root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
111,846 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

63 Commits

Author SHA1 Message Date
GitLab Bot 191f3b52a9 Add latest changes from gitlab-org/gitlab@master 2023-11-13 15:13:52 +00:00
GitLab Bot 576bba90f9 Add latest changes from gitlab-org/gitlab@master 2023-09-26 09:11:27 +00:00
GitLab Bot bf53a3fd78 Add latest changes from gitlab-org/gitlab@master 2023-09-19 03:09:45 +00:00
GitLab Bot 7c5f1bfac7 Add latest changes from gitlab-org/gitlab@master 2023-07-28 18:11:01 +00:00
GitLab Bot fe0260eaa3 Add latest changes from gitlab-org/gitlab@master 2023-05-16 03:07:16 +00:00
GitLab Bot 15e5a05bcd Add latest changes from gitlab-org/gitlab@master 2023-04-25 00:08:36 +00:00
GitLab Bot 0a6f65ec4b Add latest changes from gitlab-org/gitlab@master 2023-04-17 09:16:42 +00:00
GitLab Bot 8099b2824b Add latest changes from gitlab-org/gitlab@master 2023-03-22 15:08:21 +00:00
GitLab Bot a48f9b5872 Add latest changes from gitlab-org/gitlab@master 2023-03-22 09:08:32 +00:00
GitLab Bot ce97c89886 Add latest changes from gitlab-org/gitlab@master 2023-03-15 15:08:30 +00:00
GitLab Bot a74ca2457e Add latest changes from gitlab-org/gitlab@master 2023-03-09 09:08:36 +00:00
GitLab Bot 8ec004d6d8 Add latest changes from gitlab-org/gitlab@master 2023-03-06 21:12:45 +00:00
GitLab Bot 173b547fb9 Add latest changes from gitlab-org/gitlab@master 2023-03-03 03:08:02 +00:00
GitLab Bot 3c4d101de0 Add latest changes from gitlab-org/gitlab@master 2023-03-02 18:12:20 +00:00
GitLab Bot d3eb1e90a5 Add latest changes from gitlab-org/gitlab@master 2023-02-28 06:10:17 +00:00
GitLab Bot ddfa6a1f19 Add latest changes from gitlab-org/gitlab@master 2023-02-10 21:08:12 +00:00
GitLab Bot 0d55697d64 Add latest changes from gitlab-org/gitlab@master 2022-12-13 15:07:56 +00:00
GitLab Bot 04af78083e Add latest changes from gitlab-org/gitlab@master 2022-12-05 18:07:34 +00:00
GitLab Bot a3759fc2e1 Add latest changes from gitlab-org/gitlab@master 2022-12-03 06:07:06 +00:00
GitLab Bot c793bb6303 Add latest changes from gitlab-org/gitlab@master 2022-04-07 06:09:18 +00:00
GitLab Bot 8a55899cab Add latest changes from gitlab-org/gitlab@master 2022-03-18 00:07:43 +00:00
GitLab Bot e6ac8e40c2 Add latest changes from gitlab-org/gitlab@master 2022-03-17 03:08:05 +00:00
GitLab Bot bc835172ed Add latest changes from gitlab-org/gitlab@master 2022-02-04 00:13:53 +00:00
GitLab Bot d237ada361 Add latest changes from gitlab-org/gitlab@master 2022-01-12 00:16:35 +00:00
GitLab Bot b82d691107 Add latest changes from gitlab-org/gitlab@master 2021-10-21 03:12:55 +00:00
GitLab Bot 75a4eaade0 Add latest changes from gitlab-org/gitlab@master 2021-02-17 12:09:26 +00:00
GitLab Bot 6986c1adc2 Add latest changes from gitlab-org/gitlab@master 2021-02-15 12:09:29 +00:00
GitLab Bot d8714cf67c Add latest changes from gitlab-org/gitlab@master 2021-02-02 00:09:14 +00:00
GitLab Bot a08f8baa63 Add latest changes from gitlab-org/gitlab@master 2020-11-10 12:08:57 +00:00
GitLab Bot 4bc1e04a7a Add latest changes from gitlab-org/gitlab@master 2020-10-29 06:08:45 +00:00
GitLab Bot eb004dc626 Add latest changes from gitlab-org/gitlab@master 2020-10-27 12:08:33 +00:00
GitLab Bot 580622bdb3 Add latest changes from gitlab-org/gitlab@master 2020-03-31 18:07:42 +00:00
GitLab Bot 78fe72d153 Add latest changes from gitlab-org/gitlab@master 2020-03-16 03:09:14 +00:00
GitLab Bot 1da3754b25 Add latest changes from gitlab-org/gitlab@master 2019-10-03 21:07:29 +00:00
GitLab Bot b7dfe2ae40 Add latest changes from gitlab-org/gitlab@master 2019-09-13 13:26:31 +00:00
Francisco Javier López b4ea71f9ed Allow not resolvable urls when rebinding setting is disabled 
Now, when the dns rebinging setting is disabled, we will
allow urls that are not resolvable.
 2019-09-05 06:07:17 +00:00
Francisco Javier López 5738171aef Fix broken master because of security merge 2019-07-29 20:58:44 +00:00
Robert Speicher fe22704a20
Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq 2019-07-29 13:19:50 -05:00
Reuben Pereira e5bdcfbc9b [ADD] outbound requests whitelist 
Signed-off-by: Istvan szalai <istvan.szalai@savoirfairelinux.com>
 2019-07-24 17:59:38 +00:00
Francisco Javier López f5c1cd4898
Fix Server Side Request Forgery mitigation bypass 
When we can't resolve the hostname or it is invalid, we shouldn't
even perform the request. This fix also fixes the problem the
SSRF rebinding attack.

We can't stub feature flags outside example blocks. Nevertheless,
there are some actions that calls the UrlBlocker, that are performed
outside example blocks, ie: `set` instruction.

That's why we have to use some signalign mechanism outside the scope
of the specs.
 2019-07-15 09:21:20 +02:00
Reuben Pereira 28c76fb551 Don't use bang method when there is no safe method 
https://github.com/rubocop-hq/ruby-style-guide#dangerous-method-bang
 2019-07-12 07:04:44 +00:00
Oswaldo Ferreira a1a0f8e6b0 Add DNS rebinding protection settings 2019-05-30 10:47:57 -03:00
Douwe Maan a9bcddee4c Protect Gitlab::HTTP against DNS rebinding attack 
Gitlab::HTTP now resolves the hostname only once, verifies the IP is not
blocked, and then uses the same IP to perform the actual request, while
passing the original hostname in the `Host` header and SSL SNI field.
 2019-05-30 10:47:31 -03:00
Thong Kuah d119d3d1b2 Align UrlValidator to validate_url gem implementation. 
Renamed UrlValidator to AddressableUrlValidator to avoid 'url:' naming collision with ActiveModel::Validations::UrlValidator in 'validates' statement.
Make use of the options attribute of the parent class ActiveModel::EachValidator.
Add more options: allow_nil, allow_blank, message.
Renamed 'protocols' option to 'schemes' to match the option naming from UrlValidator.
 2019-04-11 06:29:07 +00:00
Reuben Pereira f40b5860d7 Add table and model for error tracking settings 2019-01-07 17:55:21 +00:00
James Edwards-Jones 72c0059407 Allow URLs to be validated as ascii_only 
Restricts unicode characters and IDNA deviations
which could be used in a phishing attack
 2018-12-06 15:18:18 +00:00
Steve Azzopardi a9f5b22394
Merge branch 'security-11-5-fix-webhook-ssrf-ipv6' into 'security-11-5' 
[11.5] Fix SSRF in project integrations

See merge request gitlab/gitlabhq!2611
 2018-11-28 19:14:36 -05:00
Cindy Pallares c0e5d9afee
Merge branch 'security-fj-crlf-injection' into 'master' 
[master] Fix CRLF issue in UrlValidator

See merge request gitlab/gitlabhq!2627
 2018-11-28 19:14:06 -05:00
Cindy Pallares 4bc6f2e3ac
Merge branch 'security-stored-xss-for-environments' into 'master' 
[master] Stored XSS for Environments

Closes #2727

See merge request gitlab/gitlabhq!2594
 2018-11-28 19:07:29 -05:00
Thiago Presa cc571e18d3 Merge branch 'sh-block-other-localhost' into 'master' 
Block additional localhost addresses in UrlBlocker

See merge request gitlab/gitlabhq!2487
 2018-10-25 01:05:44 +00:00