From ad421b3ac65d7bd0679ee37546011dc0b2601199 Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Thu, 30 Jun 2016 15:42:15 +0000
Subject: Merge branch '19312-confidential-issue' into 'master'

Fix privilege escalation issue with OAuth external users

Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/19312

This MR fixes a privilege escalation issue, where manually set external users would be reverted back to internal users if they logged in via OAuth and that provider was not in the `external_providers` list.

/cc @douwe

See merge request !1975
(cherry picked from commit 5e6342b7ac08b4b37b233cad54f4aeaf0144b977)
---
 CHANGELOG | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'CHANGELOG')

diff --git a/CHANGELOG b/CHANGELOG
index 264e6890316..1e1a5ca9b12 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,8 @@
 Please view this file on the master branch, on stable branches it's out of date.
 
+v 8.9.4
+  - Fix privilege escalation issue with OAuth external users.
+
 v 8.9.3
   - Fix encrypted data backwards compatibility after upgrading attr_encrypted gem. !4963
   - Fix rendering of commit notes. !4953
-- 
cgit v1.2.3