Commit 8dd8d40c authored by Rémy Coutable's avatar Rémy Coutable Committed by Rémy Coutable

Merge branch 'rs-filter-params' into 'security'

Filter `authentication_token`, `incoming_email_token` and `runners_token` parameters

Closes https://dev.gitlab.org/gitlab/gitlabhq/issues/2676

See merge request !2045
Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
parent e079e452
......@@ -3,6 +3,7 @@ Please view this file on the master branch, on stable branches it's out of date.
v 8.12.13
- API: Memoize the current_user so that the sudo can work properly. !8017
- Fix missing Note access checks in by moving Note#search to updated NoteFinder
- Filter `authentication_token`, `incoming_email_token` and `runners_token` parameters
v 8.12.12
- Replace MR access checks with use of MergeRequestsFinder
......
......@@ -44,7 +44,7 @@ module Gitlab
#
# Parameters filtered:
# - Password (:password, :password_confirmation)
# - Private tokens (:private_token)
# - Private tokens
# - Two-factor tokens (:otp_attempt)
# - Repo/Project Import URLs (:import_url)
# - Build variables (:variables)
......@@ -54,15 +54,18 @@ module Gitlab
# - Sentry DSN (:sentry_dsn)
# - Deploy keys (:key)
config.filter_parameters += %i(
authentication_token
certificate
encrypted_key
hook
import_url
incoming_email_token
key
otp_attempt
password
password_confirmation
private_token
runners_token
secret_token
sentry_dsn
variables
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment