- 28 Jan, 2020 40 commits
-
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
#40 - Denial of service via AsciiDoc include:: overuse See merge request gitlab-org/security/gitlab!133
-
Alex Kalderimis authored
This sets a maximum limit on the number of include directives that any one file may use (transitively). This is set relatively low at the moment to 32 since each one requires a gitlay call to retrieve a blob from the repo, and experimentation suggests that this keeps processing to under 10sec. This approach prevents both cyclic imports as well as having a single file with an extremely lang list of includes.
-
GitLab Release Tools Bot authored
Show last_pipeline in commits API only if user can read pipeline Closes #5 See merge request gitlab-org/security/gitlab!13
-
GitLab Release Tools Bot authored
Bump rubyzip to 2.0.0 Closes #13 See merge request gitlab-org/security/gitlab!41
-
GitLab Release Tools Bot authored
Disable caching on API project/raw endpoint See merge request gitlab-org/security/gitlab!49
-
GitLab Release Tools Bot authored
Fix xss on frequent groups dropdown Closes #15 See merge request gitlab-org/security/gitlab!50
-
GitLab Release Tools Bot authored
Enforce permission check when counting events See merge request gitlab-org/security/gitlab!51
-
GitLab Release Tools Bot authored
Prevent API access for unconfirmed users See merge request gitlab-org/security/gitlab!52
-
GitLab Release Tools Bot authored
Mask grafana token with encryption See merge request gitlab-org/security/gitlab!53
-
GitLab Release Tools Bot authored
Remove todos for users from removed linked group See merge request gitlab-org/security/gitlab!59
-
GitLab Release Tools Bot authored
Fix reference visibility check Closes #23 See merge request gitlab-org/security/gitlab!66
-
GitLab Release Tools Bot authored
ImportExport::ExportService to require admin_project permission See merge request gitlab-org/security/gitlab!69
-
GitLab Release Tools Bot authored
Protect internal builds from external overrides Closes #22 See merge request gitlab-org/security/gitlab!72
-
GitLab Release Tools Bot authored
Add constraint to dependency proxy route See merge request gitlab-org/security/gitlab!77
-
GitLab Release Tools Bot authored
Verify workhorse request for file uploads See merge request gitlab-org/security/gitlab!83
-
GitLab Release Tools Bot authored
Make cross-repository comparisons happen in the source repository Closes #29 See merge request gitlab-org/security/gitlab!84
-
GitLab Release Tools Bot authored
Update excon to 0.71.1 to fix CVE-2019-16779 Closes #35 See merge request gitlab-org/security/gitlab!102
-
GitLab Release Tools Bot authored
Fix XSS vulnerability on custom project templates form Closes #32 See merge request gitlab-org/security/gitlab!111
-
Marcel Amirault authored
Clarify the usage of `trigger:strategy` See merge request gitlab-org/gitlab!23583
-
Fabio Pitino authored
-
Sean McGivern authored
Revert "Merge branch 'georgekoltsov/group_seeder_rake_task' into 'master'" See merge request gitlab-org/gitlab!23852
-
Nick Thomas authored
Add `gitlab_page_out_of_bounds` to Prometheus docs Closes #198475 See merge request gitlab-org/gitlab!23802
-
Dmytro Zaporozhets authored
Refactor instance security dashboard permissions See merge request gitlab-org/gitlab!22740
-
Avielle Wolfe authored
This commit updates the instance security dashboard controllers to get their permission scheme from the same concern as the group and project security dashboard controllers.
-
Jan Provaznik authored
Refactoring: Move "Credential inventory" to a re-usable concern Closes #38133 See merge request gitlab-org/gitlab!23495
-
Natalia Tepluhina authored
Frontend: Rename Sast Container to Container Scanning See merge request gitlab-org/gitlab!23814
-
Lukas 'Eipi' Eipert authored
We haven't been using the Sast Container term in a long time and this renames all the occurences in the Merge Request widget VueX store
-
Nick Thomas authored
Resolve "NoMethodError: undefined method `unsubscribe' for nil:NilClass" Closes #199034 See merge request gitlab-org/gitlab!23747
-
Rémy Coutable authored
This reverts merge request !21657
-
Marcia Ramos authored
Clarify usage of Merge Request, merge request, and MR See merge request gitlab-org/gitlab!23646
-
manojmj authored
This change moves the methods used for Credentials Inventory feature to a re-usable concern.
-
Sean McGivern authored
Add http status cop in project controller specs See merge request gitlab-org/gitlab!23801
-
Achilleas Pipinellis authored
Docs: update docs style guide for headings and anchors See merge request gitlab-org/gitlab!23777
-
Marcia Ramos authored
-
Achilleas Pipinellis authored
Create SSOT for package manager formats See merge request gitlab-org/gitlab!23805
-
Tim Rizzi authored
-
Bob Van Landuyt authored
Merge branch '197908-nomethoderror-undefined-method-without_count-for-kaminari-paginatablearray' into 'master' Fix 500 error in global & group search for blob, wiki_blob and commit search Closes #197908 See merge request gitlab-org/gitlab!23326
-
Walmyr Lima e Silva Filho authored
Remove passing tests from quarantine Closes #196034 and #118473 See merge request gitlab-org/gitlab!23833
-