Update CHANGELOG.md for 11.5.8
[ci skip]
This commit is contained in:
parent
3b6a88ccd9
commit
c0dbf23cb5
1 changed files with 27 additions and 0 deletions
27
CHANGELOG.md
27
CHANGELOG.md
|
@ -558,6 +558,33 @@ entry.
|
|||
- Enable Rubocop on lib/gitlab. (gfyoung)
|
||||
|
||||
|
||||
## 11.5.8 (2019-01-28)
|
||||
|
||||
### Security (21 changes)
|
||||
|
||||
- Make potentially malicious links more visible in the UI and scrub RTLO chars from links. !2770
|
||||
- Don't process MR refs for guests in the notes. !2771
|
||||
- Fixed XSS content in KaTex links.
|
||||
- Verify that LFS upload requests are genuine.
|
||||
- Extract GitLab Pages using RubyZip.
|
||||
- Prevent awarding emojis to notes whose parent is not visible to user.
|
||||
- Prevent unauthorized replies when discussion is locked or confidential.
|
||||
- Disable git v2 protocol temporarily.
|
||||
- Fix showing ci status for guest users when public pipline are not set.
|
||||
- Fix contributed projects info still visible when user enable private profile.
|
||||
- Disallows unauthorized users from accessing the pipelines section.
|
||||
- Add more LFS validations to prevent forgery.
|
||||
- Use common error for unauthenticated users when creating issues.
|
||||
- Fix slow regex in project reference pattern.
|
||||
- Fix private user email being visible in push (and tag push) webhooks.
|
||||
- Fix wiki access rights when external wiki is enabled.
|
||||
- Fix path disclosure on project import error.
|
||||
- Restrict project import visibility based on its group.
|
||||
- Expose CI/CD trigger token only to the trigger owner.
|
||||
- Notify only users who can access the project on project move.
|
||||
- Alias GitHub and BitBucket OAuth2 callback URLs.
|
||||
|
||||
|
||||
## 11.5.5 (2018-12-20)
|
||||
|
||||
### Security (1 change)
|
||||
|
|
Loading…
Reference in a new issue