summaryrefslogtreecommitdiff
path: root/doc/security/user_file_uploads.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/security/user_file_uploads.md')
-rw-r--r--doc/security/user_file_uploads.md4
1 files changed, 3 insertions, 1 deletions
diff --git a/doc/security/user_file_uploads.md b/doc/security/user_file_uploads.md
index 734a4cde7e8..e8b0c08e240 100644
--- a/doc/security/user_file_uploads.md
+++ b/doc/security/user_file_uploads.md
@@ -1,12 +1,14 @@
---
type: reference
stage: Manage
-group: Authentication & Authorization
+group: Authentication and Authorization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
# User File Uploads **(FREE)**
+> - In GitLab 14.8 and later, [authorization checks are enforced](https://gitlab.com/gitlab-org/gitlab/-/issues/26781) on media uploads. This change is being [rolled out incrementally](https://gitlab.com/gitlab-org/gitlab/-/issues/352291) on GitLab.com in 14.9.
+
Images that are attached to issues, merge requests, or comments
do not require authentication to be viewed if they are accessed directly by URL.
This direct URL contains a random 32-character ID that prevents unauthorized
View Lorry Controller Status