This project is mirrored from https://jihulab.com/gitlab-cn/gitlab.git.
Pull mirroring updated .
- Nov 27, 2018
-
-
GitLab Release Tools Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
[ci skip]
-
Steve Azzopardi authored
SECURITY: Ce to ee 2018 11 26 11 4 stable See merge request gitlab/gitlab-ee!736
-
Steve Azzopardi authored
Stub Rails.application.env_config to prevent spec failures Closes gitlab-ee#8488 See merge request gitlab-org/gitlab-ce!23222
-
- Nov 26, 2018
-
-
Mario de la Ossa authored
-
Mario de la Ossa authored
-
Mario de la Ossa authored
-
Steve Azzopardi authored
We had an outdated db/schema.rb
-
Bob Van Landuyt authored
-
Bob Van Landuyt authored
-
Bob Van Landuyt authored
-
Steve Azzopardi authored
-
Steve Azzopardi authored
[11.4] Fix SSRF in project integrations See merge request gitlab/gitlabhq!2610
-
Steve Azzopardi authored
[11.4] Reflected XSS in OAuth Authorize window due to redirect_uri allowing arbitrary protocols See merge request gitlab/gitlabhq!2580
-
Steve Azzopardi authored
[11.4] Fix CRLF issue in UrlValidator See merge request gitlab/gitlabhq!2653
-
Francisco Javier López authored
-
Steve Azzopardi authored
[11.4] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request" See merge request gitlab/gitlab-ee!733
-
Francisco Javier López authored
This commit fixes a SSRF vulnerability related to project hooks and ipv6 addresses. It also addresses a problem with ipv6 mapped addresses.
-
Steve Azzopardi authored
-
Steve Azzopardi authored
[11.4] Resolve: "Provide email notification when a user changes their email address" See merge request gitlab/gitlabhq!2603
-
James Lopez authored
-
Steve Azzopardi authored
[11.4] Fixed ability to comment on and edit/delete comments on locked or confidential issues See merge request gitlab/gitlabhq!2647
-
Chantal Rollison authored
-
Steve Azzopardi authored
[11.4] [pages] Possible symlink time of check to time of use race condition See merge request gitlab/gitlabhq!2650
-
James Lopez authored
-
Steve Azzopardi authored
[11.4] Fix IDOR at /drafts/publish/ See merge request gitlab/gitlab-ee!714
-
Steve Azzopardi authored
[11.4] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request" See merge request gitlab/gitlabhq!2656
-
- Nov 23, 2018
-
-
James Lopez authored
-
Steve Azzopardi authored
[11.4] Fixed XSS with merge request approvers selection See merge request gitlab/gitlab-ee!711
-
Steve Azzopardi authored
[11.4] Authorize user when listing board resources See merge request gitlab/gitlab-ee!728
-
Steve Azzopardi authored
[11.4] Resolve: Guest can set weight of a new issue See merge request gitlab/gitlab-ee!717
-
Steve Azzopardi authored
-
Steve Azzopardi authored
Merge branch 'security-11-4-xss-in-markdown-following-unrecognized-html-element' into 'security-11-4' [11.4] XSS in markdown following unrecognized HTML element See merge request gitlab/gitlabhq!2632
-
Steve Azzopardi authored
[11.4] Fix XSS in mermaid diagrams See merge request gitlab/gitlabhq!2622
-
Steve Azzopardi authored
[11.4] Don't expose confidential information in commit message list See merge request gitlab/gitlabhq!2643
-
Steve Azzopardi authored
[11.4] Resolve: Promoting a milestone is missing an authorization check See merge request gitlab/gitlabhq!2620
-
Steve Azzopardi authored
[11.4] Do not follow redirects in prometheus service See merge request gitlab/gitlabhq!2624
-
Steve Azzopardi authored
[11.4] Stored XSS for Environments See merge request gitlab/gitlabhq!2615
-
Steve Azzopardi authored
-