gitlab-org--gitlab-foss/changelogs/unreleased/redact-links-dev.yml at 5da2f42dc9609c07fd60d9d1c7a2302353a820c0 - kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss - Forgejo by Causa Arcana

kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss

Jan Provaznik c1c1496405 Redact unsubscribe links in issuable texts

It's possible that user pastes accidentally also unsubscribe link
which is included in footer of notification emails. This unsubscribe
link contains personal token which attacker then use to act as the
original user (e.g. for sending comments under his/her identity).

2018-10-23 21:20:20 +02:00

5 lines

94 B

YAML

Raw Blame History

 ---
 title: Redact personal tokens in unsubscribe links.
 merge_request:
 author:
 type: security