Remove project and group releases json endpoints
We already have proper API for releases, and API correctly handles guests permissions(not exposing tags).
But currently, frontend uses
- https://gitlab.com/gitlab-org/gitlab/blob/af2320c7637b83525c9419a8263ea20ce2818876/app/controllers/projects/releases_controller.rb#L24
- https://gitlab.com/gitlab-org/gitlab/blob/af2320c7637b83525c9419a8263ea20ce2818876/app/controllers/groups/releases_controller.rb#L10
at least for issues filters(see this issue.
Since 2 endpoints above aren't a public API, we can remove them when fronted stops requesting them.
-
send an error to sentry if these enpoints are accessed(or find another way to verify they aren't, e.g. use grafana) -
remove these endpoints
This is marked as security because at the moment these endpoint leak information about git tags.
Edited by Nicole Williams