Commit message (Expand) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
| * | | | | | Fix HTML injection for label description | Patrick Derichs | 2019-08-06 | 5 | -3/+29 | |
| |/ / / / | ||||||
* | | | | | Merge branch 'security-61974-limit-issue-comment-size-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 14 | -19/+103 | |
|\ \ \ \ \ | ||||||
| * | | | | | Limit the size of issuable description and comments | Alexandru Croitor | 2019-08-22 | 14 | -19/+103 | |
| | |_|_|/ | |/| | | | ||||||
* | | | | | Merge branch 'security-mr-head-pipeline-leak-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 3 | -5/+39 | |
|\ \ \ \ \ | ||||||
| * | | | | | Permission fix for MergeRequestsController#pipeline_status | drew cimino | 2019-08-12 | 3 | -5/+39 | |
* | | | | | | Merge branch 'security-katex-dos-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 4 | -23/+143 | |
|\ \ \ \ \ \ | ||||||
| * | | | | | | Enforce max chars and max render time in markdown math | Martin Hanzel | 2019-08-06 | 4 | -23/+143 | |
| | |_|/ / / | |/| | | | | ||||||
* | | | | | | Merge branch 'security-ssrf-kubernetes-dns-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 5 | -18/+269 | |
|\ \ \ \ \ \ | ||||||
| * | | | | | | Override hostname when connecting via Kubeclient | Thong Kuah | 2019-08-04 | 5 | -18/+269 | |
| |/ / / / / | ||||||
* | | | | | | Merge branch 'security-2853-prevent-comments-on-private-mrs-12-0' into '12-0-... | GitLab Release Tools Bot | 2019-08-26 | 6 | -75/+371 | |
|\ \ \ \ \ \ | ||||||
| * | | | | | | Prevent unauthorised comments on merge requests | Alex Kalderimis | 2019-08-07 | 6 | -75/+371 | |
| |/ / / / / | ||||||
* | | | | | | Merge branch 'security-fix_jira_ssrf_vulnerability-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 4 | -1/+82 | |
|\ \ \ \ \ \ | ||||||
| * | | | | | | Fix DNS rebind vulnerability for JIRA integration | Felipe Artur | 2019-08-08 | 4 | -1/+82 | |
| |/ / / / / | ||||||
* | | | | | | Merge branch 'security-id-filter-timeline-activities-for-guests-12-0' into '1... | GitLab Release Tools Bot | 2019-08-26 | 2 | -1/+6 | |
|\ \ \ \ \ \ | ||||||
| * | | | | | | Add merge note type as cross reference | Igor Drozdov | 2019-08-21 | 2 | -1/+6 | |
| | |_|/ / / | |/| | | | | ||||||
* | | | | | | Merge branch 'security-project-import-bypass-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 5 | -26/+244 | |
|\ \ \ \ \ \ | ||||||
| * | | | | | | Fix project import restricted visibility bypass | George Koltsov | 2019-08-15 | 5 | -26/+244 | |
| | |_|/ / / | |/| | | | | ||||||
* | | | | | | Merge branch 'security-bvl-bump-gitaly-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 1 | -1/+1 | |
|\ \ \ \ \ \ | ||||||
| * | | | | | | Bump Gitaly version to 1.47.3 | Bob Van Landuyt | 2019-08-16 | 1 | -1/+1 | |
| | |/ / / / | |/| | | | | ||||||
* | | | | | | Merge branch 'security-add-job-activity-limit-ce-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 5 | -2/+43 | |
|\ \ \ \ \ \ | ||||||
| * | | | | | | Add active_jobs_limit to plans table | Fabio Pitino | 2019-08-21 | 5 | -2/+43 | |
| |/ / / / / | ||||||
* | | | | | | Merge branch 'security-sarcila-fix-weak-session-management-12-0' into '12-0-s... | GitLab Release Tools Bot | 2019-08-26 | 4 | -0/+71 | |
|\ \ \ \ \ \ | ||||||
| * | | | | | | Add User#will_save_change_to_login? to clear reset_password_tokens | Sebastian Arcila Valenzuela | 2019-08-21 | 4 | -0/+71 | |
| |/ / / / / | ||||||
* | | | | | | Merge branch 'security-ci-metrics-permissions-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 3 | -8/+64 | |
|\ \ \ \ \ \ | ||||||
| * | | | | | | Restrict MergeRequests#test_reports to authenticated users with read-access o... | drew cimino | 2019-08-22 | 3 | -8/+64 | |
| | |/ / / / | |/| | | | | ||||||
* | | | | | | Merge branch 'security-personal-snippets-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 12 | -10/+77 | |
|\ \ \ \ \ \ | ||||||
| * | | | | | | Add direct upload support for personal snippets | Jan Provaznik | 2019-08-23 | 12 | -10/+77 | |
| | |/ / / / | |/| | | | | ||||||
* | | | | | | Merge branch 'security-group-runners-permissions-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 3 | -43/+173 | |
|\ \ \ \ \ \ | ||||||
| * | | | | | | admin_group authorization for Groups::RunnersController | drew cimino | 2019-08-22 | 3 | -43/+173 | |
| |/ / / / / | ||||||
* | | | | | | Merge branch 'security-fix-markdown-xss-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-08-26 | 8 | -13/+76 | |
|\ \ \ \ \ \ | |/ / / / / |/| | | | | | ||||||
| * | | | | | Re-escape whole HTML content instead of only match | Jan Provaznik | 2019-08-23 | 8 | -13/+76 | |
|/ / / / / | ||||||
* | | | | | Merge branch 'jts/12-0-changelog-update' into '12-0-stable' | Marin Jankovski | 2019-08-16 | 1 | -4/+3 | |
|\ \ \ \ \ | |/ / / / |/| | | | | ||||||
| * | | | | Updates changelog to reflect appropriate release versions | John T Skarbek | 2019-08-12 | 1 | -4/+3 | |
|/ / / / | ||||||
* | | | | Update VERSION to 12.0.6v12.0.6 | GitLab Release Tools Bot | 2019-08-12 | 1 | -1/+1 | |
* | | | | Update CHANGELOG.md for 12.0.6 | GitLab Release Tools Bot | 2019-08-12 | 1 | -0/+4 | |
* | | | | Update VERSION to 12.0.5v12.0.5 | GitLab Release Tools Bot | 2019-08-09 | 1 | -1/+1 | |
* | | | | Update CHANGELOG.md for 12.0.5 | GitLab Release Tools Bot | 2019-08-09 | 3 | -10/+8 | |
* | | | | Merge branch 'pokstad1-12-0-stable-patch-69973' into '12-0-stable' | John Skarbek | 2019-08-09 | 2 | -1/+6 | |
|\ \ \ \ | ||||||
| * | | | | Update Gitaly to v1.47.2 for security fix | Paul Okstad | 2019-08-09 | 2 | -1/+6 | |
|/ / / / | ||||||
* | | | | Merge branch 'security-12-0-pages-api-token-recovery' into '12-0-stable' | John Skarbek | 2019-08-09 | 2 | -1/+6 | |
|\ \ \ \ | |/ / / |/| | | | ||||||
| * | | | Upgrade pages version to 1.6.2 | Vladimir Shushlin | 2019-08-02 | 2 | -1/+6 | |
|/ / / | ||||||
* | | | Merge branch 'fix-docs-lint-12-0' into '12-0-stable' | John Jarvis | 2019-08-01 | 2 | -2/+2 | |
|\ \ \ | |_|/ |/| | | ||||||
| * | | Fix broken internal links in docsfix-docs-lint-12-0 | Sean McGivern | 2019-08-01 | 2 | -2/+2 | |
|/ / | ||||||
* | | Update VERSION to 12.0.4v12.0.4 | GitLab Release Tools Bot | 2019-07-25 | 1 | -1/+1 | |
* | | Update CHANGELOG.md for 12.0.4 | GitLab Release Tools Bot | 2019-07-25 | 10 | -45/+15 | |
* | | Merge branch 'security-fix-badges-leaked-to-unauthorized-users-12-0' into '12... | GitLab Release Tools Bot | 2019-07-24 | 3 | -31/+101 | |
|\ \ | ||||||
| * | | Don't display badges when builds are restricted | Fabio Pitino | 2019-06-27 | 3 | -31/+101 | |
* | | | Merge branch 'security-github-ssrf-redirect-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-07-24 | 6 | -3/+100 | |
|\ \ \ | ||||||
| * | | | Do not allow localhost url redirection in GitHub Integration | manojmj | 2019-07-09 | 6 | -3/+100 | |
| | |/ | |/| | ||||||
* | | | Merge branch 'security-dns-ssrf-bypass-12-0' into '12-0-stable' | GitLab Release Tools Bot | 2019-07-24 | 4 | -15/+51 | |
|\ \ \ |