20cb4f7ab5
When a user updates a merge request coming from a fork, they should not be able to set `force_remove_source_branch` if they cannot push code to the source project. Otherwise developers of the target project could remove the source branch of the source project by setting this flag through the API.
6 lines
154 B
YAML
6 lines
154 B
YAML
---
|
|
title: Don't allow maintainers of a target project to delete the source branch of
|
|
a merge request from a fork
|
|
merge_request:
|
|
author:
|
|
type: security
|