kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/changelogs/unreleased
History
Douwe Maan 742cee756b Merge branch 'jej-22869' into 'security' 
Fix information disclosure in `Projects::BlobController#update`

It was possible to discover private project names by modifying `from_merge_request`parameter in `Projects::BlobController#update`. This fixes that.

- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added
- Tests
  - [x] Added for this feature/bug
  - [ ] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

https://gitlab.com/gitlab-org/gitlab-ce/issues/22869

See merge request !2023
2016-11-28 21:25:18 -03:00
..
.gitkeep
22373-reduce-queries-in-api-helpers-find_project.yml Make API::Helpers find a project with only one query 2016-11-24 10:19:36 +01:00
23532-define-common-helper-for-describe-pagination-params-in-api.yml Define common helper for describe pagination params in api 2016-11-22 09:19:26 +05:00
24413-show-unconfirmed-email-status.yml
24576_cant_stop_impersonating.yml
24813-project-members-with-developer-access-can-no-longer-create-tags.yml Pass tag SHA to post-receive hook when tag is created via UI 2016-11-28 15:04:51 +01:00
24860-actionview-template-error-undefined-method-size-for-nil-nilclass.yml Prevent error when submitting a merge request and pipeline is not defined 2016-11-28 12:03:59 +01:00
25026-authenticate-user-for-new-snippet.yml Ensure user is authenticated to create a new snippet 2016-11-28 16:57:49 +01:00
api-delete-group-share.yml API: Add endpoint to delete a group share 2016-11-23 12:53:37 +01:00
boards-issue-sorting.yml Fixed issue boards issue sorting when dragging issue into list 2016-11-24 10:32:55 +00:00
create-dynamic-fixture-for-build_spec.yml Create dynamic fixture for build_spec (!7589) 2016-11-25 11:03:31 +01:00
dev-issue-24554.yml Edit help text to clarify that tags are annotated. 2016-11-21 10:46:32 -08:00
dz-allow-nested-group-routing.yml Add nested groups support to the routing 2016-11-23 14:08:36 +02:00
emoji-btn-disabled.yml Disabled award emoji button when user is not logged in 2016-11-22 10:25:09 +00:00
events-cache-invalidation.yml Remove event caching code 2016-11-23 14:17:07 +01:00
fix-cancelling-pipelines.yml
fix-drop-project-authorized-for-user.yml Update ProjectTeam#fetch_members to use project authorizations 2016-11-23 12:59:13 +02:00
fix-slack-pipeline-event.yml
fixed-commit-timeago.yml Fixed commit time not rendering after initial page load 2016-11-23 19:24:51 +00:00
issuable_filters_present-refactor.yml Refactor issuable_filters_present to reduce duplications 2016-11-28 14:48:03 +05:00
issue-24534.yml Remove unnecessary sentences for status codes in the API documentation 2016-11-24 10:28:52 -07:00
issue-boards-scrollable-element.yml Fixed issue boards scrolling with a lot of lists & issues 2016-11-24 16:54:24 +00:00
issue_24748.yml Fix title case to sentence case 2016-11-23 16:34:58 -07:00
issue_24958.yml Fix bad selection on dropdown menu for tags filter 2016-11-25 00:29:26 -07:00
jej-22869.yml Merge branch 'jej-22869' into 'security' 2016-11-28 21:25:18 -03:00
milestone_start_date.yml Add a starting date to milestones 2016-11-23 13:41:04 +02:00
move-abuse-report-spinach-test-to-rspec.yml Move abuse report spinach test to rspec 2016-11-23 19:30:07 +05:00
move-admin-abuse-report-spinach-test-to-rspec.yml Move admin abuse report spinach test to rspec 2016-11-23 21:40:29 +05:00
move-admin-spam-spinach-test-to-rspec.yml Move admin spam spinach test to Rspec 2016-11-23 20:18:35 +05:00
post_receive-any-email.yml
refresh-authorizations-with-lease.yml Refresh project authorizations using a Redis lease 2016-11-25 13:35:01 +01:00
remove-backup-strategies.yml Stop supporting Google and Azure as backup strategies 2016-11-24 13:07:24 +01:00
remove-require-from-services.yml Remove unnecessary require_relative calls from service classes 2016-11-22 11:25:00 +05:00
remove-unnecessary-self-from-user-model.yml
rephrase-system-notes.yml Rephrase some system notes to be compatible with new system note style 2016-11-24 18:26:29 +08:00
repository-name-emojis
resolve-discussions-timeago.yml Fixed resolved discussion timeago not rendering 2016-11-22 11:47:26 +00:00
rs-project-team-helpers.yml
simplify-create-new-list-issue-boards.yml Simplify copy on "Create a new list" dropdown in Issue Boards 2016-11-23 17:28:58 -02:00
timeout-merge-request-for-binary-file.yml Fix: Timeout creating and viewing merge request for binary file 2016-11-25 15:25:01 +02:00
workhorse-v1-0-1.yml Update GitLab Workhorse to v1.0.1 2016-11-25 16:29:40 +00:00
zen-mode-fixture.yml Replace static fixture for zen_mode_spec (!7686) 2016-11-23 01:29:32 +01:00
zj-expose-coverage-pipelines.yml Expose coverage on GET pipelines/:id 2016-11-25 15:49:59 +01:00
zj-fix-label-creation-non-members.yml Merge branch 'zj-fix-label-creation-non-members' into 'security' 2016-11-28 21:24:19 -03:00