Commits · 835a780ada9051c52225501e1926c43624b51fb3 · Forest Godfrey / gitlab-ce

02 Feb, 2018 1 commit
- Merge branch 'mc/bug/38984-wildcard-protected-tags-10-2' into 'security-10-2' · 835a780a
  Kamil Trzciński authored Jan 26, 2018
```
Fix using wildcards in protected tags to expose protected variables - 10.2

See merge request gitlab/gitlabhq!2308
```
  835a780a
01 Feb, 2018 1 commit
- Merge branch 'fix-stored-xss-in-code-blocks-10-2' into 'security-10-2' · 8489f5f3
  Robert Speicher authored Jan 10, 2018
```
[10.2] Fix stored XSS in code blocks

See merge request gitlab/gitlabhq!2298
```
  8489f5f3
31 Jan, 2018 3 commits
- Merge branch 'fix/gh-namespace-issue-10-2' into 'security-10-2' · cabed08c
  James Lopez authored Jan 23, 2018
```
[10-2] Fix GitHub import allowing a user to create a group under any existing namespace

See merge request gitlab/gitlabhq!2302
```
  cabed08c
- Merge branch 'security-10-2-todo-api-reveals-sensitive-information' into 'security-10-2' · 009ccbbe
  Robert Speicher authored Jan 18, 2018
```
[10.2] Restrict Todo API mark_as_done endpoint to the user's todos only

See merge request gitlab/gitlabhq!2315
```
  009ccbbe
- Merge branch '25223-snippets-finder-doesnt-obey-feature-visibility' into 'security-10-2' · 5d8345a5
  Douwe Maan authored Dec 05, 2017
```
Makes SnippetFinder ensure feature visibility

See merge request gitlab/gitlabhq!2224
```
  5d8345a5
18 Jan, 2018 2 commits
- Update VERSION to 10.2.7 · 2414c69a
  Oswaldo Ferreira authored Jan 18, 2018
  
  2414c69a
- Update CHANGELOG.md for 10.2.7 · 30b94566
  Oswaldo Ferreira authored Jan 18, 2018
```
[ci skip]
```
  30b94566
17 Jan, 2018 2 commits
- Merge branch 'fj-42112-fix-deploy-keys-migration-mysql-10-2' into '10-2-stable' · 64f2c629
  Stan Hu authored Jan 17, 2018
```
[10.2] Fix bug in security release with deploy keys migration

See merge request gitlab-org/gitlab-ce!16529
```
  64f2c629
- [10.2] Fix bug in security release with deploy keys migration · 3b87c004
  Francisco Javier López authored Jan 17, 2018
  
  3b87c004
11 Jan, 2018 2 commits
- Update VERSION to 10.2.6 · 9e06263c
  Oswaldo Ferreira authored Jan 11, 2018
  
  9e06263c
- Update CHANGELOG.md for 10.2.6 · 724456bf
  Oswaldo Ferreira authored Jan 11, 2018
```
[ci skip]
```
  724456bf
10 Jan, 2018 1 commit
- Merge branch '10-2-stable-patch-6' into '10-2-stable' · 0337f3d5
  Oswaldo Ferreira authored Jan 10, 2018
```
Prepare 10.2.6 Security Release

See merge request gitlab/gitlabhq!2290
```
  0337f3d5
09 Jan, 2018 2 commits

Merge branch 'jej/fix-disabled-oauth-access' into 'security-10-2' · d250b1d2

authored Dec 07, 2017

Prevent login with disabled OAuth providers

See merge request gitlab/gitlabhq!2223

(cherry picked from commit 43b6135f2226625b5e50d9aa2149a0ea74bb1336)

a4bb4a5b Prevents login with disabled OAuth providers

d250b1d2

Merge branch 'ipython-xss-fix' into 'security-10-2' · 8043a311

authored Dec 14, 2017

Sanitizes IPython notebook output

See merge request gitlab/gitlabhq!2237

(cherry picked from commit db98d764c4112dd24bc5ae9ed2bfc01052820309)

8908edbf Sanitizes iPython notebook output
90286ceb fixed karma specs

8043a311

08 Jan, 2018 10 commits

Merge branch… · 641541de

authored Jan 08, 2018

Merge branch '41293-fix-command-injection-vulnerability-on-system_hook_push-queue-through-web-hook-10-2' into 'security-10-2'

[10.2] Don't allow line breaks on HTTP headers

See merge request gitlab/gitlabhq!2287

(cherry picked from commit 1e19734413d46346dd46177d056d9c7165602197)

b7664b12 Don't allow line breaks on HTTP headers

641541de

Merge branch 'fix/import-rce-10-2' into 'security-10-2' · 40892389

authored Jan 08, 2018

[10.2] Fix RCE via project import mechanism

See merge request gitlab/gitlabhq!2293

(cherry picked from commit 836918b04ed739fe07b239d0e4eab58296218c8c)

cec9a6ae Fix RCE via project import mechanism

40892389

Merge branch 'sh-migrate-can-push-to-deploy-keys-projects-10-2' into 'security-10-2' · 405fb319

authored Jan 05, 2018

[10.2] Migrate `can_push` column from `keys` to `deploy_keys_project`

See merge request gitlab/gitlabhq!2275

(cherry picked from commit b07115bbf3a6f2340e88213f51f699302e6af1d9)

5382c682 Backport to 10.2

405fb319

Merge branch '41567-projectfix-10-2' into 'security-10-2' · d75e458a

authored Jan 05, 2018

[10.2] backport - check project access on MR create

See merge request gitlab/gitlabhq!2279

(cherry picked from commit dd1654b7830948347a23521058a1386a8ba97b69)

8b1e50e4 check project access on MR create

d75e458a

Merge branch 'security-ac/fix-path-traversal-10-2' into 'security-10-2' · 4abc25f5

authored Jan 03, 2018

[10.2] Fix path traversal in gitlab-ci.yml cache:key

See merge request gitlab/gitlabhq!2271

(cherry picked from commit 9184cd7968665137a18c4823ece239a4a1ca0e46)

1050945a Fix path traversal in gitlab-ci.yml cache:key

4abc25f5

Merge branch 'sh-validate-path-project-import-10-2' into 'security-10-2' · 3e356a07

authored Jan 03, 2018

Validate project path in Gitlab import - 10.2 port

See merge request gitlab/gitlabhq!2267

(cherry picked from commit faea8488456aed31915ca9dd6cb2a7d3090294ec)

036fc6c9 Validate project path in Gitlab import

3e356a07

Merge branch 'milestones-finder-order-fix-10-2' into 'security-10-2' · 1d3befb6

authored Jan 05, 2018

Remove order param from the MilestoneFinder - 10.2 port

See merge request gitlab/gitlabhq!2264

(cherry picked from commit 54c82aee8d97a7a82fff49197d023e2ebd3247e8)

bca5ca97 Remove order param from the MilestoneFinder

1d3befb6

Merge branch 'label-xss-security' into 'security-10-2' · e629ec77

authored Dec 15, 2017

[10.2] Fix XSS in issue label dropdown

See merge request gitlab/gitlabhq!2251

(cherry picked from commit df15b14521c46aaad5805ae90aa04739d78eec63)

6d693d09 Fix XSS in issue label dropdown

e629ec77

Merge branch 'ac/41346-xss-ci-job-output-backport-10-2' into 'security-10-2' · 6ae14819

authored Dec 22, 2017

[10.2] Fix XSS vulnerability in Pipeline job trace - backport 10 2

See merge request gitlab/gitlabhq!2260

(cherry picked from commit 4ba826b5df561e85f6fdfc86c20779b1a91b598b)

b890d809 Fix XSS vulnerability in Pipeline job trace

6ae14819

Merge branch… · 43100ddc

authored Jan 05, 2018

Merge branch 'security-10-2-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-2'

Filter out sensitive fields from the project services API

See merge request gitlab/gitlabhq!2282

(cherry picked from commit 66b1677940084505123cd519d0894c89dcc60da2)

8b3dcc2a Filter out sensitive fields from the project services API

43100ddc

15 Dec, 2017 3 commits
- Update VERSION to 10.2.5 · 16502c87
  Michael Kozono authored Dec 15, 2017
  
  16502c87
- Update CHANGELOG.md for 10.2.5 · d71b1d17
  Michael Kozono authored Dec 15, 2017
```
[ci skip]
```
  d71b1d17
- Merge branch '10-2-stable-patch-5' into '10-2-stable' · 985a1853
  Michael Kozono authored Dec 15, 2017
```
Prepare 10.2.5 release

See merge request gitlab-org/gitlab-ce!15925
```
  985a1853
14 Dec, 2017 13 commits
- Merge branch 'sh-optimize-groups-api-10-2' into '10-2-stable-patch-5' · ce916f47
  Winnie Hellmann authored Dec 14, 2017
```
Optimize API /groups/:id/projects by preloading assocations (10.2 port)

See merge request gitlab-org/gitlab-ce!15926
```
  ce916f47
- Solved copy/paste error! · 1f804797
  Francisco Javier López authored Dec 14, 2017
  
  1f804797
- Merge branch 'bvl-fork-networks-for-deleted-projects-10-2' into '10-2-stable-patch-5' · eb98a6f6
  Winnie Hellmann authored Dec 14, 2017
```
Create fork networks for deleted source projects (10.2 port)

See merge request gitlab-org/gitlab-ce!15927
```
  eb98a6f6
- Merge branch 'pawel/update-prometheus_gem_to_highly_optimized_version-10-2' into… · b452d57e
  Winnie Hellmann authored Dec 14, 2017
```
Merge branch 'pawel/update-prometheus_gem_to_highly_optimized_version-10-2' into '10-2-stable-patch-5'

Update prometheus-client-mmap gem to highly optimized version (10.2 port)

See merge request gitlab-org/gitlab-ce!15928
```
  b452d57e
- Resolving conflict · 9119c363
  Francisco Javier López authored Dec 14, 2017
  
  9119c363
- Resolving conflict · ebfe269e
  Francisco Javier López authored Dec 14, 2017
  
  ebfe269e
- Resolving conflict · a673d25d
  Francisco Javier López authored Dec 14, 2017
  
  a673d25d
- Resolve conflicts in `populate_fork_networks_range.rb` · 5708bd6c
  Bob Van Landuyt authored Dec 14, 2017
  
  5708bd6c
- Merge branch 'bvl-fork-networks-for-deleted-projects' into 'master' · 341f953b
  Sean McGivern authored Nov 29, 2017
```
Create fork networks for deleted source projects

Closes #40072

See merge request gitlab-org/gitlab-ce!15595

(cherry picked from commit 552c9089)

Conflicts:
	lib/gitlab/background_migration/populate_fork_networks_range.rb
```
  341f953b
- Resolve conflict in config/initializers/7_prometheus_metrics.rb · 11d1876f
  Winnie Hellmann authored Dec 14, 2017
  
  11d1876f
- Merge branch 'pawel/update-prometheus_gem_to_highly_optimized_version' into 'master' · 2c799569
  Stan Hu authored Dec 07, 2017
```
Update prometheus-client-mmap gem to highly optimized version

See merge request gitlab-org/gitlab-ce!15796

(cherry picked from commit aa24f7e1)

Conflicts:
	config/initializers/7_prometheus_metrics.rb
```
  2c799569
- Merge branch 'sh-optimize-groups-api' into 'master' · f798169c
  Douwe Maan authored Dec 04, 2017
```
Optimize API /groups/:id/projects by preloading assocations

Closes #40308

See merge request gitlab-org/gitlab-ce!15475

(cherry picked from commit 65b7a7a0)

Conflicts:
	lib/api/groups.rb
```
  f798169c
- Cherry pick lib/api/entities.rb from 763ea26d · 1126fd04
  Kamil Trzciński authored Nov 28, 2017
  
  1126fd04