-
Francisco Javier Lopez authored
At the moment, when we create a ProtectedBranch or ProtectedTag when don't check that the user/group is already a member of the project. That means that when creating/updating the params can be tampered and add a user/group outside the project.
dbf7978b