch 'docs-add-gitlabci-file' into 'master' · baaba23f
  Evan Read authored Aug 05, 2019
```
Add description how to set custom CI file

See merge request gitlab-org/gitlab-ce!31445
```
  baaba23f
- Add description how to set custom CI file · fd2862fd
  Alexander Tanayno authored Aug 05, 2019
  
  fd2862fd
- Merge branch 'fix-name-vs-path-problem-for-cycle-analytics' into 'master' · 881052b8
  Mayra Cabrera authored Aug 05, 2019
```
Fix error on project name

See merge request gitlab-org/gitlab-ce!31471
```
  881052b8
- Fix error on project name · 6c5e9480
  Gosia Ksionek authored Aug 05, 2019
```
Add project path to sql query to build proper path
```
  6c5e9480
- Update CHANGELOG.md for 12.1.4 · 1dfbb27f
  GitLab Release Tools Bot authored Aug 05, 2019
```
[ci skip]
```
  1dfbb27f
- Merge branch '26866-api-endpoint-to-list-the-docker-images-tags-of-a-group' into 'master' · 926def1f
  Mayra Cabrera authored Aug 05, 2019
```
Resolve "API endpoint to list the Docker images/tags of a group"

See merge request gitlab-org/gitlab-ce!30817
```
  926def1f
- Add group level container repository endpoints · 3dbf3997
  Steve Abrams authored Aug 05, 2019
```
API endpoints for requesting container repositories
and container repositories with their tag information
are enabled for users that want to specify the group
containing the repository rather than the specific project.
```
  3dbf3997
- Merge branch 'sh-disable-redis-peek' into 'master' · e9918b1a
  Douglas Barbosa Alexandre authored Aug 05, 2019
```
Only track Redis calls if Peek is enabled

See merge request gitlab-org/gitlab-ce!31438
```
  e9918b1a
- Merge branch '64675-Dashboard-URL-legend-border' into 'master' · f3e2d048
  Clement Ho authored Aug 05, 2019
```
Removed external dashboard legend border

Closes #64675

See merge request gitlab-org/gitlab-ce!31407
```
  f3e2d048
- Removed external dashboard legend border · 7fd512d8
  Olena Horal-Koretska authored Aug 05, 2019
  
  7fd512d8
- Merge branch '63474-applying-a-quick-action-does-not-show-the-correct-message' into 'master' · b683d6e6
  Clement Ho authored Aug 05, 2019
```
Fixed bug from extra parenthesis

Closes #63474

See merge request gitlab-org/gitlab-ce!31479
```
  b683d6e6
- Update dependency @gitlab/ui to v5.14.0 · 1c8ed27a
  Lukas Eipert authored Aug 05, 2019
  
  1c8ed27a
- Merge branch 'docs-debug-cody' into 'master' · cafeb134
  Evan Read authored Aug 05, 2019
```
Bring diagnostics_tools.md from debug project to docs

See merge request gitlab-org/gitlab-ce!31399
```
  cafeb134
- Bring diagnostics_tools.md from debug project to docs · dd2b8724
  Marcel Amirault authored Aug 05, 2019
  
  dd2b8724
- Merge branch 'docs-quick-action-labels' into 'master' · fab7500d
  Evan Read authored Aug 05, 2019
```
Document when quotes aren't needed for quick actions

Closes #63735

See merge request gitlab-org/gitlab-ce!31338
```
  fab7500d
- Document when quotes aren't needed for quick actions · 2849715a
  Sean McGivern authored Aug 05, 2019
  
  2849715a
- Merge branch 'add-missing-timezone-legacy-artifacts' into 'master' · c368bae5
  Stan Hu authored Aug 05, 2019
```
Add missing timezone when copying legacy artifacts (ci_builds)

See merge request gitlab-org/gitlab-ce!31447
```
  c368bae5
- Merge branch 'jts/update-security-doc' into 'master' · 7205687c
  Robert Speicher authored Aug 05, 2019
```
Updates security templates

[ci skip]

See merge request gitlab-org/gitlab-ce!31431
```
  7205687c
- Updates security templates · a2170957
  John Skarbek authored Aug 05, 2019
  
  a2170957
- Merge branch 'explicit-helm-factory-certs' into 'master' · 9982cec6
  Michael Kozono authored Aug 05, 2019
```
Use stubbed key and certificate in Helm factory

See merge request gitlab-org/gitlab-ce!31169
```
  9982cec6
- Merge branch 'id-fix-diverging-counts' into 'master' · 112ba080
  Stan Hu authored Aug 05, 2019
```
Use select instead of filter to support 2.5

See merge request gitlab-org/gitlab-ce!31480
```
  112ba080
- Use select instead of filter to support 2.5 · 92d273a9
  Igor authored Aug 05, 2019
  
  92d273a9
- Fix links to unassigned, low weight issues for first time contributors · dd36b709
  John Hope authored Aug 05, 2019
  
  dd36b709
- Merge branch '64016-add-shell-style-guide-link-to-development-page' into 'master' · 3dfc89ad
  Marcia Ramos authored Aug 05, 2019
```
Add shell scripting guides to development README

Closes #64016

See merge request gitlab-org/gitlab-ce!31467
```
  3dfc89ad
- Add shell scripting guides to development README · e5304cf6
  Victor Zagorodny authored Aug 05, 2019
  
  e5304cf6
- Merge branch 'bjk/worker_scale_doc' into 'master' · b8293135
  Achilleas Pipinellis authored Aug 05, 2019
```
Update Unicorn Worker recommendation

See merge request gitlab-org/gitlab-ce!31404
```
  b8293135
- Merge branch 'rz_es_update' into 'master' · 137aebc9
  Achilleas Pipinellis authored Aug 05, 2019
```
Docs - Strongly discourage installing ES on the same server as GitLab

See merge request gitlab-org/gitlab-ce!30169
```
  137aebc9