Do not allow script execution on dependency responses
Merge branch 'security-maven-dependency-proxy-xss' into 'master' See merge request gitlab-org/security/gitlab!4227 Changelog: security
显示
- ee/lib/api/concerns/dependency_proxy/packages_helpers.rb 15 个添加, 1 个删除ee/lib/api/concerns/dependency_proxy/packages_helpers.rb
- ee/lib/api/dependency_proxy/packages/maven.rb 1 个添加, 0 个删除ee/lib/api/dependency_proxy/packages/maven.rb
- ee/spec/features/dependency_proxy/packages/maven_spec.rb 3 个添加, 0 个删除ee/spec/features/dependency_proxy/packages/maven_spec.rb
- ee/spec/requests/api/dependency_proxy/packages/maven_spec.rb 17 个添加, 0 个删除ee/spec/requests/api/dependency_proxy/packages/maven_spec.rb
- lib/gitlab/workhorse.rb 11 个添加, 2 个删除lib/gitlab/workhorse.rb
- spec/lib/gitlab/workhorse_spec.rb 6 个添加, 3 个删除spec/lib/gitlab/workhorse_spec.rb
- workhorse/_support/lint_last_known_acceptable_go1.21.txt 8 个添加, 8 个删除workhorse/_support/lint_last_known_acceptable_go1.21.txt
- workhorse/_support/lint_last_known_acceptable_go1.22.txt 8 个添加, 8 个删除workhorse/_support/lint_last_known_acceptable_go1.22.txt
- workhorse/internal/dependencyproxy/dependencyproxy.go 17 个添加, 5 个删除workhorse/internal/dependencyproxy/dependencyproxy.go
- workhorse/internal/dependencyproxy/dependencyproxy_test.go 5 个添加, 1 个删除workhorse/internal/dependencyproxy/dependencyproxy_test.go
- workhorse/internal/sendurl/sendurl.go 10 个添加, 0 个删除workhorse/internal/sendurl/sendurl.go
- workhorse/internal/sendurl/sendurl_test.go 5 个添加, 0 个删除workhorse/internal/sendurl/sendurl_test.go
加载中
想要评论请 注册 或 登录