Merge branch 'improve_documentation_of_non_configurable_rate_limits' into 'master'

Improve documentation of non configurable rate limits See merge request gitlab-org/gitlab!78660

Merge branch 'improve_documentation_of_non_configurable_rate_limits' into 'master'
Improve documentation of non configurable rate limits See merge request gitlab-org/gitlab!78660
c47b7c9d · Fiona Neill · 4e919e4c · 211adafe · c47b7c9d
Commit c47b7c9d authored Jan 20, 2022 by Fiona Neill
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 6 deletions

doc/security/rate_limits.md doc/security/rate_limits.md +6 -6

No files found.
--- a/doc/security/rate_limits.md
+++ b/doc/security/rate_limits.md
@@ -89,7 +89,7 @@ The **rate limit** is 5 requests per minute per user.

 ### Users sign up

-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77835) in GitLab 14.7.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/339151) in GitLab 14.7.

 There is a rate limit per IP address on the `/users/sign_up` endpoint. This is to mitigate attempts to misuse the endpoint. For example, to mass
 discover usernames or email addresses in use. 
@@ -98,19 +98,19 @@ The **rate limit** is 20 calls per minute per IP address.

 ### Update username

-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77221) in GitLab 14.7.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/339152) in GitLab 14.7.

-There is a rate limit on the update username action. This is enforced to mitigate misuse of the feature. For example, to mass discover
+There is a rate limit on how frequently a username can be changed. This is enforced to mitigate misuse of the feature. For example, to mass discover
 which usernames are in use.

 The **rate limit** is 10 calls per minute per signed-in user.

 ### Username exists

-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77119) in GitLab 14.7.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/29040) in GitLab 14.7.

-There is a rate limit for the internal endpoint `/users/:username/exists`, used by registration to perform a client-side validation for
-uniqueness of the chosen username. This is to mitigate the risk of misuses, such as mass discovery of usernames in use.
+There is a rate limit for the internal endpoint `/users/:username/exists`, used upon sign up to check if a chosen username has already been taken.
+This is to mitigate the risk of misuses, such as mass discovery of usernames in use.

 The **rate limit** is 20 calls per minute per IP address.