Commits · v10.1.7 · Forest Godfrey / gitlab-ce

18 Jan, 2018 2 commits
- Update VERSION to 10.1.7 · d3016d86
  
  Oswaldo Ferreira authored Jan 18, 2018
  
  d3016d86
- Update CHANGELOG.md for 10.1.7 · 2092ee30
  Oswaldo Ferreira authored Jan 18, 2018
```
[ci skip]
```
  2092ee30
17 Jan, 2018 2 commits
- Merge branch 'fj-42112-fix-deploy-keys-migration-mysql-10-1' into '10-1-stable' · b68c94d0
  Stan Hu authored Jan 17, 2018
```
[10.1] Fix bug in security release with deploy keys migration

See merge request gitlab-org/gitlab-ce!16528
```
  b68c94d0
- [10.1] Fix bug in security release with deploy keys migration · 7c9b9827
  Francisco Javier López authored Jan 17, 2018
  
  7c9b9827
11 Jan, 2018 2 commits
- Update VERSION to 10.1.6 · c3f66154
  Oswaldo Ferreira authored Jan 11, 2018
  
  c3f66154
- Update CHANGELOG.md for 10.1.6 · 6926edd0
  Oswaldo Ferreira authored Jan 11, 2018
```
[ci skip]
```
  6926edd0
10 Jan, 2018 1 commit
- Merge branch '10-1-stable-patch-6' into '10-1-stable' · 7b54e82a
  Oswaldo Ferreira authored Jan 10, 2018
```
Prepare 10.1.6 Security Release

See merge request gitlab/gitlabhq!2291
```
  7b54e82a
09 Jan, 2018 2 commits

Merge branch 'jej/fix-disabled-oauth-access-10-1' into 'security-10-1' · af2b1261

authored Dec 14, 2017

[10.1] Prevent login with disabled OAuth providers

See merge request gitlab/gitlabhq!2249

(cherry picked from commit e4951cc45f29a9ec1e07408102ab339444ff43e8)

71d8d00c Prevents login with disabled OAuth providers

af2b1261

Merge branch 'fl-ipython' into 'security-10-1' · ecb69c3f

authored Jan 09, 2018

Port of [10.2] Sanitizes IPython notebook output

See merge request gitlab/gitlabhq!2284

(cherry picked from commit 72ce40bdebe73a06dc282d42f2c8a729730c9cee)

989d1187 Port of [10.2] Sanitizes IPython notebook output

ecb69c3f

08 Jan, 2018 10 commits

Merge branch… · fd281365

authored Jan 08, 2018

Merge branch '41293-fix-command-injection-vulnerability-on-system_hook_push-queue-through-web-hook-10-1' into 'security-10-1'

[10.1] Don't allow line breaks on HTTP headers

See merge request gitlab/gitlabhq!2286

(cherry picked from commit 271ef222fa964481379a14a9c07805621a7d52a6)

a30812d3 Don't allow line breaks on HTTP headers

fd281365

Merge branch 'fix/import-rce-10-1' into 'security-10-1' · 62d41f92

authored Jan 08, 2018

[10.1] Fix RCE via project import mechanism

See merge request gitlab/gitlabhq!2292

(cherry picked from commit 9a399c554268f3ac9e9cd2340600c2df2f5dfa47)

fdbd8d03 Fix RCE via project import mechanism

62d41f92

Merge branch 'sh-migrate-can-push-to-deploy-keys-projects-10-1' into 'security-10-1' · 237d2da4

authored Jan 05, 2018

[10.1] Migrate `can_push` column from `keys` to `deploy_keys_project`

See merge request gitlab/gitlabhq!2274

(cherry picked from commit b8ed2ac5bf4a75d0787315e741d4c9aacd36e07e)

5f214517 Backport to 10.1

237d2da4

Merge branch '41567-projectfix-10-1' into 'security-10-1' · a9dafaaa

authored Jan 05, 2018

[10.1] backport - check project access on MR create

See merge request gitlab/gitlabhq!2280

(cherry picked from commit 6ca3de3c1e97590f62677227c7eef2f000db766c)

285551b9 check project access on MR create

a9dafaaa

Merge branch 'security-ac/fix-path-traversal-10-1' into 'security-10-1' · 62b0e7f1

authored Jan 03, 2018

[10.1] Fix path traversal in gitlab-ci.yml cache:key

See merge request gitlab/gitlabhq!2272

(cherry picked from commit 991ae1d593e78e7c2484d5fe5b12dfce44a94bc8)

754c83ea Fix path traversal in gitlab-ci.yml cache:key

62b0e7f1

Merge branch 'sh-validate-path-project-import-10-1' into 'security-10-1' · e151f5d5

authored Jan 03, 2018

Validate project path in Gitlab import - 10.1 port

See merge request gitlab/gitlabhq!2266

(cherry picked from commit 14e7f46a07a45bf851178ae6c90c519460bf9736)

13ad8b50 Validate project path in Gitlab import

e151f5d5

Merge branch 'milestones-finder-order-fix-10-1' into 'security-10-1' · 1da3b9dc

authored Jan 05, 2018

Remove order param from the MilestoneFinder - 10.1 port

See merge request gitlab/gitlabhq!2265

(cherry picked from commit 5f0bb7928b40029a2ced18063c36697e3f8e80c2)

85c6530e Remove order param from the MilestoneFinder

1da3b9dc

Merge branch 'label-xss-10-1' into 'security-10-1' · a7de1343

authored Dec 15, 2017

[10.1] Fix XSS in issue label dropdown

See merge request gitlab/gitlabhq!2252

(cherry picked from commit 447270c2603dc4962d6aed87baeaeb56c59788ba)

71c6cded Fix XSS in issue label dropdown
0cc81a51 Move xss_label to smaller test scope

a7de1343

Merge branch 'ac/41346-xss-ci-job-output-backport-10-1' into 'security-10-1' · ffccf4a5

authored Dec 22, 2017

[10.1] Fix XSS vulnerability in Pipeline job trace - back port 10.1

See merge request gitlab/gitlabhq!2261

(cherry picked from commit ddb49b9053a31db0dfb93e02be1975549f991695)

dc3d4676 Fix XSS vulnerability in Pipeline job trace

ffccf4a5

Merge branch… · 3a163509

authored Jan 05, 2018

Merge branch 'security-10-1-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-1'

Filter out sensitive fields from the project services API

See merge request gitlab/gitlabhq!2283

(cherry picked from commit cde3ae62e8f602b8db4fbdd382fba1a90780be7f)

c958086d Filter out sensitive fields from the project services API

3a163509

04 Jan, 2018 1 commit

Merge branch 'sh-bump-redis-actionpack' into 'master' · 14861b04

authored Dec 06, 2017

Bump redis-rails to 5.0.2 to get redis-store security updates

Closes #40889

See merge request gitlab-org/gitlab-ce!15773

14861b04

18 Dec, 2017 2 commits
- Merge branch 'winh-10-1-changelog-entries-docs' into '10-1-stable' · 935d26f2
  Michael Kozono authored Dec 18, 2017
```
Add changelog entries for 10.1.5

See merge request gitlab-org/gitlab-ce!15908
```
  935d26f2
- Add changelog entries for 10.1.5 and 10.0.7 · 1da07b6f
  Winnie Hellmann authored Dec 18, 2017
  
  1da07b6f
14 Nov, 2017 7 commits
- Update VERSION to 10.1.4 · c887c03a
  Felipe Artur authored Nov 14, 2017
  
  c887c03a
- Update CHANGELOG.md for 10.1.4 · fdd3cb9a
  Felipe Artur authored Nov 14, 2017
```
[ci skip]
```
  fdd3cb9a
- Merge branch '10-1-stable-patch-4' into '10-1-stable' · 45027904
  Felipe Artur authored Nov 14, 2017
```
Prepare 10.1.4 release

See merge request gitlab-org/gitlab-ce!15379
```
  45027904
- Merge branch 'dm-authorize-admin-oauth-application' into 'master' · 46908762
  Sean McGivern authored Nov 13, 2017
```
Prevent error when authorizing an admin-created OAauth application without a set owner

Closes #40086

See merge request gitlab-org/gitlab-ce!15349
```
  46908762
- Merge branch 'bvl-fork-network-memberships-for-deleted-source' into 'master' · 6138bb53
  Yorick Peterse authored Nov 14, 2017
```
Don't try to create fork network memberships for forks of forks

Closes #40072

See merge request gitlab-org/gitlab-ce!15366
```
  6138bb53
- Merge branch 'issue_40058' into 'master' · 0d47b321
  Sean McGivern authored Nov 14, 2017
```
Prevent position update for image diff notes

Closes #40058

See merge request gitlab-org/gitlab-ce!15357
```
  0d47b321
- Merge branch '40092-fix-cluster-size' into 'master' · 4768da20
  Tim Zallmann authored Nov 14, 2017
```
Formats bytes to human readable number in registry table

See merge request gitlab-org/gitlab-ce!15359
```
  4768da20
10 Nov, 2017 11 commits
- Update VERSION to 10.1.3 · e6142bc7
  Felipe Artur authored Nov 10, 2017
  
  e6142bc7
- Update CHANGELOG.md for 10.1.3 · 0baa8671
  Felipe Artur authored Nov 10, 2017
```
[ci skip]
```
  0baa8671
- Merge branch '10-1-stable-patch-2' into '10-1-stable' · 2838ae28
  Felipe Artur authored Nov 10, 2017
```
Prepare 10.1.3 release

See merge request gitlab-org/gitlab-ce!15209
```
  2838ae28
- Merge branch 'issue_39773_be' into 'master' · f9dd9e1a
  Sean McGivern authored Nov 10, 2017
```
Prevent fast forward merge when rebase is required

Closes #39773

See merge request gitlab-org/gitlab-ce!15296
```
  f9dd9e1a
- Merge branch '10-1-stable' into 10-1-stable-patch-2 · 7bacf946
  Lin Jen-Shin authored Nov 10, 2017
```
* 10-1-stable:
  Merge branch '32059-fix-oauth-phishing' into 'master'
```
  7bacf946
- Merge branch '32059-fix-oauth-phishing' into 'master' · 8fef7a47
  Douwe Maan authored Nov 10, 2017
```
Prevent OAuth phishing attack by presenting detailed wording about app to user during authorization

See merge request gitlab-org/gitlab-ce!15311
```
  8fef7a47
- Merge branch '32059-fix-oauth-phishing' into 'security-10-1' · 5d4a7cac
  Douwe Maan authored Nov 07, 2017
```
Prevent OAuth phishing attack by presenting detailed wording about app to user during authorization

See merge request gitlab/gitlabhq!2205
```
  5d4a7cac
- Solved conflicts · 150c8d50
  Jose Ivan Vargas authored Nov 06, 2017
  
  150c8d50
- Merge branch '10-1-stable' into 10-1-stable-patch-2 · c64effb4
  Lin Jen-Shin authored Nov 10, 2017
```
* 10-1-stable:
  Add 10.1.2 security fixes to CHANGELOG.md
```
  c64effb4
- Merge branch '39648-fix-gke-wording' into 'master' · c2810419
  Filipa Lacerda authored Nov 07, 2017
```
Resolve "Fix GKE wording"

Closes #39648

See merge request gitlab-org/gitlab-ce!15204
```
  c2810419
- Merge branch 'dm-block-group-and-project-creation-when-external-by-default' into 'master' · 26f58cb4
  Sean McGivern authored Nov 06, 2017
```
Make sure group and project creation is blocked for new users that are external by default

Closes #39664

See merge request gitlab-org/gitlab-ce!15212
```
  26f58cb4