BigW Consortium Gitlab

  1. 11 Jan, 2018 2 commits
  2. 10 Jan, 2018 1 commit
  3. 09 Jan, 2018 2 commits
  4. 08 Jan, 2018 10 commits
    • Merge branch… · 641541de
      Robert Speicher authored
      Merge branch '41293-fix-command-injection-vulnerability-on-system_hook_push-queue-through-web-hook-10-2' into 'security-10-2'
      
      [10.2] Don't allow line breaks on HTTP headers
      
      See merge request gitlab/gitlabhq!2287
      
      (cherry picked from commit 1e19734413d46346dd46177d056d9c7165602197)
      
      b7664b12 Don't allow line breaks on HTTP headers
    • Merge branch 'fix/import-rce-10-2' into 'security-10-2' · 40892389
      James Lopez authored
      [10.2] Fix RCE via project import mechanism
      
      See merge request gitlab/gitlabhq!2293
      
      (cherry picked from commit 836918b04ed739fe07b239d0e4eab58296218c8c)
      
      cec9a6ae Fix RCE via project import mechanism
    • Merge branch 'sh-migrate-can-push-to-deploy-keys-projects-10-2' into 'security-10-2' · 405fb319
      Douwe Maan authored
      [10.2] Migrate `can_push` column from `keys` to `deploy_keys_project`
      
      See merge request gitlab/gitlabhq!2275
      
      (cherry picked from commit b07115bbf3a6f2340e88213f51f699302e6af1d9)
      
      5382c682 Backport to 10.2
    • Merge branch '41567-projectfix-10-2' into 'security-10-2' · d75e458a
      Sean McGivern authored
      [10.2] backport - check project access on MR create
      
      See merge request gitlab/gitlabhq!2279
      
      (cherry picked from commit dd1654b7830948347a23521058a1386a8ba97b69)
      
      8b1e50e4 check project access on MR create
    • Merge branch 'security-ac/fix-path-traversal-10-2' into 'security-10-2' · 4abc25f5
      Robert Speicher authored
      [10.2] Fix path traversal in gitlab-ci.yml cache:key
      
      See merge request gitlab/gitlabhq!2271
      
      (cherry picked from commit 9184cd7968665137a18c4823ece239a4a1ca0e46)
      
      1050945a Fix path traversal in gitlab-ci.yml cache:key
    • Merge branch 'sh-validate-path-project-import-10-2' into 'security-10-2' · 3e356a07
      Robert Speicher authored
      Validate project path in Gitlab import - 10.2 port
      
      See merge request gitlab/gitlabhq!2267
      
      (cherry picked from commit faea8488456aed31915ca9dd6cb2a7d3090294ec)
      
      036fc6c9 Validate project path in Gitlab import
    • Merge branch 'milestones-finder-order-fix-10-2' into 'security-10-2' · 1d3befb6
      Robert Speicher authored
      Remove order param from the MilestoneFinder - 10.2 port
      
      See merge request gitlab/gitlabhq!2264
      
      (cherry picked from commit 54c82aee8d97a7a82fff49197d023e2ebd3247e8)
      
      bca5ca97 Remove order param from the MilestoneFinder
    • Merge branch 'label-xss-security' into 'security-10-2' · e629ec77
      Jacob Schatz authored
      [10.2] Fix XSS in issue label dropdown
      
      See merge request gitlab/gitlabhq!2251
      
      (cherry picked from commit df15b14521c46aaad5805ae90aa04739d78eec63)
      
      6d693d09 Fix XSS in issue label dropdown
    • Merge branch 'ac/41346-xss-ci-job-output-backport-10-2' into 'security-10-2' · 6ae14819
      Robert Speicher authored
      [10.2] Fix XSS vulnerability in Pipeline job trace - backport 10 2
      
      See merge request gitlab/gitlabhq!2260
      
      (cherry picked from commit 4ba826b5df561e85f6fdfc86c20779b1a91b598b)
      
      b890d809 Fix XSS vulnerability in Pipeline job trace
    • Merge branch… · 43100ddc
      Sean McGivern authored
      Merge branch 'security-10-2-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-2'
      
      Filter out sensitive fields from the project services API
      
      See merge request gitlab/gitlabhq!2282
      
      (cherry picked from commit 66b1677940084505123cd519d0894c89dcc60da2)
      
      8b3dcc2a Filter out sensitive fields from the project services API
  5. 15 Dec, 2017 3 commits
  6. 14 Dec, 2017 22 commits