Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/CHANGELOG
diff options
context:
space:
mode:
authorDouwe Maan <douwe@gitlab.com>2016-09-28 17:44:11 +0300
committerRémy Coutable <remy@rymai.me>2016-09-28 19:34:28 +0300
commit2125db47ceb4e6cbaae0197c96495f2cf9c028c1 (patch)
tree5c7db7604aa34043b5284585c2d5198a92bebdd3 /CHANGELOG
parenta74967505d75a81904ea57b20329982d5d7dfed0 (diff)
Merge branch '22435-no-api-state-change-via-rails-session' into 'security'
API: disable rails session auth for non-GET/HEAD requests Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22435 See merge request !1999 Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'CHANGELOG')
-rw-r--r--CHANGELOG1
1 files changed, 1 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG
index aa5cf06c189..23fef89107b 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -3,6 +3,7 @@ Please view this file on the master branch, on stable branches it's out of date.
v 8.9.11
- Respect the fork_project permission when forking projects
- Set a restrictive CORS policy on the API for credentialed requests
+ - API: disable rails session auth for non-GET/HEAD requests
v 8.9.10
- Allow the Rails cookie to be used for API authentication.
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-10 02:37:46 +0300