summaryrefslogtreecommitdiff
Commit message (Expand)AuthorAgeFilesLines
...
| * | | | | Fix HTML injection for label descriptionPatrick Derichs2019-08-065-3/+29
| |/ / / /
* | | | | Merge branch 'security-61974-limit-issue-comment-size-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-2614-19/+103
|\ \ \ \ \
| * | | | | Limit the size of issuable description and commentsAlexandru Croitor2019-08-2214-19/+103
| | |_|_|/ | |/| | |
* | | | | Merge branch 'security-mr-head-pipeline-leak-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-263-5/+39
|\ \ \ \ \
| * | | | | Permission fix for MergeRequestsController#pipeline_statusdrew cimino2019-08-123-5/+39
* | | | | | Merge branch 'security-katex-dos-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-264-23/+143
|\ \ \ \ \ \
| * | | | | | Enforce max chars and max render time in markdown mathMartin Hanzel2019-08-064-23/+143
| | |_|/ / / | |/| | | |
* | | | | | Merge branch 'security-ssrf-kubernetes-dns-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-265-18/+269
|\ \ \ \ \ \
| * | | | | | Override hostname when connecting via KubeclientThong Kuah2019-08-045-18/+269
| |/ / / / /
* | | | | | Merge branch 'security-2853-prevent-comments-on-private-mrs-12-0' into '12-0-...GitLab Release Tools Bot2019-08-266-75/+371
|\ \ \ \ \ \
| * | | | | | Prevent unauthorised comments on merge requestsAlex Kalderimis2019-08-076-75/+371
| |/ / / / /
* | | | | | Merge branch 'security-fix_jira_ssrf_vulnerability-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-264-1/+82
|\ \ \ \ \ \
| * | | | | | Fix DNS rebind vulnerability for JIRA integrationFelipe Artur2019-08-084-1/+82
| |/ / / / /
* | | | | | Merge branch 'security-id-filter-timeline-activities-for-guests-12-0' into '1...GitLab Release Tools Bot2019-08-262-1/+6
|\ \ \ \ \ \
| * | | | | | Add merge note type as cross referenceIgor Drozdov2019-08-212-1/+6
| | |_|/ / / | |/| | | |
* | | | | | Merge branch 'security-project-import-bypass-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-265-26/+244
|\ \ \ \ \ \
| * | | | | | Fix project import restricted visibility bypassGeorge Koltsov2019-08-155-26/+244
| | |_|/ / / | |/| | | |
* | | | | | Merge branch 'security-bvl-bump-gitaly-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-261-1/+1
|\ \ \ \ \ \
| * | | | | | Bump Gitaly version to 1.47.3Bob Van Landuyt2019-08-161-1/+1
| | |/ / / / | |/| | | |
* | | | | | Merge branch 'security-add-job-activity-limit-ce-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-265-2/+43
|\ \ \ \ \ \
| * | | | | | Add active_jobs_limit to plans tableFabio Pitino2019-08-215-2/+43
| |/ / / / /
* | | | | | Merge branch 'security-sarcila-fix-weak-session-management-12-0' into '12-0-s...GitLab Release Tools Bot2019-08-264-0/+71
|\ \ \ \ \ \
| * | | | | | Add User#will_save_change_to_login? to clear reset_password_tokensSebastian Arcila Valenzuela2019-08-214-0/+71
| |/ / / / /
* | | | | | Merge branch 'security-ci-metrics-permissions-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-263-8/+64
|\ \ \ \ \ \
| * | | | | | Restrict MergeRequests#test_reports to authenticated users with read-access o...drew cimino2019-08-223-8/+64
| | |/ / / / | |/| | | |
* | | | | | Merge branch 'security-personal-snippets-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-2612-10/+77
|\ \ \ \ \ \
| * | | | | | Add direct upload support for personal snippetsJan Provaznik2019-08-2312-10/+77
| | |/ / / / | |/| | | |
* | | | | | Merge branch 'security-group-runners-permissions-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-263-43/+173
|\ \ \ \ \ \
| * | | | | | admin_group authorization for Groups::RunnersControllerdrew cimino2019-08-223-43/+173
| |/ / / / /
* | | | | | Merge branch 'security-fix-markdown-xss-12-0' into '12-0-stable'GitLab Release Tools Bot2019-08-268-13/+76
|\ \ \ \ \ \ | |/ / / / / |/| | | | |
| * | | | | Re-escape whole HTML content instead of only matchJan Provaznik2019-08-238-13/+76
|/ / / / /
* | | | | Merge branch 'jts/12-0-changelog-update' into '12-0-stable'Marin Jankovski2019-08-161-4/+3
|\ \ \ \ \ | |/ / / / |/| | | |
| * | | | Updates changelog to reflect appropriate release versionsJohn T Skarbek2019-08-121-4/+3
|/ / / /
* | | | Update VERSION to 12.0.6v12.0.6GitLab Release Tools Bot2019-08-121-1/+1
* | | | Update CHANGELOG.md for 12.0.6GitLab Release Tools Bot2019-08-121-0/+4
* | | | Update VERSION to 12.0.5v12.0.5GitLab Release Tools Bot2019-08-091-1/+1
* | | | Update CHANGELOG.md for 12.0.5GitLab Release Tools Bot2019-08-093-10/+8
* | | | Merge branch 'pokstad1-12-0-stable-patch-69973' into '12-0-stable'John Skarbek2019-08-092-1/+6
|\ \ \ \
| * | | | Update Gitaly to v1.47.2 for security fixPaul Okstad2019-08-092-1/+6
|/ / / /
* | | | Merge branch 'security-12-0-pages-api-token-recovery' into '12-0-stable'John Skarbek2019-08-092-1/+6
|\ \ \ \ | |/ / / |/| | |
| * | | Upgrade pages version to 1.6.2Vladimir Shushlin2019-08-022-1/+6
|/ / /
* | | Merge branch 'fix-docs-lint-12-0' into '12-0-stable'John Jarvis2019-08-012-2/+2
|\ \ \ | |_|/ |/| |
| * | Fix broken internal links in docsfix-docs-lint-12-0Sean McGivern2019-08-012-2/+2
|/ /
* | Update VERSION to 12.0.4v12.0.4GitLab Release Tools Bot2019-07-251-1/+1
* | Update CHANGELOG.md for 12.0.4GitLab Release Tools Bot2019-07-2510-45/+15
* | Merge branch 'security-fix-badges-leaked-to-unauthorized-users-12-0' into '12...GitLab Release Tools Bot2019-07-243-31/+101
|\ \
| * | Don't display badges when builds are restrictedFabio Pitino2019-06-273-31/+101
* | | Merge branch 'security-github-ssrf-redirect-12-0' into '12-0-stable'GitLab Release Tools Bot2019-07-246-3/+100
|\ \ \
| * | | Do not allow localhost url redirection in GitHub Integrationmanojmj2019-07-096-3/+100
| | |/ | |/|
* | | Merge branch 'security-dns-ssrf-bypass-12-0' into '12-0-stable'GitLab Release Tools Bot2019-07-244-15/+51
|\ \ \