diff options
| author | Douwe Maan <douwe@gitlab.com> | 2016-10-03 12:33:58 +0000 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2016-10-03 12:33:58 +0000 |
| commit | 5e4418b23850947752134a04e4e42a1a22c7aac9 (patch) | |
| tree | 658d5fe96a37c1190f24615fee11382399dd1ff5 /lib/api | |
| parent | 08bab4bbcd44ef7c5ff294d272a8ceb8571b4da7 (diff) | |
| parent | 958d9f11e80633f7120a782900fe1f78b3dbebea (diff) | |
| download | gitlab-ce-5e4418b23850947752134a04e4e42a1a22c7aac9.tar.gz | |
Merge branch 'fix/export-project-file-permissions' into 'security'
Fix export project file permissions issue
Fixes security concerns of https://gitlab.com/gitlab-org/gitlab-ce/issues/22757
I have just added the permissions 0700 to the creation of any of the export paths, as @jacobvosmaer suggested in https://gitlab.com/gitlab-org/gitlab-ce/issues/22757#note_16197616
After this has fixed, it could take up to 24 hours in the worse case scenario for old archives to be completely safe - This is the time `ImportExportProjectCleanupWorker` may take to remove the folders. The temporary folders will be 0700 straight away for new installations.
See merge request !2003
Diffstat (limited to 'lib/api')
0 files changed, 0 insertions, 0 deletions