parent
a90b38641d
commit
cc7b15fe93
15
CHANGELOG.md
15
CHANGELOG.md
|
@ -644,6 +644,21 @@ entry.
|
||||||
- Moves snowplow to CE repo.
|
- Moves snowplow to CE repo.
|
||||||
|
|
||||||
|
|
||||||
|
## 11.11.7
|
||||||
|
|
||||||
|
### Security (9 changes)
|
||||||
|
|
||||||
|
- Restrict slash commands to users who can log in.
|
||||||
|
- Patch XSS issue in wiki links.
|
||||||
|
- Filter merge request params on the new merge request page.
|
||||||
|
- Fix Server Side Request Forgery mitigation bypass.
|
||||||
|
- Show badges if pipelines are public otherwise default to project permissions.
|
||||||
|
- Do not allow localhost url redirection in GitHub Integration.
|
||||||
|
- Do not show moved issue id for users that cannot read issue.
|
||||||
|
- Use source project as permissions reference for MergeRequestsController#pipelines.
|
||||||
|
- Drop feature to take ownership of trigger token.
|
||||||
|
|
||||||
|
|
||||||
## 11.11.4 (2019-06-26)
|
## 11.11.4 (2019-06-26)
|
||||||
|
|
||||||
### Fixed (3 changes)
|
### Fixed (3 changes)
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
---
|
|
||||||
title: Patch XSS issue in wiki links
|
|
||||||
merge_request:
|
|
||||||
author:
|
|
||||||
type: security
|
|
|
@ -1,5 +0,0 @@
|
||||||
---
|
|
||||||
title: Filter merge request params on the new merge request page
|
|
||||||
merge_request:
|
|
||||||
author:
|
|
||||||
type: security
|
|
|
@ -1,5 +0,0 @@
|
||||||
---
|
|
||||||
title: Fix Server Side Request Forgery mitigation bypass
|
|
||||||
merge_request:
|
|
||||||
author:
|
|
||||||
type: security
|
|
|
@ -1,5 +0,0 @@
|
||||||
---
|
|
||||||
title: Show badges if pipelines are public otherwise default to project permissions.
|
|
||||||
erge_request:
|
|
||||||
author:
|
|
||||||
type: security
|
|
|
@ -1,5 +0,0 @@
|
||||||
---
|
|
||||||
title: Do not allow localhost url redirection in GitHub Integration
|
|
||||||
merge_request:
|
|
||||||
author:
|
|
||||||
type: security
|
|
|
@ -1,5 +0,0 @@
|
||||||
---
|
|
||||||
title: Do not show moved issue id for users that cannot read issue
|
|
||||||
merge_request:
|
|
||||||
author:
|
|
||||||
type: security
|
|
|
@ -1,5 +0,0 @@
|
||||||
---
|
|
||||||
title: Drop feature to take ownership of trigger token.
|
|
||||||
merge_request:
|
|
||||||
author:
|
|
||||||
type: security
|
|
Loading…
Reference in New Issue