diff options
author | Alessio Caiazza <acaiazza@gitlab.com> | 2018-11-08 09:06:07 +0000 |
---|---|---|
committer | Alessio Caiazza <acaiazza@gitlab.com> | 2018-11-14 11:00:13 +0100 |
commit | 5fae9ea1e3297e70179b82074c710839a4742bd4 (patch) | |
tree | e2cedb27c97e100929e313dc7f9c6b6cef189274 /VERSION | |
parent | 1c315f4c26ee0d682dd232c077a1bf38a7634b70 (diff) | |
download | gitlab-ce-5fae9ea1e3297e70179b82074c710839a4742bd4.tar.gz |
Validate URI scheme also for internal URI
This is a backport for 11.3 stable branch.
Gitlab::UrlBlocker ignores scheme when validating URI matching either
config.gitlab or config.gitlab_shell
This patch enforces matching config.gitlab.protocol for internal web and
ssh for internal shell.
A cleanup migration for stored XSS from environments table is included.
Diffstat (limited to 'VERSION')
0 files changed, 0 insertions, 0 deletions