Commits · 8908091044fdcd4da1a843aa8be9bc0d4eb76c46 · nexedi / gitlab-ce

30 Apr, 2020 3 commits
- Merge branch 'security-validate-nuget-pkg-version-before-updating-uploaded-file' into 'master' · 89080910
  GitLab Release Tools Bot authored Apr 30, 2020
```
Update and validate nuget package before updating uploaded file path

Closes #113

See merge request gitlab-org/security/gitlab!481
```
  89080910
- Update and validate nuget package before anything · 45c366c8
  David Fernandez authored Apr 29, 2020
```
In particular, before updating the stored file path.
```
  45c366c8
- Merge branch 'security-toggle-sectional_codeowners-false-for-failing-spec' into 'master' · db86e9e3
  Alessio Caiazza authored Apr 30, 2020
```
Disable :section_codeowners FF for failing spec

See merge request gitlab-org/security/gitlab!489
```
  db86e9e3
29 Apr, 2020 1 commit
- Disable :section_codeowners FF for failing spec · 0e6b8caf
  Kerri Miller authored Apr 29, 2020
  
  0e6b8caf
27 Apr, 2020 36 commits

GitLab Release Tools Bot authored Apr 27, 2020

Merge branch 'security-validate-use-propery-workhorse-rewritten-fields-for-multipart-uploads' into 'master'

Properly use workhorse rewritten fields and validate them

Closes #116

See merge request gitlab-org/security/gitlab!433

c1b0cf95

Merge branch 'security-mask-gh-service-password' into 'master' · 021e6322

John Skarbek authored Apr 27, 2020

Change GitHub service integration token input to password

Closes #34

See merge request gitlab-org/security/gitlab!97

021e6322

Merge branch 'security-apply-codeowners-checks-to-web_ui' into 'master' · ec1386a1
John Skarbek authored Apr 27, 2020
```
Apply CODEOWNER validations to web requests

Closes #93

See merge request gitlab-org/security/gitlab!346
```
ec1386a1
Merge branch 'security-file-template-project' into 'master' · f13b8c4d
GitLab Release Tools Bot authored Apr 27, 2020
```
Do not expose private group ID through group API

Closes #118

See merge request gitlab-org/security/gitlab!447
```
f13b8c4d
Merge branch 'security-fix-CVE-2020-10187' into 'master' · 03213b25
GitLab Release Tools Bot authored Apr 27, 2020
```
Fix doorkeeper CVE-2020-10187

Closes #115

See merge request gitlab-org/security/gitlab!429
```
03213b25
Merge branch 'security-fix-path-traversal-in-nuget-package-repository' into 'master' · f98ce6b4
GitLab Release Tools Bot authored Apr 27, 2020
```
Security fix path traversal in nuget package repository

Closes #113

See merge request gitlab-org/security/gitlab!428
```
f98ce6b4
Merge branch 'security-fix-es-credentials-leak' into 'master' · 797f6e8c
GitLab Release Tools Bot authored Apr 27, 2020
```
Prevent ES credentials leak

Closes #111

See merge request gitlab-org/security/gitlab!413
```
797f6e8c
Merge branch 'security-admin-audit-log-dos' into 'master' · 75d99ce3
GitLab Release Tools Bot authored Apr 27, 2020
```
Fix rendering failure of Audit Event

Closes #110

See merge request gitlab-org/security/gitlab!412
```
75d99ce3
Merge branch 'security-mirror-urls' into 'master' · 2f2de2c2
GitLab Release Tools Bot authored Apr 27, 2020
```
Return only safe urls for mirrors

Closes #101

See merge request gitlab-org/security/gitlab!389
```
2f2de2c2
Merge branch 'security-branch-permissions' into 'master' · 5d0810e0
GitLab Release Tools Bot authored Apr 27, 2020
```
Check permissions for find_file_path

Closes #103

See merge request gitlab-org/security/gitlab!392
```
5d0810e0
Merge branch 'security-codeowner-diffs' into 'master' · 466bff8e
GitLab Release Tools Bot authored Apr 27, 2020
```
Ensure MR diff exists before codeowner check

Closes #94

See merge request gitlab-org/security/gitlab!351
```
466bff8e
Merge branch 'mattkasa/215391-terraform-read-request-body' into 'master' · e006b8b0
Grzegorz Bizon authored Apr 27, 2020
```
Test terraform state API using Unicorn::TeeInput

See merge request gitlab-org/gitlab!30334
```
e006b8b0
Merge branch 'add-ops-strategies-user-lists-table' into 'master' · 2d2ce63d
Toon Claes authored Apr 27, 2020
```
Create Ops Strategies User Lists Table

See merge request gitlab-org/gitlab!30243
```
2d2ce63d
Create operations_strategies_user_lists table · 8e85a96a
Jason Goodman authored Apr 27, 2020
```
For applying user lists to a feature flag strategy
```
8e85a96a
Merge branch 'ph/enableLfsBadgeByDefault' into 'master' · e6c939f2
Stan Hu authored Apr 27, 2020
```
Enable Vue LFS badge by default

See merge request gitlab-org/gitlab!30469
```
e6c939f2
Merge branch '212558-follow-up-parse-boolean' into 'master' · 29530857
Nathan Friend authored Apr 27, 2020
```
Refactor to use parseBoolean

See merge request gitlab-org/gitlab!30076
```
29530857
Merge branch '213219_01-update-replicable-ui' into 'master' · fd46e26d
Nathan Friend authored Apr 27, 2020
```
Update Geo Replicable Filter Nav

See merge request gitlab-org/gitlab!29979
```
fd46e26d
Merge branch '214686-burndown-ambiguous-match' into 'master' · f7b46b76
Phil Hughes authored Apr 27, 2020
```
Remove duplicate QA attribute for burndown charts

Closes #214686

See merge request gitlab-org/gitlab!29719
```
f7b46b76
Merge branch 'dmishunov-clone-btn-margin' into 'master' · 041648b7
Phil Hughes authored Apr 27, 2020
```
Added side margin to Clone button

See merge request gitlab-org/gitlab!30471
```
041648b7

Merge branch... · 978f3d66

Mark Florian authored Apr 27, 2020

Merge branch '34817-issue-description-reverts-to-an-older-version-when-saving-without-prompting-the-conflict' into 'master'

Updated autosave.js to save a lock version

See merge request gitlab-org/gitlab!29349

978f3d66

Apply CODEOWNER validations to web requests · 4d73ef61

Kerri Miller authored Mar 17, 2020

We had previously not applied these to web requests, thinking them to be
redundant. However, this poses a potential security issue, so we need to
enable them.

Format error msg for web requests

We'll eventually clean this messaging up for the web, but the simplest
thing we can do is remove the \n characters so that the API can send
(and the front end display) the error message legibly; the \n were
causing us to drop everything after the first line. It's ugly, but it is
approved language and is FAR more helpful for a user to be able to
resolve the issue.

4d73ef61

Merge branch 'patch-38' into 'master' · 0a49a02f
Marcin Sedlak-Jakubowski authored Apr 27, 2020
```
Docs: Update due_dates.md with quick actions reference

See merge request gitlab-org/gitlab!30444
```
0a49a02f
Apply suggestion to doc/user/project/issues/due_dates.md · 1690f3f5
Marcin Sedlak-Jakubowski authored Apr 27, 2020

1690f3f5
Merge branch 'renovate/major-gitlab-uisvg' into 'master' · 6caaab95
Denys Mishunov authored Apr 27, 2020
```
Update dependency @gitlab/ui to v13

See merge request gitlab-org/gitlab!30413
```
6caaab95

Merge branch... · bf0f5ac9

Kushal Pandya authored Apr 27, 2020

Merge branch 'migrate_ee_spec_javascripts_vue_mr_widget_components_performance_issue_body_spec' into 'master'

Migrate ee performance_issue_body_spec to Jest

See merge request gitlab-org/gitlab!30452

bf0f5ac9

Merge branch '28560_cleanup_optimistic_locking_db_pt2-second-try' into 'master' · 88ab2386
Adam Hegyi authored Apr 27, 2020
```
[FIXED] Set all NULL `lock_version` values to 0 PART 2

See merge request gitlab-org/gitlab!30305
```
88ab2386
Merge branch '205722-migrate-project-snippets-to-ghost-user' into 'master' · cc08fb76
Jarka Košanová authored Apr 27, 2020
```
Migrate project snippets to the ghost user when the user is deleted

See merge request gitlab-org/gitlab!28870
```
cc08fb76
Migrate project snippets to the ghost user when the user is deleted · 1bf799e2
George Thomas authored Apr 27, 2020
```
Closes #205772
```
1bf799e2
Remove duplicate QA attribute for burndown charts · 6803ee52
Mark Fletcher authored Apr 16, 2020

6803ee52
Merge branch '201730-refactor-package-details-installation-tabs' into 'master' · 19aa7cb7
Denys Mishunov authored Apr 27, 2020
```
Refactor package details installation tabs

See merge request gitlab-org/gitlab!29946
```
19aa7cb7
Merge branch '215190-add-sectional-parsing-of-codeowners' into 'master' · 4d41259a
James Lopez authored Apr 27, 2020
```
Add :sectional_codeowners feature flag

See merge request gitlab-org/gitlab!30311
```
4d41259a
Update dependency @gitlab/ui to v13 · fe47a744
GitLab Bot authored Apr 27, 2020

fe47a744
Merge branch 'jswain_add_customer_portal_link' into 'master' · ca720e7e
Phil Hughes authored Apr 27, 2020
```
Add link to customer portal from license dashboard

See merge request gitlab-org/gitlab!30330
```
ca720e7e

Added side margin to Clone button · 61162a9f

Denys Mishunov authored Apr 27, 2020

On the Snippet view with "Clone" button visible, there's not enough
right margin to comply with Pajamas. This MR fixes this issue.

61162a9f

Set all NULL `lock_version` values to 0 PART 2 · 6c1ef089

Mario de la Ossa authored Apr 23, 2020

Rails silently casts NULL `lock_version` values to 0 while doing
optimistic locking, which causes false stale object exceptions. We had a
monkey patch that would change it to check for [NULL, 0] but want to
avoid monkey-patching if possible, which means we need to clean up our
database values.

This Commit is for CI objects (CI Stages, CI Builds, CI Pipelines)

6c1ef089

Merge branch 'mw-cr-filter-store' into 'master' · b85f9cc8
Phil Hughes authored Apr 27, 2020
```
Code Review Analytics: Add filters store

See merge request gitlab-org/gitlab!30361
```
b85f9cc8