Commit message Age Author Refs
r2998:77ccbdd4
docs: added release notes for 4.13
0
r2997:7055da7c
config: updated docstrings in .ini files
0
r2996:7441eff4
forks: prevent XSS in datagrid of forks data.
0
r2995:c4ee2d0b
pull-requests: added missing escapeMarkup.
0
r2994:6936fe23
changelog: escape the graph branch name to prevent XSS.
0
r2993:97626a52
file-renderer: escape alt text to prevent XSS on binary files with bad filenames.
0
r2992:63458594
bleach: moved clean out of the catch context, so we no longer allow sanitizer to be bypassed. - in addition we bumped bleach to fix the error that allowed bypass
0
r2991:6b51e9a4
permissions-summary: skip branch permission entries that are leaking private repository names, and fix counters.
0
r2990:059d659b
user: forbid manage of emails for external accounts. - e.g LDAP accounts shouldn't allow to add additional emails.
0
r2989:daff214b
branch-permission: css/ui changes.
0
< 1 .. 4 5 6 7 8 .. 305 >