kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss

Fork 0

Commit graph

Author	SHA1	Message	Date
Stan Hu	6a91b28932	Remove circular dependency on Redactable in migration Gitlab::BackgroundMigration::RedactLinks was prepending EE::Gitlab::BackgroundMigration::RedactLinks, while EE::Gitlab::BackgroundMigration::RedactLinks was trying to include Gitlab::BackgroundMigration::RedactLinks::Redactable. Ruby 2.5.3 failed with an uninitialized constant (https://gitlab.com/gitlab-org/gitlab-ee/-/jobs/118388511).	2018-11-09 12:59:39 -08:00
Jan Provaznik	c1c1496405	Redact unsubscribe links in issuable texts It's possible that user pastes accidentally also unsubscribe link which is included in footer of notification emails. This unsubscribe link contains personal token which attacker then use to act as the original user (e.g. for sending comments under his/her identity).	2018-10-23 21:20:20 +02:00

Author

SHA1

Message

Date

Stan Hu

6a91b28932

Remove circular dependency on Redactable in migration

Gitlab::BackgroundMigration::RedactLinks was prepending
EE::Gitlab::BackgroundMigration::RedactLinks, while
EE::Gitlab::BackgroundMigration::RedactLinks was trying to include
Gitlab::BackgroundMigration::RedactLinks::Redactable. Ruby 2.5.3 failed
with an uninitialized constant
(https://gitlab.com/gitlab-org/gitlab-ee/-/jobs/118388511).

2018-11-09 12:59:39 -08:00

Jan Provaznik

c1c1496405

Redact unsubscribe links in issuable texts

It's possible that user pastes accidentally also unsubscribe link
which is included in footer of notification emails. This unsubscribe
link contains personal token which attacker then use to act as the
original user (e.g. for sending comments under his/her identity).

2018-10-23 21:20:20 +02:00

2 commits