diff options
| author | drew cimino <dcimino@gitlab.com> | 2019-07-22 14:16:15 -0400 |
|---|---|---|
| committer | drew cimino <dcimino@gitlab.com> | 2019-08-12 17:21:51 -0400 |
| commit | 51c25223a3f3623cac4dad21aa5bf6068dc6af0f (patch) | |
| tree | bb105e10d460587f5c3bbdeed7d558fac37eddeb /changelogs | |
| parent | 914bed6c7a7182a2affcd8f399e257b950e6bace (diff) | |
| download | gitlab-ce-51c25223a3f3623cac4dad21aa5bf6068dc6af0f.tar.gz | |
Permission fix for MergeRequestsController#pipeline_status
- Use set_pipeline_variables to filter for visible pipelines
- Mimic response of nonexistent pipeline if not found
- Provide set_pipeline_variables as a before_filter for other actions
Diffstat (limited to 'changelogs')
| -rw-r--r-- | changelogs/unreleased/security-mr-head-pipeline-leak.yml | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/changelogs/unreleased/security-mr-head-pipeline-leak.yml b/changelogs/unreleased/security-mr-head-pipeline-leak.yml new file mode 100644 index 00000000000..b15b353ff41 --- /dev/null +++ b/changelogs/unreleased/security-mr-head-pipeline-leak.yml @@ -0,0 +1,5 @@ +--- +title: Check permissions before responding in MergeController#pipeline_status +merge_request: +author: +type: security |