diff --git a/app/controllers/concerns/issuable_collections.rb b/app/controllers/concerns/issuable_collections.rb
index 8921d55c3d0..3181f517087 100644
--- a/app/controllers/concerns/issuable_collections.rb
+++ b/app/controllers/concerns/issuable_collections.rb
@@ -106,7 +106,7 @@ module IssuableCollections
       # @filter_params[:authorized_only] = true
     end
 
-    @filter_params
+    @filter_params.permit(IssuableFinder::VALID_PARAMS)
   end
 
   def set_default_state
diff --git a/app/finders/issuable_finder.rb b/app/finders/issuable_finder.rb
index 0a2e3c709d9..24c07f3dc70 100644
--- a/app/finders/issuable_finder.rb
+++ b/app/finders/issuable_finder.rb
@@ -25,6 +25,28 @@ class IssuableFinder
 
   NONE = '0'.freeze
 
+  SCALAR_PARAMS = %i[
+    assignee_id
+    assignee_username
+    author_id
+    author_username
+    authorized_only
+    due_date
+    group_id
+    iids
+    label_name
+    milestone_title
+    non_archived
+    project_id
+    scope
+    search
+    sort
+    state
+  ].freeze
+  ARRAY_PARAMS = { label_name: [], iids: [], assignee_username: [] }.freeze
+
+  VALID_PARAMS = (SCALAR_PARAMS + [ARRAY_PARAMS]).freeze
+
   attr_accessor :current_user, :params
 
   def initialize(current_user, params = {})
diff --git a/doc/user/project/repository/gpg_signed_commits/index.md b/doc/user/project/repository/gpg_signed_commits/index.md
index dfe43c6b691..29e04a0ccf0 100644
--- a/doc/user/project/repository/gpg_signed_commits/index.md
+++ b/doc/user/project/repository/gpg_signed_commits/index.md
@@ -113,25 +113,25 @@ started:
 1. Use the following command to list the private GPG key you just created:
 
     ```
-    gpg --list-secret-keys --keyid-format 0xLONG mr@robot.sh
+    gpg --list-secret-keys --keyid-format LONG mr@robot.sh
     ```
 
     Replace `mr@robot.sh` with the email address you entered above.
 
 1. Copy the GPG key ID that starts with `sec`. In the following example, that's
-   `0x30F2B65B9246B6CA`:
+   `30F2B65B9246B6CA`:
 
     ```
-    sec   rsa4096/0x30F2B65B9246B6CA 2017-08-18 [SC]
+    sec   rsa4096/30F2B65B9246B6CA 2017-08-18 [SC]
           D5E4F29F3275DC0CDA8FFC8730F2B65B9246B6CA
     uid                   [ultimate] Mr. Robot <mr@robot.sh>
-    ssb   rsa4096/0xB7ABC0813E4028C0 2017-08-18 [E]
+    ssb   rsa4096/B7ABC0813E4028C0 2017-08-18 [E]
     ```
 
 1. Export the public key of that ID (replace your key ID from the previous step):
 
     ```
-    gpg --armor --export 0x30F2B65B9246B6CA
+    gpg --armor --export 30F2B65B9246B6CA
     ```
 
 1. Finally, copy the public key and [add it in your profile settings](#adding-a-gpg-key-to-your-account)
@@ -167,28 +167,28 @@ key to use.
 1. Use the following command to list the private GPG key you just created:
 
     ```
-    gpg --list-secret-keys --keyid-format 0xLONG mr@robot.sh
+    gpg --list-secret-keys --keyid-format LONG mr@robot.sh
     ```
 
     Replace `mr@robot.sh` with the email address you entered above.
 
 1. Copy the GPG key ID that starts with `sec`. In the following example, that's
-   `0x30F2B65B9246B6CA`:
+   `30F2B65B9246B6CA`:
 
     ```
-    sec   rsa4096/0x30F2B65B9246B6CA 2017-08-18 [SC]
+    sec   rsa4096/30F2B65B9246B6CA 2017-08-18 [SC]
           D5E4F29F3275DC0CDA8FFC8730F2B65B9246B6CA
     uid                   [ultimate] Mr. Robot <mr@robot.sh>
-    ssb   rsa4096/0xB7ABC0813E4028C0 2017-08-18 [E]
+    ssb   rsa4096/B7ABC0813E4028C0 2017-08-18 [E]
     ```
 
 1. Tell Git to use that key to sign the commits:
 
     ```
-    git config --global user.signingkey 0x30F2B65B9246B6CA
+    git config --global user.signingkey 30F2B65B9246B6CA
     ```
 
-    Replace `0x30F2B65B9246B6CA` with your GPG key ID.
+    Replace `30F2B65B9246B6CA` with your GPG key ID.
 
 ## Signing commits