Merge branch 'secure-disallow-read-user-scope-to-read-project-events' into 'master'

Disallow read user scope to read project events See merge request gitlab/gitlabhq!3067
author: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-04-29 12:40:33 +0000
committer: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-04-29 12:40:33 +0000
commit: 076d199d2af03be9c41962c9e5203a02ddef691d (patch)
tree: 120cf5e477de2c6e7588532049fe026538083e7e /changelogs
parent: 7de77216248b5b1311dc978543458a9cd706c63a (diff)
parent: 1103c09776217c5ab8a6f038fadfd003eeaf3f8e (diff)
download: gitlab-ce-076d199d2af03be9c41962c9e5203a02ddef691d.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/changelogs/unreleased/secure-disallow-read-user-scope-to-read-project-events.yml b/changelogs/unreleased/secure-disallow-read-user-scope-to-read-project-events.yml
new file mode 100644
index 00000000000..4a91bfa8827
--- /dev/null
+++ b/changelogs/unreleased/secure-disallow-read-user-scope-to-read-project-events.yml
@@ -0,0 +1,5 @@
+---
+title: Allow to see project events only with api scope token
+merge_request:
+author:
+type: security
author	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-04-29 12:40:33 +0000
committer	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-04-29 12:40:33 +0000
commit	076d199d2af03be9c41962c9e5203a02ddef691d (patch)
tree	120cf5e477de2c6e7588532049fe026538083e7e /changelogs
parent	7de77216248b5b1311dc978543458a9cd706c63a (diff)
parent	1103c09776217c5ab8a6f038fadfd003eeaf3f8e (diff)
download	gitlab-ce-076d199d2af03be9c41962c9e5203a02ddef691d.tar.gz