Commits · bacd16f9f06acccdd9ec1e13183a7b40ece9bb76 · nexedi / gitlab-ce

01 Jul, 2020 4 commits
- Added missing changelog entries for 12.10.13 · bacd16f9
  Yorick Peterse authored Jul 01, 2020
  
  bacd16f9
- Added missing changelog entries for 13.0.8 · b05279cb
  Yorick Peterse authored Jul 01, 2020
  
  b05279cb
- Update CHANGELOG.md for 13.1.2 · 7869182a
  GitLab Release Tools Bot authored Jul 01, 2020
```
[ci skip]
```
  7869182a
- Update CHANGELOG-EE.md for 13.1.2-ee · e3499d19
  GitLab Release Tools Bot authored Jul 01, 2020
```
[ci skip]
```
  e3499d19
29 Jun, 2020 36 commits
- Merge branch 'fix-repository-validation-service-spec' into 'master' · 0c9e361f
  Robert Speicher authored Jun 29, 2020
```
Fixes RepositoryValidationService spec

See merge request gitlab-org/security/gitlab!696
```
  0c9e361f
- Fixes RepositoryValidationService spec · 6afce716
  Mayra Cabrera authored Jun 29, 2020
```
Add 'Rspec' at the beginning of the spec
```
  6afce716
- Merge branch 'security-fj-add-snippet-repository-validation-bundle-import' into 'master' · 3f9a2a5d
  Mayra Cabrera authored Jun 29, 2020
```
Lack of validations importing snippet repository from bundle

Closes #159

See merge request gitlab-org/security/gitlab!608
```
  3f9a2a5d
- Merge branch 'private-profile-api' into 'master' · 65c1f1a4
  GitLab Release Tools Bot authored Jun 29, 2020
```
Do not show activity for users with private profiles

Closes #140

See merge request gitlab-org/security/gitlab!539
```
  65c1f1a4
- Merge branch 'security-215175-filter-merge-participants' into 'master' · d8f620be
  GitLab Release Tools Bot authored Jun 29, 2020
```
Check access when sending TODOs related to merge requests

Closes #177

See merge request gitlab-org/security/gitlab!667
```
  d8f620be
- Merge branch 'security-disable-caching-for-wiki-attachments' into 'master' · 757ee605
  GitLab Release Tools Bot authored Jun 29, 2020
```
Disable caching for wiki attachments

Closes #168

See merge request gitlab-org/security/gitlab!632
```
  757ee605
- Merge branch 'security-fix-malicious-comment-master' into 'master' · 06f424ef
  GitLab Release Tools Bot authored Jun 29, 2020
```
Fix null byte error in upload path

Closes #148

See merge request gitlab-org/security/gitlab!571
```
  06f424ef
- Merge branch 'security-xss-bitbucket-import' into 'master' · f1467663
  GitLab Release Tools Bot authored Jun 29, 2020
```
Resolve "Cross-Site Scripting In BitbucketServer Import"

Closes #69

See merge request gitlab-org/security/gitlab!243
```
  f1467663
- Merge branch 'security-user-name-html' into 'master' · 0e4e4b47
  GitLab Release Tools Bot authored Jun 29, 2020
```
Fix note author name rendering

Closes #173

See merge request gitlab-org/security/gitlab!651
```
  0e4e4b47
- Merge branch 'security-disable-github-import-api-by-seetings' into 'master' · 124f3a2c
  GitLab Release Tools Bot authored Jun 29, 2020
```
Disable github import api by seetings

Closes #143

See merge request gitlab-org/security/gitlab!556
```
  124f3a2c
- Merge branch 'security-212469-fix-deploy-token-api' into 'master' · 319ad4a9
  GitLab Release Tools Bot authored Jun 29, 2020
```
Fixed group deploy token API authorizations

Closes #172

See merge request gitlab-org/security/gitlab!644
```
  319ad4a9
- Merge branch 'security-dblessing-cookie-serializer' into 'master' · 7555007e
  GitLab Release Tools Bot authored Jun 29, 2020
```
Change from hybrid to JSON cookies serializer

Closes #171

See merge request gitlab-org/security/gitlab!641
```
  7555007e
- Change from hybrid to JSON cookies serializer · 65e6eb1b
  Drew Blessing authored Jun 29, 2020
```
JSON has been the default serializer since Rails 4.1. Hybrid
serializer was meant to allow backward compatibility when
upgrading pre-Rails 4.1. It's been some time since we upgraded
to Rails 4.1 so now we don't need the hybrid serializer anymore.
This also causes security concerns since the previous serializer
was Marshal.
```
  65e6eb1b
- Merge branch 'security-xss-error-tracking' into 'master' · 8603269d
  GitLab Release Tools Bot authored Jun 29, 2020
```
Stored XSS on the Error Tracking page

Closes #145

See merge request gitlab-org/security/gitlab!563
```
  8603269d
- Merge branch 'security-208685-fix-swagger-ui-xss' into 'master' · 23f17213
  GitLab Release Tools Bot authored Jun 29, 2020
```
Upgrade swagger-ui to solve XSS issues

Closes #170

See merge request gitlab-org/security/gitlab!577
```
  23f17213
- Merge branch 'security-dblessing-sanitize-group-names' into 'master' · bbedf26c
  GitLab Release Tools Bot authored Jun 29, 2020
```
Validate group names with Rails HTML sanitizer

Closes #149

See merge request gitlab-org/security/gitlab!572
```
  bbedf26c
- Merge branch 'security-150-xss-reference-redactor' into 'master' · 685dd0c5
  GitLab Release Tools Bot authored Jun 29, 2020
```
Fix XSS in Banzai's `#data_attributes_for`

Closes #150

See merge request gitlab-org/security/gitlab!576
```
  685dd0c5
- Merge branch 'security-update-xterm-128' into 'master' · e8b935e5
  GitLab Release Tools Bot authored Jun 29, 2020
```
Update xterm js dependency to latest stable 3.X version

Closes #128

See merge request gitlab-org/security/gitlab!501
```
  e8b935e5
- Update xterm js dependency to latest stable 3.X version · dbfdf8a6
  Jeremy Matos authored Jun 29, 2020
  
  dbfdf8a6
- Merge branch 'security-fix-time-tracking-permissions-api' into 'master' · 8ea90436
  GitLab Release Tools Bot authored Jun 29, 2020
```
Update permissions for time tracking endpoints

Closes #153

See merge request gitlab-org/security/gitlab!587
```
  8ea90436
- Merge branch 'security-kaminari-update' into 'master' · b759dd8d
  GitLab Release Tools Bot authored Jun 29, 2020
```
Update Kaminari gem

Closes #152

See merge request gitlab-org/security/gitlab!575
```
  b759dd8d
- Merge branch 'security-xss-issuables-list' into 'master' · eb4489b1
  GitLab Release Tools Bot authored Jun 29, 2020
```
Make sure user info is sanitized when rendered

Closes #151

See merge request gitlab-org/security/gitlab!579
```
  eb4489b1
- Make sure user info is sanitized when rendered · 3ad30f1f
  Scott Stern authored Jun 29, 2020
  
  3ad30f1f
- Merge branch 'security-fix_project_authorizations_for_security_dashboard' into 'master' · 6b70abb8
  GitLab Release Tools Bot authored Jun 29, 2020
```
Security fix project authorizations for security dashboard

Closes #144

See merge request gitlab-org/security/gitlab!561
```
  6b70abb8
- Security fix project authorizations for security dashboard · 59740023
  Mehmet Emin INAC authored Jun 29, 2020
  
  59740023
- Merge branch 'security-215640-pypi' into 'master' · 345ab151
  GitLab Release Tools Bot authored Jun 29, 2020
```
Fixes pypi XSS

Closes #141

See merge request gitlab-org/security/gitlab!555
```
  345ab151
- Merge branch 'jivanvl-remove-append-right-48' into 'master' · 48b6f793
  Martin Wortschack authored Jun 29, 2020
```
Remove append-right-48 utility class

See merge request gitlab-org/gitlab!35545
```
  48b6f793
- Merge branch 'mjang-doc-private-public-internal' into 'master' · 49ed7953
  Mike Jang authored Jun 29, 2020
```
Clarify use of private, public, internal groups

Closes #211811

See merge request gitlab-org/gitlab!35439
```
  49ed7953
- Clarify use of private, public, internal groups · 5d018325
  Mike Jang authored Jun 29, 2020
  
  5d018325
- Merge branch '217478-document-ldap-memberships-lock' into 'master' · f89c0326
  Mike Jang authored Jun 29, 2020
```
Improve docs related to LDAP membership lock

Closes #217478

See merge request gitlab-org/gitlab!35332
```
  f89c0326
- Merge branch 'fix-open-sse-on-subgroups' into 'master' · 31307c8b
  Igor Drozdov authored Jun 29, 2020
```
Static Site Editor can’t be opened in projects belonging to a subgroup

See merge request gitlab-org/gitlab!35378
```
  31307c8b
- Add subgroups support for Static Site Editor · b897ddcb
  Enrique Alcántara authored Jun 29, 2020
  
  b897ddcb
- Remove append-right-48 utility class · 3d0f2994
  Jose Vargas authored Jun 29, 2020
```
This removes the append-right-48
utility class, no replacements were needed
```
  3d0f2994
- Merge branch 'docs-spelling-1' into 'master' · 4aca628f
  Amy Qualls authored Jun 29, 2020
```
Fix spelling mistakes

See merge request gitlab-org/gitlab!35321
```
  4aca628f
- Merge branch 'fix-vsa-code-stage-query' into 'master' · 22b2258d
  Oswaldo Ferreira authored Jun 29, 2020
```
Fix VSA code stage query

See merge request gitlab-org/gitlab!35324
```
  22b2258d
- Merge branch '218038-update-docs' into 'master' · 7def0411
  Jose Ivan Vargas authored Jun 29, 2020
```
Update docs for group/instance-level security dash

See merge request gitlab-org/gitlab!35533
```
  7def0411