diff options
| author | Douwe Maan <douwe@gitlab.com> | 2016-10-03 15:33:58 +0300 |
|---|---|---|
| committer | Rémy Coutable <remy@rymai.me> | 2016-10-05 17:46:09 +0300 |
| commit | 1803bc267d8cd0dd38d79597664b6eb7ee2a948b (patch) | |
| tree | 8475df7ff118effac1f2e0580074dcc4df74c93e /CHANGELOG | |
| parent | 04def4d8a051b7520380dee5285aa8d2d91809c3 (diff) | |
Merge branch 'fix/export-project-file-permissions' into 'security'
Fix export project file permissions issue
Fixes security concerns of https://gitlab.com/gitlab-org/gitlab-ce/issues/22757
I have just added the permissions 0700 to the creation of any of the export paths, as @jacobvosmaer suggested in https://gitlab.com/gitlab-org/gitlab-ce/issues/22757#note_16197616
After this has fixed, it could take up to 24 hours in the worse case scenario for old archives to be completely safe - This is the time `ImportExportProjectCleanupWorker` may take to remove the folders. The temporary folders will be 0700 straight away for new installations.
See merge request !2003
Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'CHANGELOG')
| -rw-r--r-- | CHANGELOG | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG index 343d6266696..680de0ad439 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -11,6 +11,7 @@ v 8.12.4 (unreleased) - Restrict failed login attempts for users with 2FA enabled. !6668 - Fix failed project deletion when feature visibility set to private. !6688 - Prevent claiming associated model IDs via import. + - Set GitLab project exported file permissions to owner only v 8.12.3 - Update Gitlab Shell to support low IO priority for storage moves |