diff options
author | Alexandru Croitor <acroitor@gitlab.com> | 2019-07-17 12:54:40 +0300 |
---|---|---|
committer | Alexandru Croitor <acroitor@gitlab.com> | 2019-08-22 10:43:13 +0300 |
commit | 5af535d919c50951513f5859730afd924a01c29b (patch) | |
tree | fcd3d97c37a6b292d25c206c05ca890f7c420906 /doc/api/epics.md | |
parent | 8ae75677a38eafe5dda2ffe716df26a72093c5a8 (diff) |
Limit the size of issuable description and comments
Limiting the size of issuable description and comments to 1_000_000,
which is close to ~1MB of ASCII characters, which represents 99.9% of
all descriptions and comments we have in DB at the moment. This should
help prevent DoS attacks when comments contain refference strings.
Also this change updates regexp matching the namespaces paths by
limiting the namespaces paths to Namespace::NUMBER_OF_ANCESTORS_ALLOWED,
as we allow 20 levels deep groups.
see https://gitlab.com/gitlab-org/gitlab-ce/issues/61974#note_191274234
Diffstat (limited to 'doc/api/epics.md')
-rw-r--r-- | doc/api/epics.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/api/epics.md b/doc/api/epics.md index 3036b3c2364..aa7909917d9 100644 --- a/doc/api/epics.md +++ b/doc/api/epics.md @@ -161,7 +161,7 @@ POST /groups/:id/epics | `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user | | `title` | string | yes | The title of the epic | | `labels` | string | no | The comma separated list of labels | -| `description` | string | no | The description of the epic | +| `description` | string | no | The description of the epic. Limited to 1 000 000 characters. | | `start_date_is_fixed` | boolean | no | Whether start date should be sourced from `start_date_fixed` or from milestones (since 11.3) | | `start_date_fixed` | string | no | The fixed start date of an epic (since 11.3) | | `due_date_is_fixed` | boolean | no | Whether due date should be sourced from `due_date_fixed` or from milestones (since 11.3) | @@ -225,7 +225,7 @@ PUT /groups/:id/epics/:epic_iid | `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user | | `epic_iid` | integer/string | yes | The internal ID of the epic | | `title` | string | no | The title of an epic | -| `description` | string | no | The description of an epic | +| `description` | string | no | The description of an epic. Limited to 1 000 000 characters. | | `labels` | string | no | The comma separated list of labels | | `start_date_is_fixed` | boolean | no | Whether start date should be sourced from `start_date_fixed` or from milestones (since 11.3) | | `start_date_fixed` | string | no | The fixed start date of an epic (since 11.3) | |