summaryrefslogtreecommitdiff
path: root/changelogs/unreleased/56838-allow-guest-access-to-releases.yml
Commit message (Collapse)AuthorAgeFilesLines
* Update CHANGELOG.md for 11.11.0GitLab Release Tools Bot2019-05-221-5/+0
| | | [ci skip]
* Allow guests users to access project releasesKrasimir Angelov2019-05-031-0/+5
This is step one of resolving https://gitlab.com/gitlab-org/gitlab-ce/issues/56838. Here is what changed: - Revert the security fix from bdee9e8412d. - Do not leak repository information (tag name, commit) to guests in API responses. - Do not include links to source code in API responses for users that do not have download_code access. - Show Releases in sidebar for guests. - Do not display links to source code under Assets for users that do not have download_code access. GET ':id/releases/:tag_name' still do not allow guests to access releases. This is to prevent guessing tag existence.