Oswaldo Ferreira
parent
f284097ddd
commit
16855c8b9f
15
CHANGELOG.md
15
CHANGELOG.md
|
|
@ -193,6 +193,21 @@ entry.
|
|||
- Clean up schema of the "merge_requests" table.
|
||||
|
||||
|
||||
## 10.2.6 (2018-01-11)
|
||||
|
||||
### Security (9 changes, 1 of them is from the community)
|
||||
|
||||
- Fix writable shared deploy keys.
|
||||
- Filter out sensitive fields from the project services API. (Robert Schilling)
|
||||
- Fix RCE via project import mechanism.
|
||||
- Fixed IPython notebook output not being sanitized.
|
||||
- Prevent OAuth login POST requests when a provider has been disabled.
|
||||
- Prevent a SQL injection in the MilestonesFinder.
|
||||
- Check user authorization for source and target projects when creating a merge request.
|
||||
- Fix path traversal in gitlab-ci.yml cache:key.
|
||||
- Fix XSS vulnerability in pipeline job trace.
|
||||
|
||||
|
||||
## 10.2.5 (2017-12-15)
|
||||
|
||||
### Fixed (8 changes)
|
||||
|
|
|
|||
Loading…
Reference in New Issue