Commits · 0a4c76aaaa136a34fbd3966d5206c106ff2ef526 · Forest Godfrey / gitlab-ce

05 Apr, 2017 7 commits
- Merge branch 'open-redirect-host-fix' into 'security' · 0a4c76aa
  Sean McGivern authored Apr 05, 2017
```
Fix for three open redirect vulns using redirect_to url_for(params.merge)))

See merge request !2082
```
  0a4c76aa
- Fix failures relating to bad conflict resolution from a cherry-picked change · 9e31e2a6
  DJ Mountney authored Apr 05, 2017
```
Introduced a new method but had failed to account for other delegated methods that were being used
```
  9e31e2a6
- Fix bug with conflict resolution for security release for the events_helper spec · f3ef831d
  DJ Mountney authored Apr 05, 2017
```
Previously accidently added a test for a feature that does not exist in this release
: preserved styles in labels
```
  f3ef831d
- Merge branch 'open-redirect-fix-continue-to' into 'security' · 94ba06f2
  Sean McGivern authored Apr 05, 2017
```
Fix for open redirect vuln involving continue[to] params

See merge request !2083
```
  94ba06f2
- Merge branch 'path-disclosure-proj-import-export' into 'security' · 3a512594
  DJ Mountney authored Apr 05, 2017
```
Fix for path disclosure in project import/export

See merge request !2080
```
  3a512594
- Merge branch '29364-private-projects-mr-fix' into 'security' · 4ad8ed1f
  Sean McGivern authored Apr 03, 2017
```
Don’t show source project name when user does not have access

See merge request !2081
```
  4ad8ed1f
- Merge branch '30125-markdown-security' into 'security' · 5802d406
  Robert Speicher authored Apr 02, 2017
```
Remove class from SanitizationFilter whitelist

See merge request !2079
```
  5802d406
19 Mar, 2017 2 commits
- Update VERSION to 8.16.8 · 220b52c7
  James Lopez authored Mar 19, 2017
  
  220b52c7
- Update CHANGELOG.md for 8.16.8 · 2d0f4a6f
  James Lopez authored Mar 19, 2017
```
[ci skip]
```
  2d0f4a6f
18 Mar, 2017 6 commits

Fix broken specs · a05bfba4
Ruben Davila authored Mar 18, 2017

a05bfba4
Merge branch 'ssrf' into 'security' · a8ea8c41
Rubén Dávila authored Mar 18, 2017
```
nil check for url_blocker?

See merge request !2076
```
a8ea8c41

Merge branch 'render-json-leak' into 'security' · cdf396f4

authored Mar 18, 2017

fix for render json include leaks

See merge request !2074
Conflicts:
	app/controllers/projects/merge_requests_controller.rb
	spec/controllers/projects/issues_controller_spec.rb

cdf396f4

Merge branch 'fix-links-target-blank' into 'security' · fe2feaa7

authored Mar 15, 2017

Adds rel="noopener noreferrer" to all links with target="_blank"

See merge request !2071
Conflicts:
	app/assets/javascripts/environments/components/environment_external_url.js
	app/assets/javascripts/merge_request_widget.js
	app/helpers/commits_helper.rb
	app/views/projects/services/mattermost_slash_commands/_detailed_help.html.haml
	app/views/projects/services/mattermost_slash_commands/_help.html.haml
	app/views/projects/services/slack_slash_commands/_help.html.haml

fe2feaa7

Merge branch 'ssrf' into 'security' · 42c4d27a
Douwe Maan authored Mar 15, 2017
```
Protect server against SSRF in project import URLs

See merge request !2068
```
42c4d27a
Merge branch '28058-hide-emails-in-atom-feeds' into 'security' · ba545d9d
Rémy Coutable authored Feb 16, 2017
```
Only show public emails in atom feeds

See merge request !2066
```
ba545d9d

27 Feb, 2017 5 commits
- Update CHANGELOG.md for 8.16.7 · eafc896d
  James Lopez authored Feb 27, 2017
```
[ci skip]
```
  eafc896d
- Update CHANGELOG.md for 8.16.7 · cf2bbe1b
  James Lopez authored Feb 27, 2017
```
[ci skip]
```
  cf2bbe1b
- Update VERSION to 8.16.7 · 28ea0011
  James Lopez authored Feb 27, 2017
  
  28ea0011
- Update CHANGELOG.md for 8.16.7 · 54ebaeea
  James Lopez authored Feb 27, 2017
```
[ci skip]
```
  54ebaeea
- Merge branch 'fix-compare-service-signature' into '8-16-stable' · f90054f0
  James Lopez authored Feb 27, 2017
```
Fix CompareService signature

See merge request !9515
```
  f90054f0
24 Feb, 2017 6 commits
- fix migration · f23777ed
  James Lopez authored Feb 24, 2017
  
  f23777ed
- Fix CompareService signature · ceb3eeff
  Sean McGivern authored Feb 24, 2017
```
In 8.17+, this takes two arguments to `new`, and two for `execute`. In
8.16, it takes four to `execute`.
```
  ceb3eeff
- Revert "Merge branch '28357-colon-search' into 'master' · 5fda2aad
  James Lopez authored Feb 24, 2017
```
This reverts commit f948c2f4.
```
  5fda2aad
- Merge branch 'fix-mr-size-with-over-100-files' into 'master' · 40d7c13d
  Sean McGivern authored Feb 23, 2017
```
Fix MR changes tab size count

Closes #27563

See merge request !9091
```
  40d7c13d
- Merge branch '28357-colon-search' into 'master' · f948c2f4
  Clement Ho authored Feb 21, 2017
```
Allow searching issues for strings containing colons

Closes #28357

See merge request !9400
```
  f948c2f4
- Merge branch 'patch-12' into 'master' · ee9d5f8c
  James Lopez authored Jan 24, 2017
```
Fix hash of ruby in update documentation

See merge request !8735
```
  ee9d5f8c
17 Feb, 2017 3 commits
- Update VERSION to 8.16.6 · 65cdbdd8
  DJ Mountney authored Feb 17, 2017
  
  65cdbdd8
- Update CHANGELOG.md for 8.16.6 · d0209527
  DJ Mountney authored Feb 17, 2017
```
[ci skip]
```
  d0209527
- Merge branch '28124-mrs-don-t-show-all-merge-errors' into 'master' · 8d04ce92
  Rémy Coutable authored Feb 16, 2017
```
Show merge errors in merge request widget

Closes #28124 and gitlab-ee#1652

See merge request !9229
Signed-off-by: Rémy Coutable <remy@rymai.me>
```
  8d04ce92
16 Feb, 2017 2 commits
- Merge branch 'fix-smart-interval-not-larger-than' into '8-16-stable' · 153f164a
  James Lopez authored Feb 16, 2017
```
Fix smart interval 8-16-stable failure

See merge request !9310
```
  153f164a
- Change toBe to toBeLessThan to account for flakey timers, spec needs refactoring… · 872ac224
  Luke "Jared" Bennett authored Feb 16, 2017
```
Change toBe to toBeLessThan to account for flakey timers, spec needs refactoring a little so this is not a complete fix
```
  872ac224
15 Feb, 2017 9 commits
- Fix spec failures in spec/javascripts/search_autocomplete_spec.js · 2917d042
  Rémy Coutable authored Feb 15, 2017
```
Signed-off-by: Rémy Coutable <remy@rymai.me>
```
  2917d042
- Merge branch 'dont-delete-assigned-issuables' into 'master' · 85b5330d
  Douwe Maan authored Feb 06, 2017
```
Don't delete assigned MRs/issues when user is deleted

See merge request !8634
```
  85b5330d
- Merge branch '24462-reduce_ldap_queries_for_lfs' into 'master' · 3329a61a
  Robert Speicher authored Feb 01, 2017
```
Reduce hits to LDAP on Git HTTP auth by reordering auth mechanisms

Closes #24462

See merge request !8752
```
  3329a61a
- Merge branch '27343-autocomplete-post-to-wrong-url-when-not-hosting-in-root' into 'master' · 7e0831ba
  Filipa Lacerda authored Feb 07, 2017
```
Fix filtered search user autocomplete for gitlab instances that are hosted on a subdirectory

Closes #27343

See merge request !8891
Signed-off-by: Rémy Coutable <remy@rymai.me>
```
  7e0831ba
- Merge branch '27516-fix-wrong-call-to-project_cache_worker-method' into 'master' · 208adc0d
  Robert Speicher authored Feb 02, 2017
```
Fix wrong call to ProjectCacheWorker.perform, and call ProjectCacheWorker.perform_async instead

Closes #27516

See merge request !8910
```
  208adc0d
- Merge branch 'snippet-spam-fix' into 'master' · b7db77c3
  Rémy Coutable authored Feb 06, 2017
```
Don't render snippet actions for logged-out users

Closes #27708

See merge request !8995
```
  b7db77c3
- Merge branch 'snippet-spam' into 'master' · c691f876
  Rémy Coutable authored Feb 02, 2017
```
Snippet spam

Closes #26276

See merge request !8911
```
  c691f876
- Merge branch 'api-fix-files' into 'master' · 785793ad
  Rémy Coutable authored Feb 06, 2017
```
API: Fix file downloading

See merge request !8953
```
  785793ad
- Merge branch '27267-unnecessary-queries-from-projects-dashboard-atom-and-json' into 'master' · 64fd9266
  Sean McGivern authored Feb 03, 2017
```
Remove unnecessary queries for .atom and .json in Dashboard::ProjectsController#index

Closes #27267

See merge request !8956
```
  64fd9266