gitlab-org--gitlab-foss/changelogs/unreleased
Jan Provaznik 5091cc4f77 Merge branch 'security-2717-fix-issue-title-xss' into 'master'
[master] Escape issue title while template rendering to prevent XSS

See merge request gitlab/gitlabhq!2556
2018-10-29 16:11:01 +00:00
..
.gitkeep
21970-fix-bamboo-results.yml Correctly process Bamboo API results 2018-10-19 10:22:55 +02:00
22311-fix-duplicated-key-in-license-management-job.yml add changelog entry 2018-10-13 07:12:54 +00:00
26723-discussion-filters.yml Resolve "Filter discussion (tab) by comments or activity in issues and merge requests" 2018-10-23 09:49:45 +00:00
32959-update-todo-icon.yml Update Todo icons in collapsed sidebar for Issues and MRs 2018-10-23 11:50:41 +00:00
37727-fix-file-delete-redirect.yml Resolve "In web editor, when delete a file, should navigate to enclosing directory" 2018-10-17 10:27:58 +00:00
38304-username-API-call-case-sensitive.yml Make getting a user by the username case insensitive 2018-10-18 09:06:44 +00:00
42611-removed-branch-link.yml
43422-Update-images-in-group-docs.yml Revised images in group docs to address gitlab-org/gitlab-ce#43422 2018-10-18 20:07:09 +00:00
46884-remove-card-title.yml Remove .card-title from .card-header for BS4 migration 2018-10-19 22:50:34 +09:00
48494-fix-merge-request-buttons-spacing.yml Resolve "Merge request buttons spacing incorrect" 2018-10-08 12:04:48 +00:00
48684-sort-projects-by-stars-in-groups.yml Add new sort option "most_stars" to "Group > Children" pages 2018-10-11 14:14:44 +00:00
48731-show-empty-state-on-wiki-only-projects.yml Show wiki empty state layout on wiki-only project overview page 2018-10-18 12:24:09 +00:00
48889-message-for-were-merged-into.yml Only display merge commit SHA when it exists 2018-10-15 07:56:29 +00:00
49417-improve-settings-pages-design-by-prioritizing-content-group-settings.yml Prioritize group settings, improve panel titles, disable submit without changes 2018-10-15 13:36:19 +00:00
49591-use-cached-readme-blobs.yml Use cached readme blobs where appropriate 2018-10-17 16:24:36 +01:00
50185-fix-broken-file-name-navigation.yml Fix broken file name navigation on MRs 2018-10-11 22:32:28 +00:00
50728-re-arrange-help-related-user-menu-items-into-new-help-menu.yml Resolve "Re-arrange help-related user menu items into new Help menu" 2018-10-18 13:27:04 +00:00
50904-job-log.yml Resolve "Integrate new vue+vuex code base with new API and remove old haml code" 2018-10-17 10:34:19 +00:00
51386-broken-border-reports.yml Fixes broken borders in reports section MR widget 2018-10-17 11:49:27 +01:00
51527-xss-in-mr-source-branch.yml Fix XSS in MR source branch name 2018-10-12 16:58:08 -05:00
51716-add-kubernetes-namespace-model.yml Add Clusters::KubernetesNamespace model 2018-10-22 09:54:00 -05:00
51955-change-single-item-breadcrumbs-to-page-titles.yml Change single-item breadcrumbs to page titles 2018-10-19 22:33:48 +08:00
51972-prometheus-not-showing-as-installed-even-though-it-is.yml Show available clusters when installed or updated 2018-10-16 09:16:43 +02:00
52059-filter-milestone-by-none-any.yml Add Any option to milestone filter 2018-10-23 09:56:56 +00:00
52147-loading-state.yml Fixes styling issues in test reports 2018-10-11 11:09:49 +01:00
52193-Pipeline-graph-is-not-vertically-aligned-in-commit-page.yml fix vertical alignment in commit page 2018-10-08 17:20:30 +02:00
52202-consider-moving-isjobstuck-verification-to-backend.yml Move job stuck status to backend 2018-10-25 11:53:00 +00:00
52299-follow-up-from-resolve-add-status-message-from-within-user-menu.yml Adjust size and alignment of emojis of user status in user menu 2018-10-19 12:28:52 +00:00
52353-keyboard-navigation-project-slug-is-not-focused-on-new-project-page.yml Focus project slug on tab navigation 2018-10-08 19:09:08 +02:00
52367-cleanup-web-hooks-columns.yml Remove unencrypted webhook token and URL columns 2018-10-09 11:15:02 +01:00
52408-pip-cache-dir-to-cache-python-dependencies.yml Use the standard PIP_CACHE_DIR for Python dependency caching template 2018-10-09 14:54:51 +09:00
52421-show-canary-no-canary-in-the-performance-bar.yml Show if the host is a canary host in the perf bar 2018-10-12 12:37:18 +01:00
52477-add-iid-headers-to-emails.yml Add IID headers to E-Mail notifications 2018-10-16 14:54:18 +02:00
52527-harden-wiki-against-missing-last-version.yml Harden the wiki against missing last_versions 2018-10-17 13:24:52 +01:00
52559-applications-api-get-delete.yml Add changelog !22296 2018-10-12 09:31:22 +09:00
52686-project-slug-does-not-auto-populate-in-ie11.yml Use literal instead of constructor for creating regex 2018-10-15 15:32:47 +02:00
52692-catch-redirect-loops.yml Catch RedirectionTooDeep Exception in webhooks 2018-10-19 05:55:06 +00:00
52772-assign-me-quick-action-doesn-t-work-if-there-is-extra-white-space.yml Resolve "/assign me quick action doesn't work if there is extra white space" 2018-10-19 21:01:39 +00:00
52840-fix-runners-details-page.yml Add CHANGELOG entry 2018-10-22 16:29:09 +02:00
52886-fix-broken-master.yml Fixes broken test in master for ci status bagde 2018-10-18 15:09:06 +01:00
53013-duplicate-escape.yml Removes escape from job item 2018-10-23 16:02:36 +01:00
53023-endless-scroll-loader-is-visible-on-user-profile-overview-page.yml Resolve "Endless scroll loader is visible on user profile overview page" 2018-10-24 06:25:46 +00:00
53055-combine-date-util-functions.yml Add changelog entry 2018-10-25 15:12:12 +05:30
53070-fix-enable-usage-ping-link.yml Fix usage ping link 2018-10-24 17:31:09 +00:00
add-gl-link-to-markdown-header.yml Change markdown header tab anchor links to buttons 2018-10-19 11:35:33 +00:00
add-new-kubernetes-spec-helpers.yml Introduce new kubernetes spec helpers 2018-10-22 17:09:12 -05:00
add-role-binding-to-kubeclient.yml Add RoleBinding methods 2018-10-22 17:16:14 -05:00
blackst0ne-bump-mermaid.yml Bump mermaid to 8.0.0-rc.8 2018-10-22 13:38:53 +11:00
bvl-merge-base-multiple-revisions.yml Allow getting the merge base of multiple revisions 2018-10-12 11:41:22 +02:00
ccr-43034_issues_controller_100_queries.yml Add preload in issues controller 2018-10-18 18:43:50 -07:00
change-branch-font-type-in-tag-creation.yml Change branch font type in tag creation 2018-10-22 15:52:24 +03:00
da-fix-does-not-import-projects-over-ssh.yml Does not allow an import_url with SSH protocol 2018-10-15 19:03:40 -03:00
diff-stats-perf-bar.yml Fixes diff stats not being visible with performance bar 2018-10-16 11:54:44 +01:00
drop-allow_overflow-option-duration_in_numbers.yml Add changelog 2018-10-18 15:11:12 +09:00
enable-frozen-string-lib-gitlab.yml Enable some frozen string in lib/gitlab 2018-10-13 02:31:31 -07:00
even-more-frozen-string-lib.yml Enable even more frozen string in lib/**/*.rb 2018-10-08 11:16:49 -07:00
fe-ac-review-app-changes-33418.yml Frontend: Review app changes 2018-10-22 08:31:24 +00:00
feature-gb-improve-include-config-errors-reporting.yml Add changelog for include error reporting improvements 2018-10-18 14:17:43 +02:00
feature-improved-branch-filter-sorting.yml Feature improved branch filter sorting 2018-10-11 14:25:30 +00:00
fix-base64-encoded-file-uploads.yml Remove base64 encoding from files that contain plain text 2018-10-22 08:28:36 +00:00
Fix-pipeline-redirect.yml Redirect to the pipeline builds page when a build is canceled 2018-09-17 14:04:16 +02:00
fj-52406-wiki-file-content-disposition.yml Fixed bug with the content disposition with wiki attachments 2018-10-17 15:47:05 +00:00
fl-update-svgs.yml Updates gitlab-svg dependency 2018-10-12 12:57:23 +02:00
frozen-string-enable-lib-gitlab.yml Enable frozen string for lib/gitlab/*.rb 2018-10-22 07:00:50 +00:00
gt-add-transparent-background-to-markdown-header-tabs.yml Add transparent background to markdown header tabs 2018-10-24 15:02:46 +03:00
gt-remove-empty-spec-describe-blocks.yml Change branch font type in tag creation 2018-10-22 15:52:24 +03:00
gt-remove-prometheus-configuration-help-text.yml Remove prometheus configuration help text 2018-10-17 10:48:32 +03:00
gt-update-environments-empty-state.yml Update environments empty state 2018-10-17 14:25:22 +03:00
gt-update-wiki-empty-state.yml Update wiki empty state 2018-10-09 12:15:27 +03:00
ide-file-templates-clear.yml Fixed file templates not clearing in Web IDE 2018-10-15 10:02:40 +01:00
issue_49936.yml Allow JIRA to login using email and API token 2018-10-17 10:46:06 +00:00
jivl-fix-bar-char-transient-spec-failure.yml Fix transient failure from the bar_chart.vue component 2018-10-19 10:16:41 -05:00
lfs-project-attribute-alias.yml Alias the lfs_enabled method 2018-10-22 12:55:49 -05:00
more-frozen-string-enable-lib.yml Enable more frozen string in lib/**/*.rb 2018-10-06 17:02:50 -07:00
mr-creation-source-project-filtering.yml Fixed source projects not filtering 2018-10-22 10:29:46 +01:00
mr-file-list.yml Updated file tree icon 2018-10-23 09:12:38 +01:00
mr-file-tree-inline-fluid-width-fix.yml Fixed merge request fill tree not respecting fluid width 2018-10-19 10:37:42 +01:00
rails5-fix-delete-blob.yml Rails5: fix delete blob 2018-10-18 18:08:26 +02:00
rails5-fix-deployment-spec.yml Rails5: fix deployment model spec 2018-10-17 19:02:39 +02:00
rails5-mysql-schedule-build.yml Rails 5: fix mysql milliseconds problems in scheduled build specs 2018-10-06 14:13:13 +02:00
rails5-user-status-spec.yml Rails5: fix user edit profile clear status spec 2018-10-06 13:48:45 +02:00
redact-links-dev.yml Redact unsubscribe links in issuable texts 2018-10-23 21:20:20 +02:00
rename-scheduled-label-badges.yml Rename "scheduled" label/badge of delayed jobs to "delayed" 2018-10-19 16:28:41 +00:00
replace-i-to-icons-in-vue-components.yml Replace <i> in vue components with <icon> 2018-10-15 18:35:00 +00:00
security-2717-fix-issue-title-xss.yml Add changelog entry 2018-10-19 16:04:28 +05:30
security-51113-hash_personal_access_tokens.yml [master] Persist only SHA digest of PersonalAccessToken#token 2018-10-29 16:06:45 +00:00
sh-add-audit-logging-json-ce.yml Add support for JSON logging for audit events 2018-10-18 15:59:12 -07:00
sh-associate-rakefile-ruby.yml Associate Rakefile with Ruby icon in diffs 2018-10-13 21:25:36 -07:00
sh-fix-commit-signatures-error.yml Fix commit signature error when project is disabled 2018-10-15 10:18:04 -07:00
sh-fix-hipchat-ssrf.yml Prevent SSRF attacks in HipChat integration 2018-10-02 23:04:37 -04:00
sh-fix-wiki-security-issue-53072.yml Validate Wiki attachments are valid temporary files 2018-10-23 20:47:38 -07:00
sh-handle-invalid-comparison.yml Reject invalid branch names in repository compare controller 2018-10-08 13:32:31 -07:00
sh-pages-eof-error.yml Fix EOF detection with CI artifacts metadata 2018-10-18 23:15:24 -07:00
sh-remove-koding.yml Remove Koding integration and documentation 2018-10-12 22:18:51 -07:00
sh-strip-github-pat-whitespace.yml Strip whitespace around GitHub personal access tokens 2018-10-17 13:16:31 -07:00
support-license-management-and-performance.yml Support licenses and performance 2018-10-22 10:20:12 +02:00
test-usage-ping-in-timeout-case.yml Fix image webhook rewriting for uploads 2018-10-16 10:54:49 +01:00
update-readme-ruby-version.yml Adding changelog entry 2018-10-18 10:40:45 -04:00
update-runner-chart-to-0-1-34.yml Update used version of Runner Helm Chart to 0.1.34 2018-10-19 14:38:32 +00:00
update-runner-chart-to-0-1-35.yml Update Runner Chart to 0.1.35 2018-10-23 14:02:55 +00:00
use-raw-file-format.yml Make all legacy security reports to use raw format 2018-10-16 13:51:49 +02:00
zj-circuit-breaker-removal.yml Remove Git circuit breaker 2018-10-10 09:08:18 +02:00
zj-remove-linguist.yml Remove dependencies on Linguist 2018-10-12 17:17:30 -07:00