Commits · c95d5315c12ade3ab285a4dafc0583c8e2068d14 · Forest Godfrey / gitlab-ce

27 Feb, 2018 2 commits
- Merge branch 'pages-6-1-gitlab-10-3' into 'security-10-3' · c95d5315
  Marin Jankovski authored Feb 19, 2018
```
Update gitlab-pages version (GitLab 10.3)

See merge request gitlab/gitlabhq!2319
```
  c95d5315
- Merge branch 'sh-fix-otp-backup-invalidation-10-3' into 'security-10-3' · 3e14f56e
  Douwe Maan authored Feb 15, 2018
```
Ensure that OTP backup codes are always invalidated (10.3 port)

See merge request gitlab/gitlabhq!2328
```
  3e14f56e
05 Feb, 2018 2 commits
- Update VERSION to 10.3.7 · 586669a0
  Luke Bennett authored Feb 05, 2018
  
  586669a0
- Update CHANGELOG.md for 10.3.7 · c0ad151c
  Luke Bennett authored Feb 05, 2018
```
[ci skip]
```
  c0ad151c
02 Feb, 2018 1 commit
- Merge branch 'mc/bug/38984-wildcard-protected-tags-10-3' into 'security-10-3' · eaec5ce9
  Kamil Trzciński authored Jan 26, 2018
```
Fix using wildcards in protected tags to expose protected variables - 10.3

See merge request gitlab/gitlabhq!2307
```
  eaec5ce9
01 Feb, 2018 2 commits

Fix stored XSS in code blocks · dd7416a6

authored Jan 10, 2018

There were three things here:

1. Display math was broken.
2. <script> tags could be injected into code blocks with the language as `math`,
   `mermaid`, or `plantuml`.
3. <script> tags could be injected if Rouge threw an exception, for whatever
   reason.

This fixes all of those by always using the same code path for 'standard'
highlighting and 'special' languages (mathematics, Mermaid, and PlantUML), and
skipping the filter entirely if Rouge fails on a retry with the plain text
filter. It also adds specs for KaTeX and Mermaid rendering.

dd7416a6

Merge branch 'fix-mermaid-xss-10-3' into 'security-10-3' · fb829ac5
Sean McGivern authored Feb 01, 2018
```
[10.3] Fix stored XSS in code blocks

See merge request gitlab/gitlabhq!2317
```
fb829ac5

31 Jan, 2018 3 commits

Merge branch 'fix/gh-namespace-issue-10-3' into 'security-10-3' · 58b66521

authored Jan 23, 2018

[10-3] Fix GitHub import allowing a user to create a group under any existing namespace

See merge request gitlab/gitlabhq!2303

58b66521

Merge branch 'security-10-3-todo-api-reveals-sensitive-information' into 'security-10-3' · 381fab22
Robert Speicher authored Jan 18, 2018
```
[10.3] Restrict Todo API mark_as_done endpoint to the user's todos only

See merge request gitlab/gitlabhq!2314
```
381fab22

Merge branch… · 43625147

authored Jan 18, 2018

Merge branch 'security-10-3-25223-snippets-finder-doesnt-obey-feature-visibility' into 'security-10-3'

[Port for security-10-3]: Makes SnippetFinder ensure feature visibility

See merge request gitlab/gitlabhq!2311

43625147

22 Jan, 2018 4 commits
- Update VERSION to 10.3.6 · c9d2f74c
  Oswaldo Ferreira authored Jan 22, 2018
  
  c9d2f74c
- Update CHANGELOG.md for 10.3.6 · b75232cf
  Oswaldo Ferreira authored Jan 22, 2018
```
[ci skip]
```
  b75232cf
- Merge branch '10-3-stable-patch-6' into '10-3-stable' · 80f2670a
  Oswaldo Ferreira authored Jan 22, 2018
```
Prepare 10.3.6 release

See merge request gitlab-org/gitlab-ce!16581
```
  80f2670a
- Remove failing spec not needed for 10.3 · 7aea6dea
  Jarka Kadlecová authored Jan 22, 2018
  
  7aea6dea
19 Jan, 2018 26 commits

Backport Gitlab::Git::Repository#create_hooks and fix conflicts · f9bb4d6e
Stan Hu authored Jan 19, 2018

f9bb4d6e
Resolve incorrect conflict resolution for dispatcher cluster pages · 069937d3
Eric Eastwood authored Jan 19, 2018

069937d3
Change FactoryBot to FactoryGirl · 3090012d
Tiago Botelho authored Jan 19, 2018

3090012d

Merge branch 'fix-docs-help-shortcut' into 'master' · 732ebd7c

authored Dec 19, 2017

Fix shortcut links on help page

Closes #41097

See merge request gitlab-org/gitlab-ce!16001

(cherry picked from commit 4e60b4f1)

befa1e5b Fix shortcut links on help page
4860f586 Add changelog
e4786a85 Add bundle and spec

732ebd7c

Merge branch '41342-add-ci-yml-example-for-browser-performance-testing-in-ce' into 'master' · dfac063d

authored Dec 21, 2017

Add CI YML example for Browser Performance Testing in CE

See merge request gitlab-org/gitlab-ce!16058

(cherry picked from commit 3ee5fd15)

496f2ba7 Add CI YML example for CE

dfac063d

Merge branch 'docs-move-transfer-project-to-group' into 'master' · 074ce6aa
Achilleas Pipinellis authored Dec 21, 2017
```
Refactor user, project and group docs when changing namespace

See merge request gitlab-org/gitlab-ce!16019
```
074ce6aa

Merge branch 'docs-clarify-auto-devops-pipelines' into 'master' · b9f6929c

authored Dec 22, 2017

Clarify Auto DevOps pipelines

See merge request gitlab-org/gitlab-ce!16106

(cherry picked from commit 2972352a)

16f45850 Clarify Auto DevOps pipelines
e263f7e5 Remove image to Auto DevOps settings and refactor the enable section

b9f6929c

Merge branch 'sh-catch-invalid-uri-markdown' into 'master' · f921c6e2

authored Dec 25, 2017

Gracefully handle garbled URIs in Markdown

Closes #41442

See merge request gitlab-org/gitlab-ce!16123

(cherry picked from commit 29749f92)

0faf772b Gracefully handle garbled URIs in Markdown

f921c6e2

Merge branch 'fix-abuse-reports-link-url' into 'master' · 69cf3fa9

authored Dec 28, 2017

Fixed abuse reports link url

See merge request gitlab-org/gitlab-ce!16068

(cherry picked from commit 97bebab6)

7dfafd0f Fixed abuse reports link url
9574818e Add changelog entry

69cf3fa9

Merge branch 'pawel/update-prometheus-gem-to-improve-handling-of-inf-bucket' into 'master' · 317b90d2

authored Jan 02, 2018

Update prometheus gem to version that publishes +Inf bucket in accordance with Prometheus docs.

See merge request gitlab-org/gitlab-ce!16175

(cherry picked from commit b6d3dfe5)

387c808f Update prometheus gem to version that adds inf+ bucket in accordance with Prometheus docs.

317b90d2

Merge branch 'sh-validate-path-project-import' into 'master' · bf839801

authored Jan 04, 2018

Avoid leaving a push event empty if payload cannot be created

See merge request gitlab-org/gitlab-ce!16214

(cherry picked from commit 51562aaf)

57dc5a52 Avoid leaving a push event empty if payload cannot be created

bf839801

Merge branch '41396-ee_compat_check-and-security-fix-development' into 'master' · 7bc8d214

authored Jan 04, 2018

Do not run ee_compat_check on security branches

Closes #41396

See merge request gitlab-org/gitlab-ce!16188

(cherry picked from commit 54bbcc3d)

ebdcbd45 Do not run ee_compat_check on security branches

7bc8d214

Merge branch… · e1018e02

authored Jan 05, 2018

Merge branch '41677-branch-name-omitted-due-to-bad-utf-8-conversion-by-gitaly-ref-handler' into 'master'

Resolve "Branch name omitted due to bad UTF-8 conversion by Gitaly ref handler"

Closes #41677

See merge request gitlab-org/gitlab-ce!16243

(cherry picked from commit f7afb14c)

5152cc3b Fix a bug where charlock_holmes was used needlessly to encode strings

e1018e02

Merge branch… · 873f6320

authored Jan 04, 2018

Merge branch '41468-error-500-trying-to-view-a-merge-request-json-undefined-method-binary-for-nil-nilclass' into 'master'

Resolve "Error 500 trying to view a merge request JSON: undefined method `binary?' for nil:NilClass"

Closes #41468

See merge request gitlab-org/gitlab-ce!16193

(cherry picked from commit 016a2b6e)

528b5eeb Fix error when viewing diffs without blobs

873f6320

Merge branch 'changes-dropdown-ellipsis' into 'master' · 75662f09

authored Jan 09, 2018

Fix changes dropdown ellipsis working across browsers

Closes #41561 and #41684

See merge request gitlab-org/gitlab-ce!16281

75662f09

Merge branch '41424-gitlab-rake-gitlab-import-repos-schedules-an-import' into 'master' · b5ac9ea0
Douwe Maan authored Jan 03, 2018
```
Resolve "gitlab-rake gitlab:import:repos schedules an import"

Closes #41424

See merge request gitlab-org/gitlab-ce!16115
```
b5ac9ea0

Merge branch 'fj-41477-fix-bug-wiki-last-version' into 'master' · f4502a1a

authored Jan 09, 2018

Fixing bug related to wiki last version

Closes #41477 and #41506

See merge request gitlab-org/gitlab-ce!16197

(cherry picked from commit 65b04860)

e44ca26f Fixing bug related to wiki last version
abe399b1 Added changelog
e471ec00 Restoring last version and created monkey patch
52c9dcb4 Fixed spec descriptions
5814d83c Updated monkey patch to work with paths with more than one dir
b9ff53c0 Updated specs
bc261232 Fixing offense

f4502a1a

Merge branch 'mk-no-op-delete-conflicting-redirects' into 'master' · c817a857

authored Jan 04, 2018

Prevent excessive DB load due to faulty DeleteConflictingRedirectRoutes background migration

See merge request gitlab-org/gitlab-ce!16205

(cherry picked from commit d2891822)

f6352772 Make DeleteConflictingRedirectRoutes no-op

c817a857

Merge branch '41563-fix-branch-creation-from-issue-in-firefox' into 'master' · 22c90e21

authored Jan 05, 2018

Fix custom name in branch creation for issue in Firefox

Closes #41563

See merge request gitlab-org/gitlab-ce!16244

(cherry picked from commit ae46ceaa)

f4c2eeb2 Fix custom name in branch creation for issue in Firefox
578c930f Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce into…

22c90e21

Merge branch 'sh-fix-bare-import-hooks' into 'master' · 028a317d

authored Jan 10, 2018

Fix hooks not being set up properly for bare import Rake task

Closes #41739

See merge request gitlab-org/gitlab-ce!16280

028a317d

Merge branch '41491-fix-nil-blob-name-error' into 'master' · 8b4f3084

authored Jan 10, 2018

Fix 500 error when visiting a commit where the blobs do not exist (nil blobs)

Closes #41491

See merge request gitlab-org/gitlab-ce!16237

8b4f3084

Merge branch 'fj-41598-fixing-request-mime-type' into 'master' · 16e42bc0

authored Jan 15, 2018

Fixing request json mime type

Closes #41598

See merge request gitlab-org/gitlab-ce!16427

(cherry picked from commit f402762d)

defd12cc Trying to fix the json mime type in the request
2c352404 Added changelog
b7c19497 Added regression test

16e42bc0

Merge branch 'mk-fix-permanent-redirect-validation' into 'master' · 4667593a

authored Jan 12, 2018

Fix Route validation when conflicting permanent redirects exist

Closes gitlab-com/support-forum#2883 and #41786

See merge request gitlab-org/gitlab-ce!16397

(cherry picked from commit d607f16f)

1dc30595 Revert "Revert "Fix Route validation for unchanged path""
c517788e Fix Rubocop offense
601c24d5 Add RedirectRoute factory
d4c8d1b7 Add changelog entry

4667593a

Merge branch '41727-target-branch-name' into 'master' · 41d782ed

authored Jan 17, 2018

Set target_branch to the ref branch when creating MR from issue

Closes #41727

See merge request gitlab-org/gitlab-ce!16422

(cherry picked from commit b4bc9bd5)

7e9484e9 Set target_branch to the ref branch when creating MR from issue

41d782ed

Merge branch 'jej/lfs-rev-list-handles-non-utf-paths-41627' into 'master' · 593effca

authored Jan 16, 2018

Prevent RevList failing on non utf8 paths

Closes #41627

See merge request gitlab-org/gitlab-ce!16440

(cherry picked from commit 3228ac06)

c4dd7b82 Prevent RevList failing on non utf8 paths

593effca

Merge branch 'Ben305/gitlab-ce-36669-default-mr-title-with-external-issues' into 'master' · 7f7cb2e6

authored Jan 11, 2018

Resolve "Incorrect default merge request title when Jira activated"

Closes #36669

See merge request gitlab-org/gitlab-ce!16356

(cherry picked from commit e7266441)

44c8f919 Fix incorrect default merge request title when external issue tracker is activated
ca275561 Never set special MR titles for external issues
f9cf2f99 Give appropriate credit to Ben305 in the changelog

7f7cb2e6