diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-08-26 10:42:47 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-08-26 10:42:47 +0300 |
commit | 8ea900900d203370e1f12bdfa656d7081c1ad143 (patch) | |
tree | adce016d3fb8ddd05448065fc161f94c58dcceaa /app | |
parent | 9629d67d70cb229f0d17b080338b60de876ef9f2 (diff) | |
parent | f70ea12bb996e2099465710d0d6171e926e1242c (diff) |
Merge branch 'security-fix_jira_ssrf_vulnerability-12-1' into '12-1-stable'
Fix DNS rebind vulnerability for JIRA integration
See merge request gitlab/gitlabhq!3311
Diffstat (limited to 'app')
-rw-r--r-- | app/models/project_services/jira_service.rb | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/app/models/project_services/jira_service.rb b/app/models/project_services/jira_service.rb index e571700fd02..222d8361d3f 100644 --- a/app/models/project_services/jira_service.rb +++ b/app/models/project_services/jira_service.rb @@ -64,7 +64,12 @@ class JiraService < IssueTrackerService end def client - @client ||= JIRA::Client.new(options) + @client ||= begin + JIRA::Client.new(options).tap do |client| + # Replaces JIRA default http client with our implementation + client.request_client = Gitlab::Jira::HttpClient.new(client.options) + end + end end def help |