summaryrefslogtreecommitdiff
Commit message (Expand)AuthorAgeFilesLines
* Update VERSION to 11.6.11v11.6.1111-6-stableGitLab Release Tools Bot2019-04-231-1/+1
* Update CHANGELOG.md for 11.6.11GitLab Release Tools Bot2019-04-2310-45/+24
* Merge branch '11-6-rugged-stable-backport' into '11-6-stable'Marin Jankovski2019-04-2330-25/+775
|\
| * Merge branch 'sh-backport-list-commits-by-oid-rugged' into 'master'11-6-rugged-stable-backportDouwe Maan2019-04-215-2/+64
| * Merge branch 'sh-fix-rugged-tree-entries' into 'master'Sean McGivern2019-04-213-9/+18
| * Merge branch 'sh-rugged-commit-tree-entry' into 'master'Douwe Maan2019-04-215-2/+50
| * Merge branch 'sh-rugged-tree-entries' into 'master'Sean McGivern2019-04-216-15/+191
| * Merge branch 'sh-rugged-get-tree-entry' into 'master'Sean McGivern2019-04-214-1/+132
| * Merge branch 'sh-rugged-commit-is-ancestor' into 'master'Douwe Maan2019-04-214-3/+47
| * Merge branch 'sh-rugged-find-commit' into 'master'Sean McGivern2019-04-2115-6/+286
|/
* Merge branch 'security-2819-xss-resolve-conflicts-branch-name-11-6' into '11-...11-6-stable-patch-11GitLab Release Tools Bot2019-03-263-1/+21
|\
| * Fix XSS in resolve conflicts formPaul Slaughter2019-03-043-1/+21
|/
* Merge branch 'security-shared-project-private-group-11-6' into '11-6-stable'Yorick Peterse2019-03-044-11/+67
|\
| * Remove whitespaceMałgorzata Ksionek2019-02-281-1/+0
| * Secure vulerability and add specsMałgorzata Ksionek2019-02-285-11/+68
|/
* Update VERSION to 11.6.10v11.6.10GitLab Release Tools Bot2019-02-281-1/+1
* Update CHANGELOG.md for 11.6.10GitLab Release Tools Bot2019-02-2822-107/+27
* Merge branch '11-6-security-2774-milestones-detail' into '11-6-stable'Robert Speicher2019-02-274-4/+112
|\
| * Display only informaton visible to current userJarka Košanová2019-02-274-4/+112
|/
* Merge branch 'security-id-fix-mr-visibility-11-6' into '11-6-stable'Yorick Peterse2019-02-277-213/+335
|\
| * Display the correct number of MRs a user has access toIgor Drozdov2019-02-277-213/+335
|/
* Merge branch 'security-2818_filter_impersonated_sessions-11-6' into '11-6-sta...Yorick Peterse2019-02-278-52/+38
|\
| * Remove ability to revoke active sessionImre Farkas2019-02-276-49/+7
| * Filter active sessions belonging to an admin impersonating the userImre Farkas2019-02-274-4/+32
* | Merge branch 'security-id-restricted-access-to-private-repo-11-6' into '11-6-...Yorick Peterse2019-02-275-60/+137
|\ \
| * | Forbid creating discussions for users with restricted accessIgor Drozdov2019-02-075-60/+137
| |/
* | Merge branch '11-6-security-2773-milestones-fix' into '11-6-stable'Yorick Peterse2019-02-2719-72/+186
|\ \
| * | Check issue milestone availabilityJarka Košanová2019-02-1319-72/+186
| |/
* | Merge branch 'security-2798-fix-boards-policy-11-6' into '11-6-stable'Yorick Peterse2019-02-273-8/+19
|\ \
| * | Disable board policies when issues are disabledHeinrich Lee Yu2019-02-143-8/+19
| |/
* | Merge branch '11-6-security-2797-milestone-mrs' into '11-6-stable'Yorick Peterse2019-02-277-4/+72
|\ \
| * | Show only MRs visible to user on milestone detailJarka Košanová2019-02-197-4/+72
| |/
* | Merge branch 'security-commit-private-related-mr-11-6' into '11-6-stable'Yorick Peterse2019-02-276-6/+65
|\ \
| * | Don't allow non-members to see private related MRsPatrick Bajao2019-02-156-6/+65
| |/
* | Merge branch 'security-kubernetes-google-login-csrf-11-6' into '11-6-stable'Yorick Peterse2019-02-273-30/+67
|\ \
| * | Validate session key when authorizing with GCP to create a clusterTiger2019-02-193-30/+67
| |/
* | Merge branch 'security-50334-11-6' into '11-6-stable'Yorick Peterse2019-02-275-66/+82
|\ \
| * | Fix git clone revealing private repo's presenceMark Chao2019-02-195-66/+82
| |/
* | Merge branch 'security-56348-11-6' into '11-6-stable'Yorick Peterse2019-02-275-2/+60
|\ \
| * | Check snippet attached file to be moved is within designated directoryMark Chao2019-02-215-2/+60
| |/
* | Merge branch 'security-55468-check-validity-before-querying-11-6' into '11-6-...Yorick Peterse2019-02-273-19/+53
|\ \
| * | Check validity of prometheus_service before queryReuben Pereira2019-02-273-19/+53
|/ /
* | Merge branch 'security-protect-private-repo-information-11-6' into '11-6-stable'Yorick Peterse2019-02-276-22/+85
|\ \
| * | Fix backported test for Rails 4Luke Duncalfe2019-02-211-2/+2
| * | Add changelog entryLuke Duncalfe2019-02-211-0/+5
| * | Removing sensitive properties from ProjectTypeLuke Duncalfe2019-02-201-2/+0
| * | Prevent leaking of private repo data through APILuke Duncalfe2019-02-204-20/+80
| |/
* | Merge branch 'security-fj-diff-import-file-read-fix-11-6' into '11-6-stable'Yorick Peterse2019-02-2710-4/+103
|\ \
| * | Arbitrary file read via MergeRequestDiffFrancisco Javier López2019-02-2710-4/+103
|/ /
* | Merge branch '11-6-security-2799-emails' into '11-6-stable'Yorick Peterse2019-02-275-17/+60
|\ \