diff options
| author | Douwe Maan <douwe@gitlab.com> | 2016-10-03 12:33:58 +0000 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2016-10-03 12:33:58 +0000 |
| commit | 5e4418b23850947752134a04e4e42a1a22c7aac9 (patch) | |
| tree | 658d5fe96a37c1190f24615fee11382399dd1ff5 /CHANGELOG | |
| parent | 08bab4bbcd44ef7c5ff294d272a8ceb8571b4da7 (diff) | |
| parent | 958d9f11e80633f7120a782900fe1f78b3dbebea (diff) | |
| download | gitlab-ce-5e4418b23850947752134a04e4e42a1a22c7aac9.tar.gz | |
Merge branch 'fix/export-project-file-permissions' into 'security'
Fix export project file permissions issue
Fixes security concerns of https://gitlab.com/gitlab-org/gitlab-ce/issues/22757
I have just added the permissions 0700 to the creation of any of the export paths, as @jacobvosmaer suggested in https://gitlab.com/gitlab-org/gitlab-ce/issues/22757#note_16197616
After this has fixed, it could take up to 24 hours in the worse case scenario for old archives to be completely safe - This is the time `ImportExportProjectCleanupWorker` may take to remove the folders. The temporary folders will be 0700 straight away for new installations.
See merge request !2003
Diffstat (limited to 'CHANGELOG')
| -rw-r--r-- | CHANGELOG | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG index 64918b89264..c243920283c 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -3,6 +3,9 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.13.0 (unreleased) - Speed-up group milestones show page +v 8.12.4 (unreleased) + - Set GitLab project exported file permissions to owner only + v 8.12.2 (unreleased) - Fix Import/Export not recognising correctly the imported services. - Respect the fork_project permission when forking projects |