Skip to content
Snippets Groups Projects
Commit 25241cd7 authored by GitLab Release Tools Bot's avatar GitLab Release Tools Bot
Browse files

Update CHANGELOG.md for 11.5.8 

[ci skip]
parent 422ad5d1
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 27 additions and 95 deletions
CHANGELOG.md
+ 27
0
View file @ 25241cd7
@@ -2,6 +2,33 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
 
## 11.5.8 (2019-01-28)
### Security (21 changes)
- Make potentially malicious links more visible in the UI and scrub RTLO chars from links. !2770
- Don't process MR refs for guests in the notes. !2771
- Fixed XSS content in KaTex links.
- Verify that LFS upload requests are genuine.
- Extract GitLab Pages using RubyZip.
- Prevent awarding emojis to notes whose parent is not visible to user.
- Prevent unauthorized replies when discussion is locked or confidential.
- Disable git v2 protocol temporarily.
- Fix showing ci status for guest users when public pipline are not set.
- Fix contributed projects info still visible when user enable private profile.
- Disallows unauthorized users from accessing the pipelines section.
- Add more LFS validations to prevent forgery.
- Use common error for unauthenticated users when creating issues.
- Fix slow regex in project reference pattern.
- Fix private user email being visible in push (and tag push) webhooks.
- Fix wiki access rights when external wiki is enabled.
- Fix path disclosure on project import error.
- Restrict project import visibility based on its group.
- Expose CI/CD trigger token only to the trigger owner.
- Notify only users who can access the project on project move.
- Alias GitHub and BitBucket OAuth2 callback URLs.
## 11.5.7 (2019-01-15)
 
### Security (1 change)
changelogs/unreleased/11-5-security-stored-xss-via-katex.yml deleted 100644 → 0
+ 0
5
View file @ 422ad5d1
---
title: Fixed XSS content in KaTex links
merge_request:
author:
type: security
changelogs/unreleased/extract-pages-with-rubyzip.yml deleted 100644 → 0
+ 0
5
View file @ 422ad5d1
---
title: Extract GitLab Pages using RubyZip
merge_request:
author:
type: security
changelogs/unreleased/security-11-5-test-permissions.yml deleted 100644 → 0
+ 0
5
View file @ 422ad5d1
---
title: Disallows unauthorized users from accessing the pipelines section.
merge_request:
author:
type: security
changelogs/unreleased/security-2767-verify-lfs-finalize-from-workhorse.yml deleted 100644 → 0
+ 0
5
View file @ 422ad5d1
---
title: Verify that LFS upload requests are genuine
merge_request:
author:
type: security
changelogs/unreleased/security-2769-idn-homograph-attack.yml deleted 100644 → 0
+ 0
5
View file @ 422ad5d1
---
title: Make potentially malicious links more visible in the UI and scrub RTLO chars from links
merge_request: 2770
author:
type: security
changelogs/unreleased/security-2776-fix-add-reaction-permissions.yml deleted 100644 → 0
+ 0
5
View file @ 422ad5d1
---
title: Prevent awarding emojis to notes whose parent is not visible to user
merge_request:
author:
type: security
changelogs/unreleased/security-2779-fix-email-comment-permissions-check.yml deleted 100644 → 0
+ 0
5
View file @ 422ad5d1
---
title: Prevent unauthorized replies when discussion is locked or confidential
merge_request:
author:
type: security
changelogs/unreleased/security-2780-disable-git-v2-protocol.yml deleted 100644 → 0
+ 0
5
View file @ 422ad5d1
---
title: Disable git v2 protocol temporarily
merge_request:
author:
type: security
changelogs/unreleased/security-commit-status-shown-for-guest-user.yml deleted 100644 → 0
+ 0
5
View file @ 422ad5d1
---
title: Fix showing ci status for guest users when public pipline are not set
merge_request:
author:
type: security
changelogs/unreleased/security-contributed-projects.yml deleted 100644 → 0
+ 0
5
View file @ 422ad5d1
---
title: Fix contributed projects info still visible when user enable private profile
merge_request:
author:
type: security
changelogs/unreleased/security-do-not-process-mr-ref-for-guests.yml deleted 100644 → 0
+ 0
5
View file @ 422ad5d1
---
title: Don't process MR refs for guests in the notes
merge_request: 2771
author:
type: security
changelogs/unreleased/security-fix-lfs-import-project-ssrf-forgery.yml deleted 100644 → 0
+ 0
5
View file @ 422ad5d1
---
title: Add more LFS validations to prevent forgery
merge_request:
author:
type: security
changelogs/unreleased/security-fix-new-issues-login-message.yml deleted 100644 → 0
+ 0
5
View file @ 422ad5d1
---
title: Use common error for unauthenticated users when creating issues
merge_request:
author:
type: security
changelogs/unreleased/security-fix-regex-dos.yml deleted 100644 → 0
+ 0
5
View file @ 422ad5d1
---
title: Fix slow regex in project reference pattern
merge_request:
author:
type: security
changelogs/unreleased/security-fix-user-email-tag-push-leak.yml deleted 100644 → 0
+ 0
5
View file @ 422ad5d1
---
title: Fix private user email being visible in push (and tag push) webhooks
merge_request:
author:
type: security
changelogs/unreleased/security-fix-wiki-access-rights-with-external-wiki-enabled.yml deleted 100644 → 0
+ 0
5
View file @ 422ad5d1
---
title: Fix wiki access rights when external wiki is enabled
merge_request:
author:
type: security
changelogs/unreleased/security-import-path-logging.yml deleted 100644 → 0
+ 0
5
View file @ 422ad5d1
---
title: Fix path disclosure on project import error
merge_request:
author:
type: security
changelogs/unreleased/security-import-project-visibility.yml deleted 100644 → 0
+ 0
5
View file @ 422ad5d1
---
title: Restrict project import visibility based on its group
merge_request:
author:
type: security
changelogs/unreleased/security-pipeline-trigger-tokens-exposure.yml deleted 100644 → 0
+ 0
5
View file @ 422ad5d1
---
title: Expose CI/CD trigger token only to the trigger owner
merge_request:
author:
type: security
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment