Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-13 00:45:44 +01:00
Code Issues Packages Projects Releases Activity
6,741 Commits 32 Branches 207 Tags
cbfa751a05e4b5e369b9f20e292953b04c6d94e4
Commit Graph

1149 Commits

Author SHA1 Message Date
Sebastian Sdorra
8aaa67cd6a #970 inspect mercurial commands in order to detect write requests 
The HgPermissionFilter will now inspect the used mercurial command, of all requests which are using a read method like GET, HEAD, OPTIONS or TRACE and tread every one as write request, expect:
- no command was specified with the request (this is required for the hgweb ui)
- the command in the query string was found in the list of read commands
- if query string contains the batch command, then all commands specified in X-HgArg headers must be in the list of read commands
This change is required, in order to fix CVE-2018-1000132 for SCM-Manager.
 2018-03-29 20:26:56 +02:00
Sebastian Sdorra
e7dd54c133 #970 added ngrep dumps for mercurial wire protocol and more realistic tests for isWriteRequest 2018-03-29 10:21:34 +02:00
Sebastian Sdorra
7d94b03a04 #959 added option to disable ssl validation for scm mercurial hook 2018-02-23 08:44:22 +01:00
Sebastian Sdorra
d21a28fa0b [maven-release-plugin] prepare for next development iteration 2018-02-09 08:14:35 +01:00
Sebastian Sdorra
b64d41f3c9 [maven-release-plugin] prepare release 1.57 2018-02-09 08:14:34 +01:00
Sebastian Sdorra
9dd25b334a treat update of a git tag as delete and create for hooks 2018-02-07 11:24:53 +01:00
Sebastian Sdorra
0ff9b255c3 [maven-release-plugin] prepare for next development iteration 2018-01-15 14:51:11 +01:00
Sebastian Sdorra
f66221e566 [maven-release-plugin] prepare release 1.56 2018-01-15 14:51:10 +01:00
Sebastian Sdorra
712c14f910 [maven-release-plugin] prepare for next development iteration 2017-11-02 09:21:42 +01:00
Sebastian Sdorra
fd047c1170 [maven-release-plugin] prepare release 1.55 2017-11-02 09:21:42 +01:00
Gábor Stefanik
77eea15417 oops... don't interpret "close=junk" as "close=1" 2017-09-18 12:34:50 +00:00
Gábor Stefanik
14ee6ef0d6 prevent binary data in {extras} from interfering with UTF-8 decoding 2017-09-18 12:30:20 +00:00
Sebastian Sdorra
785e1b12a9 fixed update of git repositories with empty git default branch, see issue #903 2017-07-07 19:09:46 +02:00
Sebastian Sdorra
b17a23ddc8 added option to disallow non fast-forward git pushes 2017-07-06 10:13:11 +02:00
Sebastian Sdorra
3637a8de20 switch from jersey 1.x to resteasy 2017-06-27 20:16:05 +02:00
Sebastian Sdorra
aec3d5d65d merge with branch 1.x 2017-06-25 19:01:33 +02:00
Sebastian Sdorra
07a1c8b151 [maven-release-plugin] prepare for next development iteration 2017-06-06 11:39:35 +02:00
Sebastian Sdorra
fd02f4c068 [maven-release-plugin] prepare release 1.54 2017-06-06 11:39:34 +02:00
Sebastian Sdorra
b7568ea919 introducing new ExtensionPoint for repository path matching 
The new ExtensionPoint was introduced to  remove the tight coupling between the DefaultRepositoryManager and the GitRepositoryHandler.
Git has now its own RepositoryPathMatcher which allow the matching of repository with .git or without .git extension.
 2017-06-06 10:46:44 +02:00
Sebastian Sdorra
58035845ce improve GitRepositoryResolver to allow requests to repositories which ends with .git, the resolver will automatically remove the .git extension and resolves the repository 2017-06-06 10:43:29 +02:00
Sebastian Sdorra
6eb480fe84 git repository client should return the work tree as working copy instead of .git directory 2017-06-06 10:41:36 +02:00
Sebastian Sdorra
b51fba2282 fix repository browsing with mercurial 4.x 2017-06-06 08:14:04 +02:00
Sebastian Sdorra
a59c352e2d update jgit to v4.5.2.201704071617-r-scm1 2017-06-01 18:03:12 +02:00
Sebastian Sdorra
1effc9c29b remove all items from lfs blob store, if the corresponding repository was removed 2017-06-01 17:28:59 +02:00
Sebastian Sdorra
2a8cfc00d8 use pattern and matcher instead of string matches, to improve performance 2017-06-01 16:27:20 +02:00
Sebastian Sdorra
d9486ba8ba improve git client detection at GitPermissionFilter to include jgit 2017-06-01 16:08:07 +02:00
Sebastian Sdorra
ee4a19365e fix possible stackoverflow in git request handling 2017-06-01 16:07:18 +02:00
Sebastian Sdorra
2af11b1f9c relax git lfs write request check and improved tests for GitPermissionFilter 2017-06-01 10:11:42 +02:00
Sebastian Sdorra
880b0499e8 use uri to decide type of request instead of user-agent 2017-05-30 14:10:43 +02:00
Sebastian Sdorra
8b92175fbc improved structure of GitUserAgentProvider and added more unit tests 2017-05-30 12:05:01 +02:00
Sebastian Sdorra
964973d8f7 added jgit detection to GitUserAgentProvider, to fix integration tests 2017-05-30 09:48:12 +02:00
Sebastian Sdorra
f6318a3b58 fix missing commit of blob after lfs push 2017-05-30 09:21:50 +02:00
Oliver Milke
33ea2273b0 Add git-lfs support 2017-05-19 17:27:18 +02:00
Oliver Milke
9b932a325e refactor git repository matching for accepting optional .git suffix 2017-05-19 17:27:48 +02:00
Sebastian Sdorra
5cae7ab35a [maven-release-plugin] prepare for next development iteration 2017-05-17 08:36:55 +02:00
Sebastian Sdorra
95bc7607c4 [maven-release-plugin] prepare release 1.53 2017-05-17 08:36:54 +02:00
Sebastian Sdorra
1d1e239d64 [maven-release-plugin] prepare for next development iteration 2017-05-10 09:46:54 +02:00
Sebastian Sdorra
68903ea5af [maven-release-plugin] prepare release 1.52 2017-05-10 09:46:54 +02:00
Sebastian Sdorra
de5e1084e9 remove jgit repository, because it is not longer required 2017-05-09 10:44:26 +02:00
Sebastian Sdorra
1b16613840 [maven-release-plugin] prepare for next development iteration 2017-02-09 13:33:00 +01:00
Sebastian Sdorra
da3a8b7cd3 [maven-release-plugin] prepare release 1.51 2017-02-09 13:32:59 +01:00
Sebastian Sdorra
812a477287 merge with 1.x branch 2017-02-07 09:34:56 +01:00
Sebastian Sdorra
05384dd017 #889 fix wrong subversion urls behind a reverse proxy 2017-02-06 16:10:18 +01:00
Sebastian Sdorra
7865e75c2a update svnkit to version 1.8.14-scm1 in order to support subversion 1.9 new fsfs repository format 2017-02-06 15:52:24 +01:00
Sebastian Sdorra
5738fa2d66 redesign bearer tokens 2017-01-17 15:54:32 +01:00
Sebastian Sdorra
df6d9dacf8 implement LoginAttemptHandler for scm-manager 2 2017-01-15 20:27:06 +01:00
Sebastian Sdorra
3536c29908 added DAORealmHelperFactory to simplify the creation of dao based realms 2017-01-15 12:50:29 +01:00
Sebastian Sdorra
f142e1a83f merge with branch 1.x 2017-01-14 13:25:25 +01:00
Sebastian Sdorra
7e6f4e1a7f fix some warning and removed some unused imports 2017-01-14 12:05:53 +01:00
Sebastian Sdorra
c149b180a1 use newer repository client api 2017-01-14 11:48:42 +01:00