Merge branch 'security-fix_jira_ssrf_vulnerability-12-1' into '12-1-stable'

Fix DNS rebind vulnerability for JIRA integration See merge request gitlab/gitlabhq!3311
author: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-08-26 10:42:47 +0300
committer: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-08-26 10:42:47 +0300
commit: 8ea900900d203370e1f12bdfa656d7081c1ad143 (patch)
tree: adce016d3fb8ddd05448065fc161f94c58dcceaa /app
parent: 9629d67d70cb229f0d17b080338b60de876ef9f2 (diff)
parent: f70ea12bb996e2099465710d0d6171e926e1242c (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/app/models/project_services/jira_service.rb b/app/models/project_services/jira_service.rb
index e571700fd02..222d8361d3f 100644
--- a/app/models/project_services/jira_service.rb
+++ b/app/models/project_services/jira_service.rb
@@ -64,7 +64,12 @@ class JiraService < IssueTrackerService
   end
 
   def client
-    @client ||= JIRA::Client.new(options)
+    @client ||= begin
+      JIRA::Client.new(options).tap do |client|
+        # Replaces JIRA default http client with our implementation
+        client.request_client = Gitlab::Jira::HttpClient.new(client.options)
+      end
+    end
   end
 
   def help
author	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-08-26 10:42:47 +0300
committer	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-08-26 10:42:47 +0300
commit	8ea900900d203370e1f12bdfa656d7081c1ad143 (patch)
tree	adce016d3fb8ddd05448065fc161f94c58dcceaa /app
parent	9629d67d70cb229f0d17b080338b60de876ef9f2 (diff)
parent	f70ea12bb996e2099465710d0d6171e926e1242c (diff)