1. 26 Nov, 2018 3 commits
  2. 23 Nov, 2018 1 commit
  3. 21 Nov, 2018 1 commit
  4. 19 Nov, 2018 1 commit
  5. 18 Nov, 2018 2 commits
  6. 16 Nov, 2018 1 commit
  7. 15 Nov, 2018 1 commit
    • Alessio Caiazza's avatar
      Validate URI scheme also for internal URI · a4ef6934
      Alessio Caiazza authored
      This is a backport for 11.4 stable branch.
      
      Gitlab::UrlBlocker ignores scheme when validating URI matching either
      config.gitlab or config.gitlab_shell
      
      This patch enforces matching config.gitlab.protocol for internal web and
      ssh for internal shell.
      
      A cleanup migration for stored XSS from environments table is included.
      a4ef6934
  8. 14 Nov, 2018 3 commits
  9. 12 Nov, 2018 2 commits
  10. 07 Nov, 2018 1 commit
  11. 05 Nov, 2018 1 commit
  12. 04 Nov, 2018 1 commit
  13. 02 Nov, 2018 3 commits
  14. 01 Nov, 2018 2 commits
  15. 30 Oct, 2018 2 commits
  16. 26 Oct, 2018 1 commit
    • Thong Kuah's avatar
      Monkey kubeclient to not follow any redirects. · 2800994d
      Thong Kuah authored
      This should prevent any malicious server from responding with a location
      that will redirect us and expose internal services, as kubeclient's
      rest-client will no longer follow redirects.
      2800994d
  17. 25 Oct, 2018 6 commits
  18. 24 Oct, 2018 2 commits
  19. 23 Oct, 2018 5 commits
  20. 19 Oct, 2018 1 commit