delta/gitlab/gitlab-ce.git/spec, branch fix-cache-for-commit-status gitlab.com: gitlab-org/gitlab-ce.git Merge branch 'unauthenticated-container-registry-access' into 'security' 2016-11-09T11:28:29+00:00 Alejandro Rodriguez alejandro@gitlab.com 2016-11-08T18:37:15+00:00 32042ef56adfa24ce5952c6f3b7dc97dea5fd2d4 Restore unauthenticated access to public container registries Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/24284 See merge request !2025 Signed-off-by: Rémy Coutable <remy@rymai.me> 
Restore unauthenticated access to public container registries

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/24284

See merge request !2025

Signed-off-by: Rémy Coutable <remy@rymai.me>
Merge branch '23403-fix-events-for-private-project-features' into 'security' 2016-11-09T11:27:41+00:00 Robert Speicher robert@gitlab.com 2016-11-04T14:15:43+00:00 b0088b527eacd16773a85ad8f88e49de7c646cf1 Respect project visibility settings in the contributions calendar This MR fixes a number of bugs relating to access controls and date selection of events for the contributions calendar Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23403 See merge request !2019 Signed-off-by: Rémy Coutable <remy@rymai.me> 
Respect project visibility settings in the contributions calendar

This MR fixes a number of bugs relating to access controls and date selection of events for the contributions calendar

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23403

See merge request !2019

Signed-off-by: Rémy Coutable <remy@rymai.me>
Merge branch 'fix-unathorized-cloning' into 'security' 2016-11-09T11:27:17+00:00 Douwe Maan douwe@gitlab.com 2016-11-02T21:50:44+00:00 b0bf92140f469db90ef378fd42a6f65eee1d4633 Ensure external users are not able to clone disabled repositories. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23788 See merge request !2017 Signed-off-by: Rémy Coutable <remy@rymai.me> 
Ensure external users are not able to clone disabled repositories.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23788

See merge request !2017

Signed-off-by: Rémy Coutable <remy@rymai.me>
Merge branch 'markdown-xss-fix-option-2.1' into 'security' 2016-11-09T11:26:44+00:00 Douwe Maan douwe@gitlab.com 2016-11-07T16:27:35+00:00 a14ee68fe4815d2906ece670bcc333303fd3c816 Fix for HackerOne XSS vulnerability in markdown This is an updated blacklist patch to fix https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2007. No text is removed. Dangerous schemes/protocols and invalid URIs are left intact but not linked. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23153 See merge request !2015 Signed-off-by: Rémy Coutable <remy@rymai.me> 
Fix for HackerOne XSS vulnerability in markdown

This is an updated blacklist patch to fix https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2007. No text is removed. Dangerous schemes/protocols and invalid URIs are left intact but not linked.

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23153

See merge request !2015

Signed-off-by: Rémy Coutable <remy@rymai.me>
Merge branch 'issue_23548_dev' into 'master' 2016-11-09T11:25:17+00:00 Douwe Maan douwe@gitlab.com 2016-11-01T20:18:51+00:00 bf061d0aff091a73611037b811cea2d3380962f4 disable markdown in comments when referencing disabled features fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23548 This MR prevents the following references when tool is disabled: - issues - snippets - commits - when repo is disabled - commit range - when repo is disabled - milestones This MR does not prevent references to repository files, since they are just markdown links and don't leak information. See merge request !2011 Signed-off-by: Rémy Coutable <remy@rymai.me> 
disable markdown in comments when referencing disabled features

fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23548

This MR prevents the following references when tool is disabled:

- issues
- snippets
- commits - when repo is disabled
- commit range - when repo is disabled
- milestones

This MR does not prevent references to repository files, since they are just markdown links and don't leak
information.

See merge request !2011

Signed-off-by: Rémy Coutable <remy@rymai.me>
Merge branch '22481-honour-issue-visibility-for-groups' into 'security' 2016-11-09T11:24:13+00:00 Douwe Maan douwe@gitlab.com 2016-10-26T17:34:06+00:00 79d94b167999544086db235602a9213a2d37831e Honour issue and merge request visibility in their respective finders This MR fixes a security issue with the IssuesFinder and MergeRequestFinder where they would return items the user did not have permission to see. This was most visible on the issue and merge requests page for a group containing projects that had set their issues or merge requests to "private". Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22481 See merge request !2000 

Honour issue and merge request visibility in their respective finders

This MR fixes a security issue with the IssuesFinder and MergeRequestFinder where they would return items the user did not have permission to see. This was most visible on the issue and merge requests page for a group containing projects that had set their issues or merge requests to "private".

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22481

See merge request !2000
 Merge branch 'improve-build-scroll-controls-responsive-behaviour' into 'master' 2016-11-08T21:41:48+00:00 Fatih Acet acetfatih@gmail.com 2016-11-08T21:41:48+00:00 b624e45126c635ebf3312f33ecf82e2824a6a07d Improved build page scroll UX ## What does this MR do? This MR smoothes the UX of the builds page by more effectively affixing the scroll step buttons. It also ensures the scroll step buttons are always in view, even if the sidemenu is open. It also moves the autoscroll button into the same container as the scroll buttons. ## Are there points in the code the reviewer needs to double check? ## Why was this MR needed? The build scroll buttons are always in unpredictable places and are often hidden behind sidemenus. ## Screenshots (if relevant) ![2016-09-08_17.43.58](/uploads/49cb9ad5ef2764453afaa405af7111b2/2016-09-08_17.43.58.gif) ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Contributes #21832 See merge request !6270 

Improved build page scroll UX

## What does this MR do?

This MR smoothes the UX of the builds page by more effectively affixing the scroll step buttons.

It also ensures the scroll step buttons are always in view, even if the sidemenu is open.

It also moves the autoscroll button into the same container as the scroll buttons.

## Are there points in the code the reviewer needs to double check?

## Why was this MR needed?

The build scroll buttons are always in unpredictable places and are often hidden behind sidemenus.

## Screenshots (if relevant)

![2016-09-08_17.43.58](/uploads/49cb9ad5ef2764453afaa405af7111b2/2016-09-08_17.43.58.gif)

## Does this MR meet the acceptance criteria?

- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
  - [ ] Added for this feature/bug
  - [ ] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

## What are the relevant issue numbers?

Contributes #21832

See merge request !6270
 Merge branch 'upgrade-timeago' into 'master' 2016-11-08T20:06:54+00:00 Fatih Acet acetfatih@gmail.com 2016-11-08T20:06:54+00:00 9eb9d05b454a59fbe09e122d64935d1842206bc7 Replace jQuery.timeago with timeago.js ## What does this MR do? Replaces jQuery.timeago with [timeago.js](https://github.com/hustcc/timeago.js) ## Are there points in the code the reviewer needs to double check? * Check to make sure its working everywhere :smile: * Check to make sure the timeago wording matches what we have now (I think I've got this down but an extra pair of :eyes: would help too) ## Why was this MR needed? * The jQuery.timeago version we have is outdated * timeago.js is smaller (7.19 KB => 4.52 KB) * timeago.js has no jQuery dependency * removes all inline javascript :crossed_swords: for timeago ## Screenshots (if relevant) None ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - Tests - [x] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #21793 See merge request !6274 

Replace jQuery.timeago with timeago.js

## What does this MR do?
Replaces jQuery.timeago with [timeago.js](https://github.com/hustcc/timeago.js)

## Are there points in the code the reviewer needs to double check?

*  Check to make sure its working everywhere :smile: 
*  Check to make sure the timeago wording matches what we have now (I think I've got this down but an extra pair of :eyes: would help too)

## Why was this MR needed?

*  The jQuery.timeago version we have is outdated
*  timeago.js is smaller (7.19 KB => 4.52 KB)
* timeago.js has no jQuery dependency
* removes all inline javascript :crossed_swords:  for timeago

## Screenshots (if relevant)
None

## Does this MR meet the acceptance criteria?

- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- Tests
  - [x] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

## What are the relevant issue numbers?
Closes #21793

See merge request !6274
 Merge branch 'faster_project_search' into 'master' 2016-11-08T15:29:56+00:00 Sean McGivern sean@mcgivern.me.uk 2016-11-08T15:29:56+00:00 0108387053ac78bb2354511950fb5847a033e5d5 Faster search inside Project See merge request !7353 

Faster search inside Project

See merge request !7353
 Merge branch 'fix-new-branch-button-spec' into 'master' 2016-11-08T15:21:47+00:00 Sean McGivern sean@mcgivern.me.uk 2016-11-08T15:21:47+00:00 358e8141cdcef5b4fae6554a89576c7837e102d6 Fix new branch button spec Closes #24089. See merge request !7284 

Fix new branch button spec

Closes #24089.

See merge request !7284