From b93c3112d035a0a843945d292006303d11621725 Mon Sep 17 00:00:00 2001 From: Yorick Peterse Date: Thu, 31 Jan 2019 17:41:23 +0100 Subject: [PATCH] Fixed changelog for 11.7.2 This got merged up somewhere in the process of merging dev.gitlab.org and GitLab.com back together. --- CHANGELOG.md | 27 --------------------------- 1 file changed, 27 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 37bff7e50a3..4985c607d57 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,33 +4,6 @@ entry. ## 11.7.2 (2019-01-29) -### Security (24 changes) - -- Make potentially malicious links more visible in the UI and scrub RTLO chars from links. !2770 -- Don't process MR refs for guests in the notes. !2771 -- Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !2828 -- Fixed XSS content in KaTex links. -- Disallows unauthorized users from accessing the pipelines section. -- Verify that LFS upload requests are genuine. -- Extract GitLab Pages using RubyZip. -- Prevent awarding emojis to notes whose parent is not visible to user. -- Prevent unauthorized replies when discussion is locked or confidential. -- Disable git v2 protocol temporarily. -- Fix showing ci status for guest users when public pipline are not set. -- Fix contributed projects info still visible when user enable private profile. -- Add subresources removal to member destroy service. -- Add more LFS validations to prevent forgery. -- Use common error for unauthenticated users when creating issues. -- Fix slow regex in project reference pattern. -- Fix private user email being visible in push (and tag push) webhooks. -- Fix wiki access rights when external wiki is enabled. -- Group guests are no longer able to see merge requests they don't have access to at group level. -- Fix path disclosure on project import error. -- Restrict project import visibility based on its group. -- Expose CI/CD trigger token only to the trigger owner. -- Notify only users who can access the project on project move. -- Alias GitHub and BitBucket OAuth2 callback URLs. - ### Fixed (1 change) - Fix uninitialized constant with GitLab Pages.