diff options
author | Douwe Maan <douwe@gitlab.com> | 2016-06-30 18:42:15 +0300 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2016-06-30 21:40:58 +0300 |
commit | ad421b3ac65d7bd0679ee37546011dc0b2601199 (patch) | |
tree | f5bae1ce8e4edfea3d0841dedeaa4584900bc14f /CHANGELOG | |
parent | 5e546d9b4728fc9c9623992a678cbea9eb2098f1 (diff) |
Merge branch '19312-confidential-issue' into 'master'
Fix privilege escalation issue with OAuth external users
Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/19312
This MR fixes a privilege escalation issue, where manually set external users would be reverted back to internal users if they logged in via OAuth and that provider was not in the `external_providers` list.
/cc @douwe
See merge request !1975
(cherry picked from commit 5e6342b7ac08b4b37b233cad54f4aeaf0144b977)
Diffstat (limited to 'CHANGELOG')
-rw-r--r-- | CHANGELOG | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG index 264e6890316..1e1a5ca9b12 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,8 @@ Please view this file on the master branch, on stable branches it's out of date. +v 8.9.4 + - Fix privilege escalation issue with OAuth external users. + v 8.9.3 - Fix encrypted data backwards compatibility after upgrading attr_encrypted gem. !4963 - Fix rendering of commit notes. !4953 |