Merge branch 'security-sarcila-verify-saml-request-origin-12-3' into '12-3-stable'

Check that SAML identity linking validates the origin of the request See merge request gitlab/gitlabhq!3396
author: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-09-26 16:53:28 +0300
committer: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-09-26 16:53:28 +0300
commit: fc921391d26120198a81be24389cfc1b8c668cbe (patch)
tree: 4d65d360a2c9f2135744afbe7a65be21bcc0534c /changelogs
parent: a31eb11c90c3bf00cac0d6f2ec2c3bd1aa96609f (diff)
parent: 2b94f55325c737c6acc6866799a0188abc180cf3 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/changelogs/unreleased/security-sarcila-verify-saml-request-origin.yml b/changelogs/unreleased/security-sarcila-verify-saml-request-origin.yml
new file mode 100644
index 00000000000..9022bc8a26f
--- /dev/null
+++ b/changelogs/unreleased/security-sarcila-verify-saml-request-origin.yml
@@ -0,0 +1,5 @@
+---
+title: Prevent GitLab accounts takeover if SAML is configured
+merge_request:
+author:
+type: security
author	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-09-26 16:53:28 +0300
committer	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-09-26 16:53:28 +0300
commit	fc921391d26120198a81be24389cfc1b8c668cbe (patch)
tree	4d65d360a2c9f2135744afbe7a65be21bcc0534c /changelogs
parent	a31eb11c90c3bf00cac0d6f2ec2c3bd1aa96609f (diff)
parent	2b94f55325c737c6acc6866799a0188abc180cf3 (diff)