Update CHANGELOG.md for 10.3.4

[ci skip]
This commit is contained in:
Oswaldo Ferreira 2018-01-10 20:27:33 -02:00
parent be623ef3c1
commit f284097ddd

View file

@ -2,6 +2,19 @@
documentation](doc/development/changelog.md) for instructions on adding your own documentation](doc/development/changelog.md) for instructions on adding your own
entry. entry.
## 10.3.4 (2018-01-10)
### Security (7 changes, 1 of them is from the community)
- Prevent a SQL injection in the MilestonesFinder.
- Fix RCE via project import mechanism.
- Prevent OAuth login POST requests when a provider has been disabled.
- Filter out sensitive fields from the project services API. (Robert Schilling)
- Check user authorization for source and target projects when creating a merge request.
- Fix path traversal in gitlab-ci.yml cache:key.
- Fix writable shared deploy keys.
## 10.3.3 (2018-01-02) ## 10.3.3 (2018-01-02)
### Fixed (3 changes) ### Fixed (3 changes)