Merge branch '19312-confidential-issue' into 'master'

Fix privilege escalation issue with OAuth external users Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/19312 This MR fixes a privilege escalation issue, where manually set external users would be reverted back to internal users if they logged in via OAuth and that provider was not in the `external_providers` list. /cc @douwe See merge request !1975 (cherry picked from commit 5e6342b7ac08b4b37b233cad54f4aeaf0144b977)
author: Douwe Maan <douwe@gitlab.com> 2016-06-30 18:42:15 +0300
committer: Robert Speicher <rspeicher@gmail.com> 2016-06-30 21:40:58 +0300
commit: ad421b3ac65d7bd0679ee37546011dc0b2601199 (patch)
tree: f5bae1ce8e4edfea3d0841dedeaa4584900bc14f /CHANGELOG
parent: 5e546d9b4728fc9c9623992a678cbea9eb2098f1 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 264e6890316..1e1a5ca9b12 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,8 @@
 Please view this file on the master branch, on stable branches it's out of date.
 
+v 8.9.4
+  - Fix privilege escalation issue with OAuth external users.
+
 v 8.9.3
   - Fix encrypted data backwards compatibility after upgrading attr_encrypted gem. !4963
   - Fix rendering of commit notes. !4953
author	Douwe Maan <douwe@gitlab.com>	2016-06-30 18:42:15 +0300
committer	Robert Speicher <rspeicher@gmail.com>	2016-06-30 21:40:58 +0300
commit	ad421b3ac65d7bd0679ee37546011dc0b2601199 (patch)
tree	f5bae1ce8e4edfea3d0841dedeaa4584900bc14f /CHANGELOG
parent	5e546d9b4728fc9c9623992a678cbea9eb2098f1 (diff)