Anyone is now able to push (initial push) to protected branches even if no one is supposed to be able to
Summary
Anyone is now able to push (initial push) to protected branches even if no one is supposed to be able to
Steps to reproduce
Running Gitlab 8.17.2: Protect branches with wildcard and do not allow anyone to push to it directly. Then push a new branch that matches the wildcard. The push is accepted. Subsequent pushes are refused and require merge request as expected.
What is the current bug behavior?
The first push to a new protected branch is accepted while it was not before. Any developer can now push a branch and it becomes protected. No one can remove them and they accumulate.
What is the expected correct behavior?
The first push to a new protected branch should be refused as the subsequent ones. This is a regression as Gitlab 8.16 was not allowing it.