gitlab-org--gitlab-foss/changelogs/unreleased/security-mr-head-pipeline-leak.yml
drew cimino 1c7c91806d Permission fix for MergeRequestsController#pipeline_status
- Use set_pipeline_variables to filter for visible pipelines
- Mimic response of nonexistent pipeline if not found
- Provide set_pipeline_variables as a before_filter for other actions
2019-08-12 17:39:32 -04:00

5 lines
120 B
YAML

---
title: Check permissions before responding in MergeController#pipeline_status
merge_request:
author:
type: security