lib · v7.8.2 · Forest Godfrey / gitlab-ce

Merge branch 'project-existence-leak' into 'master' · 650a7c73

authored Mar 03, 2015

Don't leak information about private project existence via Git-over-SSH/HTTP.

Fixes #2040 and https://gitlab.com/gitlab-org/gitlab-ce/issues/343.

Both `Grack::Auth` (used by Git-over-HTTP) and `Api::Internal /allowed` (used by gitlab-shell/Git-over-SSH) now return a generic "Not Found" error when the project exists but the user doesn't have access to it.

See merge request !1578

650a7c73

Name	Last commit	Last update
..
api		Loading commit data...
assets		Loading commit data...
backup		Loading commit data...
gitlab		Loading commit data...
redcarpet/render		Loading commit data...
support		Loading commit data...
tasks		Loading commit data...
disable_email_interceptor.rb		Loading commit data...
email_validator.rb		Loading commit data...
event_filter.rb		Loading commit data...
extracts_path.rb		Loading commit data...
file_size_validator.rb		Loading commit data...
gt_one_coercion.rb		Loading commit data...
repository_cache.rb		Loading commit data...
static_model.rb		Loading commit data...
unfold_form.rb		Loading commit data...