diff options
author | Lin Jen-Shin <godfat@godfat.org> | 2017-11-10 19:16:50 +0800 |
---|---|---|
committer | Lin Jen-Shin <godfat@godfat.org> | 2017-11-10 19:16:50 +0800 |
commit | 7bacf9464ef18001a0d9504923af8489911496bf (patch) | |
tree | b743741fc31b23266d9f39aa7761a0ff43722389 | |
parent | 5d4a7cac5f5af6a11216a23651b804c6236995f7 (diff) | |
parent | 8fef7a476a7b7c24c7a121d291d6f3b6b0c82f86 (diff) | |
download | gitlab-ce-7bacf9464ef18001a0d9504923af8489911496bf.tar.gz |
Merge branch '10-1-stable' into 10-1-stable-patch-2
* 10-1-stable:
Merge branch '32059-fix-oauth-phishing' into 'master'
-rw-r--r-- | changelogs/unreleased/32059-fix-oauth-phishing.yml | 6 | ||||
-rw-r--r-- | config/locales/doorkeeper.en.yml | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/changelogs/unreleased/32059-fix-oauth-phishing.yml b/changelogs/unreleased/32059-fix-oauth-phishing.yml new file mode 100644 index 00000000000..1aaa7285309 --- /dev/null +++ b/changelogs/unreleased/32059-fix-oauth-phishing.yml @@ -0,0 +1,6 @@ +--- +title: Prevent OAuth phishing attack by presenting detailed wording about app to user + during authorization +merge_request: +author: +type: security diff --git a/config/locales/doorkeeper.en.yml b/config/locales/doorkeeper.en.yml index 6f105d20771..b1c71095d4f 100644 --- a/config/locales/doorkeeper.en.yml +++ b/config/locales/doorkeeper.en.yml @@ -61,7 +61,7 @@ en: api: Access the authenticated user's API read_user: Read the authenticated user's personal information openid: Authenticate using OpenID Connect - sudo: Perform API actions as any user in the system + sudo: Perform API actions as any user in the system (if the authenticated user is an admin) scope_desc: api: Full access to GitLab as the user, including read/write on all their groups and projects |