<feed xmlns='http://www.w3.org/2005/Atom'>
<title>delta/gitlab/gitlab-ce.git/spec/lib/banzai, branch winh-notes-service-toggleResolveNote</title>
<subtitle>gitlab.com: gitlab-org/gitlab-ce.git
</subtitle>
<link rel='alternate' type='text/html' href='http://git.baserock.org/cgit/delta/gitlab/gitlab-ce.git/'/>
<entry>
<title>Merge branch 'security-DOS_issue_comments_banzai' into 'master'</title>
<updated>2019-07-02T06:22:45+00:00</updated>
<author>
<name>Marin Jankovski</name>
<email>marin@gitlab.com</email>
</author>
<published>2019-07-02T06:22:45+00:00</published>
<link rel='alternate' type='text/html' href='http://git.baserock.org/cgit/delta/gitlab/gitlab-ce.git/commit/?id=23dedd53a73a01429c0a5c99414548694f1fab0b'/>
<id>23dedd53a73a01429c0a5c99414548694f1fab0b</id>
<content type='text'>
Fix DOS when rendering issue/MR comments

See merge request gitlab/gitlabhq!3152</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Fix DOS when rendering issue/MR comments

See merge request gitlab/gitlabhq!3152</pre>
</div>
</content>
</entry>
<entry>
<title>Do not rewrite relative links for system notes</title>
<updated>2019-06-20T16:15:59+00:00</updated>
<author>
<name>Mario de la Ossa</name>
<email>mariodelaossa@gmail.com</email>
</author>
<published>2019-06-19T01:28:18+00:00</published>
<link rel='alternate' type='text/html' href='http://git.baserock.org/cgit/delta/gitlab/gitlab-ce.git/commit/?id=35a39c1d3476f0398a2846772e075b9a003bd623'/>
<id>35a39c1d3476f0398a2846772e075b9a003bd623</id>
<content type='text'>
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
</pre>
</div>
</content>
</entry>
<entry>
<title>Fix DOS when rendering issue/MR comments</title>
<updated>2019-06-14T01:38:21+00:00</updated>
<author>
<name>Mario de la Ossa</name>
<email>mariodelaossa@gmail.com</email>
</author>
<published>2019-06-12T04:14:40+00:00</published>
<link rel='alternate' type='text/html' href='http://git.baserock.org/cgit/delta/gitlab/gitlab-ce.git/commit/?id=ef5fdd3f3c7e46c9c051af094e5472fbe5f0af22'/>
<id>ef5fdd3f3c7e46c9c051af094e5472fbe5f0af22</id>
<content type='text'>
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
</pre>
</div>
</content>
</entry>
<entry>
<title>Allow emoji in label and milestone references</title>
<updated>2019-06-07T09:05:57+00:00</updated>
<author>
<name>Sean McGivern</name>
<email>sean@gitlab.com</email>
</author>
<published>2019-06-06T16:49:08+00:00</published>
<link rel='alternate' type='text/html' href='http://git.baserock.org/cgit/delta/gitlab/gitlab-ce.git/commit/?id=1617aa27562c6c92c981cadf13f0fb999558e1cc'/>
<id>1617aa27562c6c92c981cadf13f0fb999558e1cc</id>
<content type='text'>
If we put the emoji filter before the reference filters, each emoji will
have a wrapper element that prevents the reference filter from detecting
the presence of the emoji.

As the emoji filter now runs after the reference filters, references
must contain a literal emoji, not the GitLab Flavored Markdown
versions (:100`, for example).

A weird side-effect is that if you have a label with the 100 emoji, and
a label named :100:, then trying to reference the latter will work (link
to the correct label), but will render with the 100 emoji. I'm
comfortable with that edge case, I think.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
If we put the emoji filter before the reference filters, each emoji will
have a wrapper element that prevents the reference filter from detecting
the presence of the emoji.

As the emoji filter now runs after the reference filters, references
must contain a literal emoji, not the GitLab Flavored Markdown
versions (:100`, for example).

A weird side-effect is that if you have a label with the 100 emoji, and
a label named :100:, then trying to reference the latter will work (link
to the correct label), but will render with the 100 emoji. I'm
comfortable with that edge case, I think.
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge branch 'fix/allow-lower-case-issue-ids' into 'master'</title>
<updated>2019-06-06T14:40:07+00:00</updated>
<author>
<name>Sean McGivern</name>
<email>sean@gitlab.com</email>
</author>
<published>2019-06-06T14:40:07+00:00</published>
<link rel='alternate' type='text/html' href='http://git.baserock.org/cgit/delta/gitlab/gitlab-ce.git/commit/?id=c50eed5400d97c9f566b25f76eb8d0057f910a11'/>
<id>c50eed5400d97c9f566b25f76eb8d0057f910a11</id>
<content type='text'>
Allow lowercase prefix for Youtrack issue ids

Closes #62661

See merge request gitlab-org/gitlab-ce!29057</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Allow lowercase prefix for Youtrack issue ids

Closes #62661

See merge request gitlab-org/gitlab-ce!29057</pre>
</div>
</content>
</entry>
<entry>
<title>Use Redis for CacheMarkDownField on non AR models</title>
<updated>2019-06-05T05:19:59+00:00</updated>
<author>
<name>Patrick Bajao</name>
<email>ebajao@gitlab.com</email>
</author>
<published>2019-06-05T04:59:48+00:00</published>
<link rel='alternate' type='text/html' href='http://git.baserock.org/cgit/delta/gitlab/gitlab-ce.git/commit/?id=2eecfd8f9d111c6518930b818a16daea8263b37f'/>
<id>2eecfd8f9d111c6518930b818a16daea8263b37f</id>
<content type='text'>
This allows using `CacheMarkdownField` for models that are not backed
by ActiveRecord.

When the including class inherits `ActiveRecord::Base` we include
`Gitlab::MarkdownCache::ActiveRecord::Extension`. This will cause the
markdown fields to be rendered and the generated HTML stored in a
`&lt;field&gt;_html` attribute on the record. We also store the version
used for generating the markdown.

All other classes that include this model will include the
`Gitlab::MarkdownCache::Redis::Extension`. This add the `&lt;field&gt;_html`
attributes to that model and will generate the html in them. The
generated HTML will be cached in redis under the key
`markdown_cache:&lt;class&gt;:&lt;id&gt;`. The class this included in must
therefore respond to `id`.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This allows using `CacheMarkdownField` for models that are not backed
by ActiveRecord.

When the including class inherits `ActiveRecord::Base` we include
`Gitlab::MarkdownCache::ActiveRecord::Extension`. This will cause the
markdown fields to be rendered and the generated HTML stored in a
`&lt;field&gt;_html` attribute on the record. We also store the version
used for generating the markdown.

All other classes that include this model will include the
`Gitlab::MarkdownCache::Redis::Extension`. This add the `&lt;field&gt;_html`
attributes to that model and will generate the html in them. The
generated HTML will be cached in redis under the key
`markdown_cache:&lt;class&gt;:&lt;id&gt;`. The class this included in must
therefore respond to `id`.
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge branch 'security-60143-address-xss-issue-master' into 'master'</title>
<updated>2019-06-03T17:01:25+00:00</updated>
<author>
<name>Robert Speicher</name>
<email>rspeicher@gmail.com</email>
</author>
<published>2019-06-03T17:01:25+00:00</published>
<link rel='alternate' type='text/html' href='http://git.baserock.org/cgit/delta/gitlab/gitlab-ce.git/commit/?id=5906fb2e45f352b8fc02f0e98a6148d0c0b2db59'/>
<id>5906fb2e45f352b8fc02f0e98a6148d0c0b2db59</id>
<content type='text'>
Reject slug+uri concat if slug is deemed unsafe

See merge request gitlab/gitlabhq!3108</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Reject slug+uri concat if slug is deemed unsafe

See merge request gitlab/gitlabhq!3108</pre>
</div>
</content>
</entry>
<entry>
<title>Allow lowercase prefix for Youtrack issue ids</title>
<updated>2019-06-03T14:05:20+00:00</updated>
<author>
<name>Matthias Baur</name>
<email>m.baur@syseleven.de</email>
</author>
<published>2019-06-03T12:52:54+00:00</published>
<link rel='alternate' type='text/html' href='http://git.baserock.org/cgit/delta/gitlab/gitlab-ce.git/commit/?id=e8683efea5aaed0c8c4b6efc75395372a3a3662b'/>
<id>e8683efea5aaed0c8c4b6efc75395372a3a3662b</id>
<content type='text'>
Relates to #42595.
Fixes #62661.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Relates to #42595.
Fixes #62661.
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge branch 'security-fix-project-existence-disclosure-master' into 'master'</title>
<updated>2019-06-03T12:33:57+00:00</updated>
<author>
<name>GitLab Release Tools Bot</name>
<email>robert+release-tools@gitlab.com</email>
</author>
<published>2019-06-03T12:33:57+00:00</published>
<link rel='alternate' type='text/html' href='http://git.baserock.org/cgit/delta/gitlab/gitlab-ce.git/commit/?id=c45c64ce298fab6eca6c54142ab5844a4b2c5c63'/>
<id>c45c64ce298fab6eca6c54142ab5844a4b2c5c63</id>
<content type='text'>
Fix url redaction for issue links

See merge request gitlab/gitlabhq!3091</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Fix url redaction for issue links

See merge request gitlab/gitlabhq!3091</pre>
</div>
</content>
</entry>
<entry>
<title>Reject slug+uri concat if slug is deemed unsafe</title>
<updated>2019-05-24T19:33:24+00:00</updated>
<author>
<name>Kerri Miller</name>
<email>kerrizor@kerrizor.com</email>
</author>
<published>2019-05-20T20:24:22+00:00</published>
<link rel='alternate' type='text/html' href='http://git.baserock.org/cgit/delta/gitlab/gitlab-ce.git/commit/?id=a76fdcb7a30c6244ffb11a2e672e16d1e5b413b2'/>
<id>a76fdcb7a30c6244ffb11a2e672e16d1e5b413b2</id>
<content type='text'>
First reported:
  https://gitlab.com/gitlab-org/gitlab-ce/issues/60143

When the page slug is "javascript:" and we attempt to link to a relative
path (using `.` or `..`) the code will concatenate the slug and the uri.
This MR adds a guard to that concat step that will return `nil` if the
incoming slug matches against any of the "unsafe" slug regexes;
currently this is only for the slug "javascript:" but can be extended if
needed. Manually tested against a non-exhaustive list from OWASP of
common javascript XSS exploits that have to to with mangling the
"javascript:" method, and all are caught by this change or by existing
code that ingests the user-specified slug.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
First reported:
  https://gitlab.com/gitlab-org/gitlab-ce/issues/60143

When the page slug is "javascript:" and we attempt to link to a relative
path (using `.` or `..`) the code will concatenate the slug and the uri.
This MR adds a guard to that concat step that will return `nil` if the
incoming slug matches against any of the "unsafe" slug regexes;
currently this is only for the slug "javascript:" but can be extended if
needed. Manually tested against a non-exhaustive list from OWASP of
common javascript XSS exploits that have to to with mangling the
"javascript:" method, and all are caught by this change or by existing
code that ingests the user-specified slug.
</pre>
</div>
</content>
</entry>
</feed>
