Commit message
Age
Author
Refs
r2998:77ccbdd4
docs: added release notes for 4.13
Tue, 04 Sep 2018 07:03:12
r2997:7055da7c
config: updated docstrings in .ini files
Mon, 03 Sep 2018 11:43:33
r2996:7441eff4
forks: prevent XSS in datagrid of forks data.
Mon, 03 Sep 2018 10:18:46
r2995:c4ee2d0b
pull-requests: added missing escapeMarkup.
Sat, 01 Sep 2018 01:04:49
r2994:6936fe23
changelog: escape the graph branch name to prevent XSS.
Sat, 01 Sep 2018 00:50:29
r2993:97626a52
file-renderer: escape alt text to prevent XSS on binary files with bad filenames.
Sat, 01 Sep 2018 00:38:56
r2992:63458594
bleach: moved clean out of the catch context, so we no longer allow sanitizer to be bypassed.
- in addition we bumped bleach to fix the error that allowed bypass
Fri, 31 Aug 2018 23:53:20
r2991:6b51e9a4
permissions-summary: skip branch permission entries that are leaking private repository names, and fix counters.
Fri, 31 Aug 2018 11:25:02
r2990:059d659b
user: forbid manage of emails for external accounts.
- e.g LDAP accounts shouldn't allow to add additional emails.
Fri, 31 Aug 2018 10:56:34
r2989:daff214b
branch-permission: css/ui changes.
Fri, 31 Aug 2018 08:12:28