From 3a5df1d8fc518900d8e33a6be8a2243e399c754a Mon Sep 17 00:00:00 2001 From: Robert Speicher Date: Tue, 3 Jan 2017 18:03:13 +0000 Subject: Merge branch 'fix-api-mr-permissions' into 'security' Ensure that only privileged users can access merge requests in the API See merge request !2053 --- changelogs/unreleased/fix-api-mr-permissions.yml | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 changelogs/unreleased/fix-api-mr-permissions.yml (limited to 'changelogs') diff --git a/changelogs/unreleased/fix-api-mr-permissions.yml b/changelogs/unreleased/fix-api-mr-permissions.yml new file mode 100644 index 00000000000..33b677b1f29 --- /dev/null +++ b/changelogs/unreleased/fix-api-mr-permissions.yml @@ -0,0 +1,4 @@ +--- +title: Don't allow project guests to subscribe to merge requests through the API +merge_request: +author: Robert Schilling -- cgit v1.2.1