Commits · b6ea76a00de5d26bce6dc1f221db3395faf110d0 · nexedi / gitlab-ce

22 Nov, 2019 8 commits
- Fix group created from other test from polluting · b6ea76a0
  Mark Chao authored Nov 14, 2019
  
  b6ea76a0
- Test admin for search accessibility · 60942bef
  Mark Chao authored Nov 14, 2019
```
Disabled features are ignored as they are grey areas
```
  60942bef
- Internalize private project minimum access level · 443db286
  Mark Chao authored Nov 14, 2019
```
Some feature allows GUEST to access only if project is not private.
This method returns access level when targeting private projects.
```
  443db286
- Fix scope to handle private guest permission · 0de1bfea
  Mark Chao authored Oct 22, 2019
```
Guest are blocked to certain feature when project is private,
therefore the scope would filter additionally with REPORTER level.
```
  0de1bfea
- ES: update permission spec table · d5bfeee5
  Mark Chao authored Nov 08, 2019
```
Remove impossible cases due to private project's features can only be
private or disabled.

Fix spec due to sidekiq indexing not triggered.

Update guest use cases: some features has additional constraint that
"Guest users are able to perform action on public/internal projects,
but not private ones."
```
  d5bfeee5
- Update VERSION to 12.5.0 · 1f0ab897
  GitLab Release Tools Bot authored Nov 22, 2019
  
  1f0ab897
- Update CHANGELOG.md for 12.5.0 · 2d143daf
  GitLab Release Tools Bot authored Nov 22, 2019
```
[ci skip]
```
  2d143daf
- Add latest changes from gitlab-org/gitlab@12-5-stable-ee · c6e6f89a
  GitLab Bot authored Nov 22, 2019
  
  c6e6f89a
20 Nov, 2019 4 commits
- Add latest changes from gitlab-org/gitlab@12-5-stable-ee · 89b09399
  GitLab Bot authored Nov 20, 2019
  
  89b09399
- Add latest changes from gitlab-org/gitlab@12-5-stable-ee · bbf697a0
  GitLab Bot authored Nov 20, 2019
  
  bbf697a0
- Add latest changes from gitlab-org/gitlab@12-5-stable-ee · 23e599fb
  GitLab Bot authored Nov 20, 2019
  
  23e599fb
- Add latest changes from gitlab-org/gitlab@12-5-stable-ee · e2d670d5
  GitLab Bot authored Nov 20, 2019
  
  e2d670d5
19 Nov, 2019 3 commits
- Add latest changes from gitlab-org/gitlab@12-5-stable-ee · 43e9756c
  GitLab Bot authored Nov 19, 2019
  
  43e9756c
- Update VERSION to 12.5.0-rc42 · 8664e124
  GitLab Release Tools Bot authored Nov 19, 2019
  
  8664e124
- Add latest changes from gitlab-org/gitlab@12-5-stable-ee · 5a8431fe
  GitLab Bot authored Nov 19, 2019
  
  5a8431fe
18 Nov, 2019 2 commits
- Update VERSION to 12.4.3 · 4d477238
  GitLab Release Tools Bot authored Nov 18, 2019
  
  4d477238
- Update CHANGELOG.md for 12.4.3 · b7ddcd16
  GitLab Release Tools Bot authored Nov 18, 2019
```
[ci skip]
```
  b7ddcd16
15 Nov, 2019 1 commit
- Add latest changes from gitlab-org/gitlab@12-4-stable-ee · b320251a
  GitLab Bot authored Nov 15, 2019
  
  b320251a
04 Nov, 2019 3 commits
- Update VERSION to 12.4.2 · 393a5bda
  GitLab Release Tools Bot authored Nov 04, 2019
  
  393a5bda
- Update CHANGELOG.md for 12.4.2 · 7fb895cb
  GitLab Release Tools Bot authored Nov 04, 2019
```
[ci skip]
```
  7fb895cb
- Add latest changes from gitlab-org/gitlab@12-4-stable-ee · 39b0e286
  GitLab Bot authored Nov 04, 2019
  
  39b0e286
30 Oct, 2019 1 commit
- Merge remote-tracking branch 'dev/12-4-stable' into 12-4-stable · 9fc4650d
  GitLab Release Tools Bot authored Oct 30, 2019
  
  9fc4650d
28 Oct, 2019 2 commits
- Update VERSION to 12.4.1 · 4281915c
  GitLab Release Tools Bot authored Oct 28, 2019
  
  4281915c
- Update CHANGELOG.md for 12.4.1 · 3830617e
  GitLab Release Tools Bot authored Oct 28, 2019
```
[ci skip]
```
  3830617e
25 Oct, 2019 4 commits
- Merge branch 'security-mask-sentry-token-12-4-ce' into '12-4-stable' · 8b69a396
  GitLab Release Tools Bot authored Oct 25, 2019
```
Mask Sentry auth token

See merge request gitlab/gitlabhq!3504
```
  8b69a396
- Merge branch 'security-remove-leaky-401-responses-12.4' into '12-4-stable' · 4f332498
  GitLab Release Tools Bot authored Oct 25, 2019
```
Private/internal repository enumeration via bruteforce on a vulnerable URL

See merge request gitlab/gitlabhq!3491
```
  4f332498
- Merge branch 'security-id-fix-disclosure-of-private-repo-names-12-4' into '12-4-stable' · 44612c0c
  GitLab Release Tools Bot authored Oct 25, 2019
```
Return 404 on LFS request if project doesn't exist

See merge request gitlab/gitlabhq!3506
```
  44612c0c
- Return 404 on LFS request if project doesn't exist · 48ab4c01
  Igor Drozdov authored Oct 25, 2019
  
  48ab4c01
24 Oct, 2019 12 commits

Merge branch 'security-bvl-validate-force-remove-branch-on-mrs-12-4-ce' into '12-4-stable' · 1581fb4c
GitLab Release Tools Bot authored Oct 24, 2019
```
Only assign merge params when allowed

See merge request gitlab/gitlabhq!3487
```
1581fb4c
Merge branch 'security-wiki-rdoc-content-12-4-ce' into '12-4-stable' · a2c31462
GitLab Release Tools Bot authored Oct 24, 2019
```
Pass all wiki markup formats through our Banzai pipeline filters

See merge request gitlab/gitlabhq!3485
```
a2c31462
Merge branch 'security-developer-transfer-project-12-4' into '12-4-stable' · 6df4db1f
GitLab Release Tools Bot authored Oct 24, 2019
```
Require Maintainer permission on group where project is transferred to

See merge request gitlab/gitlabhq!3486
```
6df4db1f
Merge branch 'security-open-redirect-internalredirect-12-4' into '12-4-stable' · b3490cf1
GitLab Release Tools Bot authored Oct 24, 2019
```
Use the '\A' and '\z' regex anchors in `InternalRedirect` to mitigate an Open Redirect issue.

See merge request gitlab/gitlabhq!3488
```
b3490cf1

Merge branch... · c9bcf8fc

GitLab Release Tools Bot authored Oct 24, 2019

Merge branch 'security-2914-labels-visible-despite-no-access-to-issues-repositories-12-4' into '12-4-stable'

Labels visible despite no access to issues & repositories

See merge request gitlab/gitlabhq!3489

c9bcf8fc

Merge branch 'security-2920-fix-notes-with-label-cross-reference-12-4' into '12-4-stable' · 853618e0
GitLab Release Tools Bot authored Oct 24, 2019
```
Project path reveals labels from Private project if the issue is moved to public project

See merge request gitlab/gitlabhq!3490
```
853618e0
Merge branch 'security-64519-circular-graphql-queries-12-4' into '12-4-stable' · a6adb336
GitLab Release Tools Bot authored Oct 24, 2019
```
Nested GraphQL query with circular relationship can cause Denial of Service

See merge request gitlab/gitlabhq!3492
```
a6adb336
Merge branch 'security-33689-post-filter-search-results-ce-12-4' into '12-4-stable' · bbe85167
GitLab Release Tools Bot authored Oct 24, 2019
```
Filter out search results based on permissions to avoid bugs leaking data

See merge request gitlab/gitlabhq!3496
```
bbe85167

Merge branch... · ddfb7160

GitLab Release Tools Bot authored Oct 24, 2019

Merge branch 'security-65756-ex-admin-attacker-can-comment-in-internalsecurity-65756-ex-admin-attacker-can-comment-in-internal-12-4' into '12-4-stable'

Improper access control allows the attacker to comment in internal commit after they are no longer admin

See merge request gitlab/gitlabhq!3497

ddfb7160

Merge branch... · 203f5b43

GitLab Release Tools Bot authored Oct 24, 2019

Merge branch 'security-ag-hide-private-members-in-project-member-autocomplete-12-4' into '12-4-stable'

Hide private members in project member autocomplete

See merge request gitlab/gitlabhq!3503

203f5b43

Mask Sentry auth token · 5c072495

Ryan Cobb authored Oct 07, 2019

This makes it so we mask Sentry's auth token. This mask only occurs in
the UI.

5c072495

Add milestone and label note types to cross refs · 3c60e336

Eugenia Grieff authored Oct 22, 2019

- Include new types in SystemNoteMetadata
- Add Label and Milestone reference_pattern to
Mentionable::ReferenceRegexes to be checked for cross references

3c60e336