James Moger
|
f7174e6984
|
Merge branch 'ticket/164' into develop
|
9 years ago |
James Moger
|
f9c661ef5d
|
Merged #164 "Sanitize page parameters for XSS vulerabilities"
|
9 years ago |
James Moger
|
7fdc298cf0
|
Apply the relaxed XSS filter to Markdown commit messages
|
9 years ago |
James Moger
|
11a1739389
|
Enforce relaxed XSS filtering on markup documents
|
9 years ago |
James Moger
|
209dbdd49a
|
Implement a SafeTextModel and use that for fields vulnerable to XSS
|
9 years ago |
James Moger
|
dfaf1fc1f6
|
XSS sanitize standard page url parameters
|
9 years ago |
James Moger
|
fc3a39d464
|
Create infrastructure for XSS sanitization
|
9 years ago |
James Moger
|
90eb5a08dd
|
Merged #167 "Do not let new forks inadvertently disclose repository contents"
|
9 years ago |
James Moger
|
b8a44784ba
|
Merge branch 'ticket/167' into develop
|
9 years ago |
James Moger
|
a08e6f9586
|
New forks shall respect the source repository access restriction
If the source repository access restriction exceeds the fork default (push)
then the fork shall inherit the source repository access restriction.
|
9 years ago |
James Moger
|
30dc4e420a
|
Merged #166 "Fix XRF vulnerability"
|
9 years ago |
James Moger
|
cf9f80f5d5
|
Merge branch 'ticket/166' into develop
|
9 years ago |
James Moger
|
71647a6587
|
Specify response header X-Frame-Options SAMEORIGIN for generated pages
|
9 years ago |
James Moger
|
fcfcd84f3f
|
Merged #165 "Fix flash security risk"
|
9 years ago |
James Moger
|
668a0d65fe
|
Merge branch 'ticket/165' into develop
|
9 years ago |
James Moger
|
f9ce9fa1be
|
Change Clippy's script access attribute
|
9 years ago |
James Moger
|
f422bc80b9
|
Merged #163 "Raw servlet fails with long project names"
|
9 years ago |
James Moger
|
884fd0d193
|
Merge branch 'ticket/163' into develop
|
9 years ago |
James Moger
|
0a73abb640
|
Fix NPE in raw servlet for long project names
|
9 years ago |
James Moger
|
3fd7928921
|
Merged #162 "Allow plugins and extensions to be injected"
|
9 years ago |
James Moger
|
22ed6a50dd
|
Allow Plugins to have injected members and Extensions to be constructed
|
9 years ago |
James Moger
|
426f5c1729
|
Merged #158 "Update Jetty version to 9.2.2"
|
9 years ago |
James Moger
|
3b7f58e158
|
Merged #159 "Update lucene version to 4.10"
|
9 years ago |
David Ostrovsky
|
98bf620048
|
Update jetty version to 9.2.2
|
9 years ago |
James Moger
|
3a4470aa44
|
Bump the index version and update the LuceneVersion
|
9 years ago |
David Ostrovsky
|
140e54bf10
|
Update lucene version to 4.10
|
9 years ago |
James Moger
|
6561f63e57
|
Merged #156 "Update stable 1.6.x SSHD to 0.11.1-atlassian-1"
|
9 years ago |
James Moger
|
10643e1a0a
|
Update to SSHD 0.11.1-atlassian1
|
9 years ago |
James Moger
|
d70c51d1c7
|
Merged #155 "Update SSHD version to 0.12"
|
9 years ago |
David Ostrovsky
|
b331474798
|
Update SSHD version to 0.12
Also switch back to Maven Central repository.
|
9 years ago |
James Moger
|
f1f4197727
|
Merged #154 "Raw servlet returns 0-length files instead of 404s"
|
9 years ago |
James Moger
|
248b7172cd
|
Merge branch 'ticket/154' into develop
|
9 years ago |
James Moger
|
846ee5329f
|
Fix raw serving of files/directories that do not exist in a branch/ref
|
9 years ago |
James Moger
|
a83841169a
|
Merged #153 "Quote all Lucene query args that have non-alphanumeric characters"
|
9 years ago |
James Moger
|
5a4ac53238
|
Merge branch 'ticket/153' into develop
|
9 years ago |
James Moger
|
a4fa1b996b
|
Quote all Lucene query args that have non-alphanumeric characters
|
9 years ago |
James Moger
|
4a17b9332b
|
Merged #152 "NPEs when handling tickets with non-existent milestones"
|
9 years ago |
James Moger
|
21fe98ebf8
|
Merge branch 'ticket/152' into develop
|
9 years ago |
James Moger
|
270e9e7628
|
Fix NPEs when handling referenced milestones that do not exist
|
9 years ago |
James Moger
|
624a7215a6
|
Merged #151 "Treat UTF-9 and UTF-18 (fake) encodings as UTF-8"
|
9 years ago |
James Moger
|
6b76d4fb30
|
Merge branch 'ticket/151' into develop
|
9 years ago |
James Moger
|
e685ba747e
|
Alias UTF-9 and UTF-18 as UTF-8 in JGit
|
9 years ago |
James Moger
|
3a91641383
|
Merged #150 "Edit repo drops missing owners from owners list"
|
9 years ago |
James Moger
|
29183e1b83
|
Merge branch 'ticket/150' into develop
|
9 years ago |
James Moger
|
dd2dc35d6b
|
Do not drop missing owners from owners palette
|
9 years ago |
James Moger
|
ddcebbd982
|
Merged #149 "Repo creation with initial commit fails if user does not have an email address"
|
9 years ago |
James Moger
|
8679276033
|
Merge branch 'ticket/149' into develop
|
9 years ago |
James Moger
|
2da1f2eae6
|
Create email address for a user if unset for repo creation
|
9 years ago |
James Moger
|
9951ffbead
|
Merged #148 "Do not stamp raw servlet responses with cache-control headers"
|
9 years ago |
James Moger
|
8d9750ef65
|
Merge branch 'ticket/148' into develop
|
9 years ago |