Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.
While none of our calls seems to be exploitable (at this time) to issue like CVE-2021-29472 there is no attempt to prevent it. It might be become ugly real fast if a new feature starts using the existing possibility offered by \Git_Exec in a different way.
gerrit #27169 integrated in Tuleap 22.214.171.124
gerrit #26963 integrated into Tuleap 126.96.36.199
Integrated in Tuleap 188.8.131.52
Closed by @tgerbet with git #tuleap/stable/e2b6a5bfca360063ef64879d94207b2ac1cd26fe.
See gerrit #26908.