diff options
author | Douwe Maan <douwe@gitlab.com> | 2016-09-28 17:44:11 +0300 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2016-09-28 19:34:28 +0300 |
commit | 2125db47ceb4e6cbaae0197c96495f2cf9c028c1 (patch) | |
tree | 5c7db7604aa34043b5284585c2d5198a92bebdd3 /CHANGELOG | |
parent | a74967505d75a81904ea57b20329982d5d7dfed0 (diff) |
Merge branch '22435-no-api-state-change-via-rails-session' into 'security'
API: disable rails session auth for non-GET/HEAD requests
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22435
See merge request !1999
Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'CHANGELOG')
-rw-r--r-- | CHANGELOG | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG index aa5cf06c189..23fef89107b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -3,6 +3,7 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.9.11 - Respect the fork_project permission when forking projects - Set a restrictive CORS policy on the API for credentialed requests + - API: disable rails session auth for non-GET/HEAD requests v 8.9.10 - Allow the Rails cookie to be used for API authentication. |