gitlab-org--gitlab-foss/changelogs/unreleased/html-safe-diff-line-content.yml
Robert Speicher edf7dbfacd Merge branch 'html-safe-diff-line-content' into 'security'
Don't accidentally mark unsafe diff lines as HTML safe

Fixes potential XSS issue when a legacy diff note is created on a merge
request whose diff contained HTML

See https://gitlab.com/gitlab-org/gitlab-ce/issues/25249

See merge request !2040
2016-12-08 21:38:35 -03:00

4 lines
91 B
YAML

---
title: Don't accidentally mark unsafe diff lines as HTML safe
merge_request:
author: