Branch: refs/heads/release_17.05 Home: https://github.com/galaxyproject/galaxy Commit: 93a8bfc7cb5e9c3395c5057910ec39d68ad787b4 https://github.com/galaxyproject/galaxy/commit/93a8bfc7cb5e9c3395c5057910ec3... Author: Nate Coraor <nate@bx.psu.edu> Date: 2017-10-19 (Thu, 19 Oct 2017) Changed paths: M config/galaxy.ini.sample M lib/galaxy/config.py M lib/galaxy/managers/folders.py M lib/galaxy/managers/libraries.py M lib/galaxy/tools/parameters/grouping.py M lib/galaxy/util/__init__.py A lib/galaxy/util/path/__init__.py A lib/galaxy/util/path/ntpath.py A lib/galaxy/util/path/posixpath.py M lib/galaxy/webapps/galaxy/api/lda_datasets.py M lib/galaxy/webapps/galaxy/api/remote_files.py M lib/galaxy/webapps/galaxy/controllers/library.py M lib/galaxy/webapps/galaxy/controllers/library_common.py M lib/galaxy/webapps/galaxy/controllers/user.py M lib/tool_shed/managers/groups.py Log Message: ----------- Security: Fix issues with path handling in libraries and in general. Commit: 0e698813a96f1ad61d797255686f69cf5e6b1280 https://github.com/galaxyproject/galaxy/commit/0e698813a96f1ad61d797255686f6... Author: Nate Coraor <nate@bx.psu.edu> Date: 2017-10-19 (Thu, 19 Oct 2017) Changed paths: M tools/data_source/data_source.py Log Message: ----------- [GX-2017-0003]: Fix for the reported issue, only allow http, https, and ftp schemes in the data_source tool. Commit: ed045cd570cf6b2198fb496852458194c8e28d6f https://github.com/galaxyproject/galaxy/commit/ed045cd570cf6b2198fb496852458... Author: Nate Coraor <nate@bx.psu.edu> Date: 2017-10-19 (Thu, 19 Oct 2017) Changed paths: M config/galaxy.ini.sample M lib/galaxy/config.py M lib/galaxy/managers/folders.py M lib/galaxy/managers/libraries.py M lib/galaxy/tools/parameters/grouping.py M lib/galaxy/util/__init__.py A lib/galaxy/util/path/__init__.py A lib/galaxy/util/path/ntpath.py A lib/galaxy/util/path/posixpath.py M lib/galaxy/webapps/galaxy/api/lda_datasets.py M lib/galaxy/webapps/galaxy/api/remote_files.py M lib/galaxy/webapps/galaxy/controllers/library.py M lib/galaxy/webapps/galaxy/controllers/library_common.py M lib/galaxy/webapps/galaxy/controllers/user.py M lib/tool_shed/managers/groups.py Log Message: ----------- Security: Fix issues with path handling in libraries and in general. Commit: 9e672f94588b8eeecee745665162fc92f0158e27 https://github.com/galaxyproject/galaxy/commit/9e672f94588b8eeecee745665162f... Author: Nate Coraor <nate@bx.psu.edu> Date: 2017-10-19 (Thu, 19 Oct 2017) Changed paths: M tools/data_source/data_source.py Log Message: ----------- [GX-2017-0003]: Fix for the reported issue, only allow http, https, and ftp schemes in the data_source tool. Commit: 1bccbefbffc02803e93913b145f4214b8eb78d54 https://github.com/galaxyproject/galaxy/commit/1bccbefbffc02803e93913b145f42... Author: Nate Coraor <nate@bx.psu.edu> Date: 2017-10-19 (Thu, 19 Oct 2017) Changed paths: M config/galaxy.ini.sample M lib/galaxy/config.py M lib/galaxy/managers/folders.py M lib/galaxy/managers/libraries.py M lib/galaxy/tools/parameters/grouping.py M lib/galaxy/util/__init__.py A lib/galaxy/util/path/__init__.py A lib/galaxy/util/path/ntpath.py A lib/galaxy/util/path/posixpath.py M lib/galaxy/webapps/galaxy/api/lda_datasets.py M lib/galaxy/webapps/galaxy/api/remote_files.py M lib/galaxy/webapps/galaxy/controllers/library.py M lib/galaxy/webapps/galaxy/controllers/library_common.py M lib/galaxy/webapps/galaxy/controllers/user.py M lib/tool_shed/managers/groups.py Log Message: ----------- Security: Fix issues with path handling in libraries and in general. Commit: 658f126e7a387c11df9b5f0a01e0b75e4d84410b https://github.com/galaxyproject/galaxy/commit/658f126e7a387c11df9b5f0a01e0b... Author: Nate Coraor <nate@bx.psu.edu> Date: 2017-10-19 (Thu, 19 Oct 2017) Changed paths: M tools/data_source/data_source.py Log Message: ----------- [GX-2017-0003]: Fix for the reported issue, only allow http, https, and ftp schemes in the data_source tool. Commit: e8a72252effa5fdd888abd0e3462dde3b5c70f6e https://github.com/galaxyproject/galaxy/commit/e8a72252effa5fdd888abd0e3462d... Author: Nate Coraor <nate@bx.psu.edu> Date: 2017-10-19 (Thu, 19 Oct 2017) Changed paths: M config/galaxy.ini.sample M lib/galaxy/config.py M lib/galaxy/managers/folders.py M lib/galaxy/managers/libraries.py M lib/galaxy/tools/parameters/grouping.py M lib/galaxy/util/__init__.py A lib/galaxy/util/path/__init__.py A lib/galaxy/util/path/ntpath.py A lib/galaxy/util/path/posixpath.py M lib/galaxy/webapps/galaxy/api/lda_datasets.py M lib/galaxy/webapps/galaxy/api/remote_files.py M lib/galaxy/webapps/galaxy/controllers/library.py M lib/galaxy/webapps/galaxy/controllers/library_common.py M lib/galaxy/webapps/galaxy/controllers/user.py M lib/tool_shed/managers/groups.py Log Message: ----------- Security: Fix issues with path handling in libraries and in general. Commit: 9f8d3ee444ad10038add204ed1c1dc11e636dd9d https://github.com/galaxyproject/galaxy/commit/9f8d3ee444ad10038add204ed1c1d... Author: Nate Coraor <nate@bx.psu.edu> Date: 2017-10-19 (Thu, 19 Oct 2017) Changed paths: M lib/galaxy/web/base/interactive_environments.py Log Message: ----------- Security: Switch GIE Popen() calls to run without shell=True to fix an ACE vulnerability. Commit: cded49354e5fba4b93432294a4518c93b51f259f https://github.com/galaxyproject/galaxy/commit/cded49354e5fba4b93432294a4518... Author: Nate Coraor <nate@bx.psu.edu> Date: 2017-10-19 (Thu, 19 Oct 2017) Changed paths: M tools/data_source/data_source.py Log Message: ----------- [GX-2017-0003]: Fix for the reported issue, only allow http, https, and ftp schemes in the data_source tool. Commit: dda175dbf088bb4ba014fbea70b610cb7e2c2ed6 https://github.com/galaxyproject/galaxy/commit/dda175dbf088bb4ba014fbea70b61... Author: Nate Coraor <nate@bx.psu.edu> Date: 2017-10-23 (Mon, 23 Oct 2017) Log Message: ----------- Merge branch 'release_16.07' into release_16.10 Commit: c4855af7d516b0a955e508cc7e5bc8716028b670 https://github.com/galaxyproject/galaxy/commit/c4855af7d516b0a955e508cc7e5bc... Author: Nate Coraor <nate@bx.psu.edu> Date: 2017-10-23 (Mon, 23 Oct 2017) Log Message: ----------- Merge branch 'release_16.10' into release_17.01 Commit: b35fe934d4246ae0b4c1b6aa3a446fd5672d55c6 https://github.com/galaxyproject/galaxy/commit/b35fe934d4246ae0b4c1b6aa3a446... Author: Nate Coraor <nate@bx.psu.edu> Date: 2017-10-23 (Mon, 23 Oct 2017) Log Message: ----------- Merge branch 'release_17.01' into release_17.05 Compare: https://github.com/galaxyproject/galaxy/compare/f0e9767912f9...b35fe934d424