Jose Ivan Vargas
parent
916e16426d
commit
a0274a502b
12
CHANGELOG.md
12
CHANGELOG.md
|
|
@ -203,6 +203,18 @@ entry.
|
|||
- Use a specialized class for querying events to improve performance.
|
||||
- Update build badges to be pipeline badges and display passing instead of success.
|
||||
|
||||
## 9.4.6 (2017-09-06)
|
||||
|
||||
- [SECURITY] Upgrade mail and nokogiri gems due to security issues. !13662 (Markus Koller)
|
||||
- [SECURITY] Prevent a persistent XSS in the commit author block.
|
||||
- Fix XSS issue in go-get handling.
|
||||
- Remove hidden symlinks from project import files.
|
||||
- Fixes race condition in project uploads.
|
||||
- Disallow Git URLs that include a username or hostname beginning with a non-alphanumeric character.
|
||||
- Disallow arbitrary properties in `th` and `td` `style` attributes.
|
||||
- Resolve CSRF token leakage via pathname manipulation on environments page.
|
||||
- Disallow the `name` attribute on all user-provided markup.
|
||||
|
||||
## 9.4.5 (2017-08-14)
|
||||
|
||||
- Fix deletion of deploy keys linked to other projects. !13162
|
||||
|
|
|
|||
Loading…
Reference in New Issue