delta/gitlab/gitlab-ce.git - gitlab.com: gitlab-org/gitlab-ce.git

diff options

author	Alessio Caiazza <acaiazza@gitlab.com>	2018-11-08 09:06:07 +0000
committer	Alessio Caiazza <acaiazza@gitlab.com>	2018-11-14 11:00:13 +0100
commit	5fae9ea1e3297e70179b82074c710839a4742bd4 (patch)
tree	e2cedb27c97e100929e313dc7f9c6b6cef189274 /VERSION
parent	1c315f4c26ee0d682dd232c077a1bf38a7634b70 (diff)
download	gitlab-ce-5fae9ea1e3297e70179b82074c710839a4742bd4.tar.gz

Validate URI scheme also for internal URI

This is a backport for 11.3 stable branch. Gitlab::UrlBlocker ignores scheme when validating URI matching either config.gitlab or config.gitlab_shell This patch enforces matching config.gitlab.protocol for internal web and ssh for internal shell. A cleanup migration for stored XSS from environments table is included.

Diffstat (limited to 'VERSION')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: