summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/administration/reply_by_email.md10
-rw-r--r--doc/user/project/merge_requests/img/create_from_email.pngbin0 -> 152975 bytes
-rw-r--r--doc/user/project/merge_requests/index.md7
3 files changed, 10 insertions, 7 deletions
diff --git a/doc/administration/reply_by_email.md b/doc/administration/reply_by_email.md
index 1304476e678..3b3a3801993 100644
--- a/doc/administration/reply_by_email.md
+++ b/doc/administration/reply_by_email.md
@@ -89,11 +89,11 @@ email address in order to sign up.
If you also host a public-facing GitLab instance at `hooli.com` and set your
incoming email domain to `hooli.com`, an attacker could abuse the "Create new
-issue by email" feature by using a project's unique address as the email when
-signing up for Slack, which would send a confirmation email, which would create
-a new issue on the project owned by the attacker, allowing them to click the
-confirmation link and validate their account on your company's private Slack
-instance.
+issue by email" or "Create new merge request by email" features by using a
+project's unique address as the email when signing up for Slack, which would
+send a confirmation email, which would create a new issue or merge request on
+the project owned by the attacker, allowing them to click the confirmation link
+and validate their account on your company's private Slack instance.
We recommend receiving incoming email on a subdomain, such as
`incoming.hooli.com`, and ensuring that you do not employ any services that
diff --git a/doc/user/project/merge_requests/img/create_from_email.png b/doc/user/project/merge_requests/img/create_from_email.png
new file mode 100644
index 00000000000..71eb4bf267d
--- /dev/null
+++ b/doc/user/project/merge_requests/img/create_from_email.png
Binary files differ
diff --git a/doc/user/project/merge_requests/index.md b/doc/user/project/merge_requests/index.md
index d76ea259301..bb3d9cdcf0e 100644
--- a/doc/user/project/merge_requests/index.md
+++ b/doc/user/project/merge_requests/index.md
@@ -27,7 +27,7 @@ With GitLab merge requests, you can:
- [Resolve merge conflicts from the UI](#resolve-conflicts)
- Enable [fast-forward merge requests](#fast-forward-merge-requests)
- Enable [semi-linear history merge requests](#semi-linear-history-merge-requests) as another security layer to guarantee the pipeline is passing in the target branch
-- [Create new merge requests by email](#create_by_email)
+- [Create new merge requests by email](#create-new-merge-requests-by-email)
With **[GitLab Enterprise Edition][ee]**, you can also:
@@ -138,7 +138,10 @@ You can create a new merge request by sending an email to a user-specific email
address. The address can be obtained on the merge requests page by clicking on
a **Email a new merge request to this project** button. The subject will be
used as the source branch name for the new merge request and the target branch
-will be the default branch for the project.
+will be the default branch for the project. You need to enable
+["Reply by email"](../administration/reply_by_email.md) to use this feature.
+
+![Create new merge requests by email](img/create_from_email.png)
## Revert changes