- 24 Oct, 2019 5 commits
-
-
GitLab Release Tools Bot authored
Nested GraphQL query with circular relationship can cause Denial of Service See merge request gitlab/gitlabhq!3492
-
GitLab Release Tools Bot authored
Filter out search results based on permissions to avoid bugs leaking data See merge request gitlab/gitlabhq!3496
-
GitLab Release Tools Bot authored
Merge branch 'security-65756-ex-admin-attacker-can-comment-in-internalsecurity-65756-ex-admin-attacker-can-comment-in-internal-12-4' into '12-4-stable' Improper access control allows the attacker to comment in internal commit after they are no longer admin See merge request gitlab/gitlabhq!3497
-
GitLab Release Tools Bot authored
Merge branch 'security-ag-hide-private-members-in-project-member-autocomplete-12-4' into '12-4-stable' Hide private members in project member autocomplete See merge request gitlab/gitlabhq!3503
-
Aakriti Gupta authored
in a project members' list. Add tests for possible scenarios Re-factor and remove N + 1 queries Remove author from changelog Don't use memoisation when not needed Include users part of parents of project's group Re-factor tests Create and add users according to roles Re-use group created earlier Add incomplete test for ancestoral groups Rename method to clarify category of groups Skip pending test, remove comments not needed Remove extra line Include ancestors from invited groups as well Add specs for participants service Add more specs Add more specs use instead of Use public group owner instead of project maintainer to test owner acess Remove tests that have now been moved into participants_service_spec Use :context instead of :all Create nested group instead of creating an ancestor separately Add comment explaining doubt on the failing spec Imrpove test setup Optimize sql queries Refactor specs file Add rubocop disablement Add special case for project owners Add small refactor Add explanation to the docs Fix wording Refactor group check Add small changes in specs Add cr remarks Add cr remarks Add specs Add small refactor Add code review remarks Refactor for better database usage Fix failing spec Remove rubocop offences Add cr remarks
-
- 23 Oct, 2019 8 commits
-
-
charlieablett authored
-
charlieablett authored
-
charlieablett authored
-
Dylan Griffith authored
This will be used later for search filtering.
-
Dylan Griffith authored
This is to be more consistent as there is already a :read_note policy in NotePolicy. To keep other behaviour the same we've introduced a Note#noteable_ability_name that is used anywhere this was expected.
-
charlieablett authored
-
charlieablett authored
-
charlieablett authored
- List all overly-recursive fields - Reduce recursion threshold to 2 - Add test for not-recursive-enough query - Use reusable methods in tests - Add changelog - Set changeable acceptable recursion level - Add error check test helpers
-
- 22 Oct, 2019 3 commits
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Bot authored
-
- 07 Oct, 2019 3 commits
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
- 02 Oct, 2019 4 commits
-
-
Rémy Coutable authored
Quarantine some ECDSA related tests due to bumping openssl See merge request gitlab-org/gitlab!18016
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
-
- 01 Oct, 2019 4 commits
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
Marin Jankovski authored
Fix private feature Elasticsearch leak See merge request gitlab/gitlabhq!3450
-
Mark Chao authored
Add spec to test different combinations. Accept string for required_minimum_access_level Allow more flexible project membership query
-
- 30 Sep, 2019 1 commit
-
-
Stan Hu authored
Fix broken specs : Generate new GPG key in place of expired one Closes #32956 See merge request gitlab-org/gitlab!17853
-
- 26 Sep, 2019 12 commits
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
Fix Gitaly SearchBlobs flag RPC injection [Gitaly v1.65.1] See merge request gitlab/gitlabhq!3433
-
GitLab Release Tools Bot authored
Prevent Bypassing Email Verification using Salesforce See merge request gitlab/gitlabhq!3395
-
GitLab Release Tools Bot authored
Check that SAML identity linking validates the origin of the request See merge request gitlab/gitlabhq!3396
-
GitLab Release Tools Bot authored
Only render fixed number of mermaid blocks See merge request gitlab/gitlabhq!3411
-
GitLab Release Tools Bot authored
Merge branch 'security-12717-fix-confidential-issue-assignee-visible-to-guests-12-3' into '12-3-stable' Display only participants that user has permission to see See merge request gitlab/gitlabhq!3421
-
GitLab Release Tools Bot authored
Redirect user to root path after unsubscribing from private resource See merge request gitlab/gitlabhq!3423
-
GitLab Release Tools Bot authored
Hide disabled project milestones in project settings on group level See merge request gitlab/gitlabhq!3424
-
GitLab Release Tools Bot authored
Add policy check if cross reference system notes are accessible See merge request gitlab/gitlabhq!3426
-
GitLab Release Tools Bot authored
Cancel all running CI jobs when user is blocked See merge request gitlab/gitlabhq!3436
-
GitLab Release Tools Bot authored
Filter not accessible label events See merge request gitlab/gitlabhq!3440
-