Skip to content

Remove `download_code` dependency from access to read merge requests

What does this MR do and why?

This is the 17-7 backport for !175444 (merged), which fixes https://gitlab.com/gitlab-org/gitlab/-/issues/510162.

Note that the fix !175444 (merged) will included in %17.8 while the vulnerability was introduced in %17.7 hence the need for this backport. Also, given its low severity, it was deemed security-fix-in-public.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

  • This MR is backporting a bug fix, documentation update, or spec fix, previously merged in the default branch.
  • The MR that fixed the bug on the default branch has been deployed to GitLab.com (not applicable for documentation or spec changes).
  • This MR has a severity label assigned (if applicable).
  • Set the milestone of the merge request to match the target backport branch version.
  • This MR has been approved by a maintainer (only one approval is required).
  • Ensure the e2e:test-on-omnibus-ee job has either succeeded or been approved by a Software Engineer in Test.

Note to the merge request author and maintainer

If you have questions about the patch release process, please:

Edited by Eugenia Grieff

Merge request reports

Loading