diff options
| author | John Jarvis <jarv@gitlab.com> | 2018-12-27 14:02:45 +0300 |
|---|---|---|
| committer | John Jarvis <jarv@gitlab.com> | 2018-12-27 14:02:45 +0300 |
| commit | b0e6341ad176abe903c5117c1c0a10ffd25de55b (patch) | |
| tree | 1e5928e47bc0966f17a34b35d28b96870b8b8925 /changelogs | |
| parent | 7cb3332e53c3131dcdc609aff64bb7a567bd8a63 (diff) | |
| parent | 3a2ffac45a4d92da6d46a98d7aca586eec8df253 (diff) | |
Merge branch 'security-11-6-secret-ci-variables-exposed' into 'security-11-6'
[11.6] Secret CI variables can exposed by creating a tag with the same name as an existing protected branch
See merge request gitlab/gitlabhq!2684
Diffstat (limited to 'changelogs')
| -rw-r--r-- | changelogs/unreleased/security-11-6-secret-ci-variables-exposed.yml | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/changelogs/unreleased/security-11-6-secret-ci-variables-exposed.yml b/changelogs/unreleased/security-11-6-secret-ci-variables-exposed.yml new file mode 100644 index 00000000000..702181065f5 --- /dev/null +++ b/changelogs/unreleased/security-11-6-secret-ci-variables-exposed.yml @@ -0,0 +1,5 @@ +--- +title: Prevent leaking protected variables for ambiguous refs. +merge_request: +author: +type: security |