parent
a90b38641d
commit
cc7b15fe93
15
CHANGELOG.md
15
CHANGELOG.md
|
@ -644,6 +644,21 @@ entry.
|
|||
- Moves snowplow to CE repo.
|
||||
|
||||
|
||||
## 11.11.7
|
||||
|
||||
### Security (9 changes)
|
||||
|
||||
- Restrict slash commands to users who can log in.
|
||||
- Patch XSS issue in wiki links.
|
||||
- Filter merge request params on the new merge request page.
|
||||
- Fix Server Side Request Forgery mitigation bypass.
|
||||
- Show badges if pipelines are public otherwise default to project permissions.
|
||||
- Do not allow localhost url redirection in GitHub Integration.
|
||||
- Do not show moved issue id for users that cannot read issue.
|
||||
- Use source project as permissions reference for MergeRequestsController#pipelines.
|
||||
- Drop feature to take ownership of trigger token.
|
||||
|
||||
|
||||
## 11.11.4 (2019-06-26)
|
||||
|
||||
### Fixed (3 changes)
|
||||
|
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
title: Patch XSS issue in wiki links
|
||||
merge_request:
|
||||
author:
|
||||
type: security
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
title: Filter merge request params on the new merge request page
|
||||
merge_request:
|
||||
author:
|
||||
type: security
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
title: Fix Server Side Request Forgery mitigation bypass
|
||||
merge_request:
|
||||
author:
|
||||
type: security
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
title: Show badges if pipelines are public otherwise default to project permissions.
|
||||
erge_request:
|
||||
author:
|
||||
type: security
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
title: Do not allow localhost url redirection in GitHub Integration
|
||||
merge_request:
|
||||
author:
|
||||
type: security
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
title: Do not show moved issue id for users that cannot read issue
|
||||
merge_request:
|
||||
author:
|
||||
type: security
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
title: Drop feature to take ownership of trigger token.
|
||||
merge_request:
|
||||
author:
|
||||
type: security
|
Loading…
Reference in New Issue