delta/gitlab/gitlab-ce.git/app/models/hooks, branch bootstrap-markdown-code-highlight gitlab.com: gitlab-org/gitlab-ce.git Add validation to webhook and service URLs to ensure they are not blocked because of SSRF 2018-06-01T11:43:53+00:00 Francisco Javier López fjlopez@gitlab.com 2018-06-01T11:43:53+00:00 840f80d48b7d8363f171f6137cd9f1fbafb52bfc 






Merge branch 'jej/mattermost-notification-confidentiality-10-6' into 'security-10-6'
2018-04-05T06:41:56+00:00

Douwe Maan
douwe@gitlab.com

2018-04-03T11:00:33+00:00

52967b107b7b2f1472b4c005f70f21346079cd95

[10.6] Prevent notes on confidential issues from being sent to chat

See merge request gitlab/gitlabhq!2366
# Conflicts:
#	app/helpers/services_helper.rb





[10.6] Prevent notes on confidential issues from being sent to chat

See merge request gitlab/gitlabhq!2366
# Conflicts:
#	app/helpers/services_helper.rb







Merge branch 'feature/merge-request-system-hook' into 'master'
2018-01-18T11:37:16+00:00

Douwe Maan
douwe@gitlab.com

2018-01-18T11:37:16+00:00

8e9c073a146f655cea2fd13f259bd68dc2c37259

System hooks for Merge Requests

See merge request gitlab-org/gitlab-ce!14387




System hooks for Merge Requests

See merge request gitlab-org/gitlab-ce!14387






no need for a named parameter
2018-01-17T08:55:00+00:00

Alexis Reigel
alexis.reigel.ext@siemens.com

2017-12-04T14:45:47+00:00

f99b0cc5853f10e07a8ed60caa40c07a4c677d6f












extract concern for hook triggers
2018-01-17T08:55:00+00:00

Alexis Reigel
alexis.reigel.ext@siemens.com

2017-12-04T10:18:54+00:00

ac92d70d9025e1c90bffa99c08bfc4cdb2fc36c9












Merge branch '41293-fix-command-injection-vulnerability-on-system_hook_push-queue-through-web-hook' into 'security-10-3'
2018-01-17T01:04:51+00:00

Robert Speicher
robert@gitlab.com

2018-01-05T21:36:18+00:00

791ca43f3f8f12451ee1e70efc90f5d82347af93

Don't allow line breaks on HTTP headers

See merge request gitlab/gitlabhq!2277

(cherry picked from commit 7fc0a6fc096768a5604d6dd24d7d952e53300c82)

073b8f9c Don't allow line breaks on HTTP headers





Don't allow line breaks on HTTP headers

See merge request gitlab/gitlabhq!2277

(cherry picked from commit 7fc0a6fc096768a5604d6dd24d7d952e53300c82)

073b8f9c Don't allow line breaks on HTTP headers







execute system hooks from project
2018-01-04T08:33:41+00:00

Alexis Reigel
mail@koffeinfrei.org

2017-09-13T15:17:34+00:00

9f7811e474a3f3f54f4624d19ec982239518ed67












Wrong data type when testing webhooks
2017-07-20T15:12:06+00:00

Alexander Randa
randa.alex@gmail.com

2017-07-20T15:12:06+00:00

e0ab5618a0998175df9f90c95ebd35d7afa01db7












Rename ActiverecordSerialize cop
2017-07-06T10:01:36+00:00

Yorick Peterse
yorickpeterse@gmail.com

2017-07-03T14:01:41+00:00

e1a3bf30b6ea04f2c658729f65a0eb09847dd341

This cop has been renamed to ActiveRecordSerialize to match the way
"ActiveRecord" is usually written.





This cop has been renamed to ActiveRecordSerialize to match the way
"ActiveRecord" is usually written.







Added Cop to blacklist the use of `dependent:`
2017-07-06T10:01:36+00:00

Yorick Peterse
yorickpeterse@gmail.com

2017-06-08T15:16:27+00:00

8fbbf41e29f5e0f56b7eb9d37aadba856b68bcce

This is allowed for existing instances so we don't end up 76 offenses
right away, but for new code one should _only_ use this if they _have_
to remove non database data. Even then it's usually better to do this in
a service class as this gives you more control over how to remove the
data (e.g. in bulk).





This is allowed for existing instances so we don't end up 76 offenses
right away, but for new code one should _only_ use this if they _have_
to remove non database data. Even then it's usually better to do this in
a service class as this gives you more control over how to remove the
data (e.g. in bulk).