diff options
| author | Rémy Coutable <remy@rymai.me> | 2016-11-16 17:28:56 +0000 |
|---|---|---|
| committer | Rémy Coutable <remy@rymai.me> | 2016-11-16 17:28:56 +0000 |
| commit | d1afb845b16b2a252f03e173fcdb0afa572c013a (patch) | |
| tree | e2987e19e88d43617a19524dec27cd2bd3f0d7ff /changelogs | |
| parent | 2e1fe59e373e4be404b19f4de3c8f44bb07fe91f (diff) | |
| parent | 067da6224ef2cc53ae4ac38e3f3d1c99d1a97f96 (diff) | |
| download | gitlab-ce-d1afb845b16b2a252f03e173fcdb0afa572c013a.tar.gz | |
Merge branch 'fix-shibboleth-auth-with-no-uid' into 'master'
fix shibboleth misconfigurations resulting in authentication bypass
This merge request fixes #22267 where a misconfigured Shibboleth `HTTP_UID` or `HTTP_EPPN` could result in users being logged into an account that did not belong to them.
See merge request !7428
Diffstat (limited to 'changelogs')
| -rw-r--r-- | changelogs/unreleased/fix-shibboleth-auth-with-no-uid.yml | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/changelogs/unreleased/fix-shibboleth-auth-with-no-uid.yml b/changelogs/unreleased/fix-shibboleth-auth-with-no-uid.yml new file mode 100644 index 00000000000..56fa2170be3 --- /dev/null +++ b/changelogs/unreleased/fix-shibboleth-auth-with-no-uid.yml @@ -0,0 +1,4 @@ +--- +title: fix shibboleth misconfigurations resulting in authentication bypass +merge_request: 7428 +author: |