summaryrefslogtreecommitdiff
path: root/spec
Commit message (Expand)AuthorAgeFilesLines
...
| | * | | | | | | | Merge branch 'fix/security-group-user-removal' into 'master'Yorick Peterse2019-01-253-7/+59
| | |\ \ \ \ \ \ \ \
| | | * | | | | | | | Add subresources removal to member destroy serviceJames Lopez2019-01-253-7/+59
| | * | | | | | | | | Merge branch 'security-import-path-logging' into 'master'Yorick Peterse2019-01-254-3/+51
| | |\ \ \ \ \ \ \ \ \
| | | * | | | | | | | | Fix path disclosure on Project ImportJames Lopez2019-01-074-3/+51
| | * | | | | | | | | | Merge branch 'security-guests-can-see-list-of-merge-requests' into 'master'Yorick Peterse2019-01-253-9/+110
| | |\ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | Group Guests are no longer able to see merge requestsTiago Botelho2019-01-213-9/+110
| | * | | | | | | | | | | Merge branch 'security-import-project-visibility' into 'master'Yorick Peterse2019-01-252-1/+146
| | |\ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | Fix tree restorer visibility levelJames Lopez2019-01-242-1/+146
| | * | | | | | | | | | | | Merge branch 'security-contributed-projects' into 'master'Yorick Peterse2019-01-252-0/+44
| | |\ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | Fix contributed projects finder shown private infoJames Lopez2019-01-082-0/+44
| | * | | | | | | | | | | | | Merge branch 'security-do-not-process-mr-ref-for-guests' into 'master'Yorick Peterse2019-01-251-1/+11
| | |\ \ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | | Don't process MR refs for guests in the notesOswaldo Ferreira2019-01-101-1/+11
| | * | | | | | | | | | | | | | Merge branch 'security-22076-sanitize-url-in-names' into 'master'Yorick Peterse2019-01-252-3/+19
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | | | Use `sanitize_name` to sanitize URL in user full nameKushal Pandya2019-01-221-3/+5
| | | * | | | | | | | | | | | | | Add `sanitize_name` helper to sanitize URLs in user full nameKushal Pandya2019-01-221-0/+14
| | * | | | | | | | | | | | | | | Merge branch 'sh-fix-import-redirect-vulnerability' into 'master'Yorick Peterse2019-01-252-3/+16
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | | | | Alias GitHub and BitBucket OAuth2 callback URLsStan Hu2019-01-222-3/+16
| | * | | | | | | | | | | | | | | | [master] Check access rights when creating/updating ProtectedRefsFrancisco Javier López2019-01-251-15/+8
| | * | | | | | | | | | | | | | | | Merge branch 'security-55320-stored-xss-in-user-status' into 'master'Tim Zallmann2019-01-251-3/+3
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | | | |_|_|_|_|_|_|_|/ / / / / / / / | | |/| | | | | | | | | | | | | | |
| | | * | | | | | | | | | | | | | | Use sanitized user status message for user popoverDennis Tang2019-01-231-3/+3
| | | |/ / / / / / / / / / / / / /
| | * | | | | | | | | | | | | | | Merge branch 'security-2767-verify-lfs-finalize-from-workhorse' into 'master'Yorick Peterse2019-01-241-5/+18
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | | | | Verify that LFS upload requests are genuineNick Thomas2019-01-221-5/+18
| | | |/ / / / / / / / / / / / / /
| | * | | | | | | | | | | | | | | Merge branch 'security-project-move-users' into 'master'Yorick Peterse2019-01-242-6/+38
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | | | | Sent notification only to authorized usersJan Provaznik2019-01-232-6/+38
| | | |/ / / / / / / / / / / / / /
| | * | | | | | | | | | | | | | | Merge branch 'security-fix-user-email-tag-push-leak' into 'master'Yorick Peterse2019-01-241-2/+2
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | | | | Fix private user email being visible in tag webhooksLuke Duncalfe2019-01-181-2/+2
| | | * | | | | | | | | | | | | | | Prefer build() rather than create()Luke Duncalfe2019-01-151-1/+1
| | | | |/ / / / / / / / / / / / / | | | |/| | | | | | | | | | | | |
| | * | | | | | | | | | | | | | | [master] Resolve "[Security] Stored XSS via KaTeX"Constance Okoghenun2019-01-241-1/+17
| | * | | | | | | | | | | | | | | Merge branch 'extract-pages-with-rubyzip' into 'master'Yorick Peterse2019-01-2410-9/+356
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | | | | Extract GitLab Pages using RubyZipKamil Trzciński2019-01-2210-9/+356
| | * | | | | | | | | | | | | | | | Merge branch 'security-commit-status-shown-for-guest-user' into 'master'Yorick Peterse2019-01-241-0/+21
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | | | | | Stop showing ci for guest usersSteve Azzopardi2019-01-231-0/+21
| | | | |_|_|_|_|/ / / / / / / / / / | | | |/| | | | | | | | | | | | | |
| | * | | | | | | | | | | | | | | | Merge branch 'security-fix-lfs-import-project-ssrf-forgery' into 'master'Yorick Peterse2019-01-246-53/+240
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | | | | | Added validations to prevent LFS object forgeryFrancisco Javier López2019-01-216-53/+240
| | | | |_|_|_|_|/ / / / / / / / / / | | | |/| | | | | | | | | | | | | |
| | * | | | | | | | | | | | | | | | Merge branch 'security-pipeline-trigger-tokens-exposure' into 'master'Yorick Peterse2019-01-242-5/+60
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | | | | | Fix subject in trigger presenter testsGrzegorz Bizon2019-01-151-1/+1
| | | * | | | | | | | | | | | | | | | Add some specs for trigger presenterGrzegorz Bizon2019-01-151-0/+51
| | | * | | | | | | | | | | | | | | | Do not expose trigger token when user should not see itGrzegorz Bizon2019-01-151-5/+9
| | | | |_|_|/ / / / / / / / / / / / | | | |/| | | | | | | | | | | | | |
| | * | | | | | | | | | | | | | | | Merge branch 'security-fix-regex-dos' into 'master'Yorick Peterse2019-01-241-0/+6
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | | | | | Fix slow project reference pattern regexHeinrich Lee Yu2019-01-111-0/+6
| | | | |_|_|_|_|/ / / / / / / / / / | | | |/| | | | | | | | | | | | | |
| | * | | | | | | | | | | | | | | | Merge branch 'security-fix-wiki-access-rights-with-external-wiki-enabled' int...Yorick Peterse2019-01-245-28/+92
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | | | | | Fixed bug when external wiki is enabledFrancisco Javier López2019-01-185-28/+92
| | | | |_|/ / / / / / / / / / / / / | | | |/| | | | | | | | | | | | | |
| | * | | | | | | | | | | | | | | | Merge branch 'security-2769-idn-homograph-attack' into 'master'Yorick Peterse2019-01-244-0/+133
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | | | | | Show tooltip for malicious looking linksBrett Walker2019-01-214-0/+133
| | | | |_|_|_|_|_|/ / / / / / / / / | | | |/| | | | | | | | | | | | | |
| | * | | | | | | | | | | | | | | | Merge branch 'security-fix-new-issues-login-message' into 'master'Yorick Peterse2019-01-241-1/+1
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | | | | | Use common error for unauthenticated usersHeinrich Lee Yu2019-01-141-1/+1
| | | | |_|_|/ / / / / / / / / / / / | | | |/| | | | | | | | | | | | | |
| | * | | | | | | | | | | | | | | | Merge branch 'security-2776-fix-add-reaction-permissions' into 'master'Yorick Peterse2019-01-241-0/+2
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | | | | | Prevent award_emoji to notes not visible to userHeinrich Lee Yu2019-01-151-0/+2
| | | |/ / / / / / / / / / / / / / /
| | * | | | | | | | | | | | | | | | Merge branch 'security-2779-fix-email-comment-permissions-check' into 'master'Yorick Peterse2019-01-246-22/+79
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | * | | | | | | | | | | | | | | | Prevent comments by email when issue is lockedHeinrich Lee Yu2019-01-226-22/+79
| | | | |_|_|_|_|/ / / / / / / / / / | | | |/| | | | | | | | | | | | | |
View Lorry Controller Status