Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--app/views/notify/new_merge_request_email.html.haml2
-rw-r--r--changelogs/unreleased/security-id-email-xss.yml5
2 files changed, 6 insertions, 1 deletions
diff --git a/app/views/notify/new_merge_request_email.html.haml b/app/views/notify/new_merge_request_email.html.haml
index 77d2e65d285..9ab648e2a64 100644
--- a/app/views/notify/new_merge_request_email.html.haml
+++ b/app/views/notify/new_merge_request_email.html.haml
@@ -3,7 +3,7 @@
#{link_to @merge_request.author_name, user_url(@merge_request.author)} created a merge request:
%p.details
- != merge_path_description(@merge_request, '→')
+ = merge_path_description(@merge_request, '→')
- if @merge_request.assignees.any?
%p
diff --git a/changelogs/unreleased/security-id-email-xss.yml b/changelogs/unreleased/security-id-email-xss.yml
new file mode 100644
index 00000000000..36c00a70c6a
--- /dev/null
+++ b/changelogs/unreleased/security-id-email-xss.yml
@@ -0,0 +1,5 @@
+---
+title: Escape path in new merge request mail
+merge_request:
+author:
+type: security
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-01 08:44:04 +0300