Skip to content
Snippets Groups Projects
Unverified Commit 33e143ea authored by Robert Speicher's avatar Robert Speicher
Browse files

Revert "Update CHANGELOG.md for 11.5.8" 

This reverts commit 25241cd7.
parent 5c58651a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 95 additions and 27 deletions
CHANGELOG.md
+ 0
27
View file @ 33e143ea
@@ -2,33 +2,6 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
 
## 11.5.8 (2019-01-28)
### Security (21 changes)
- Make potentially malicious links more visible in the UI and scrub RTLO chars from links. !2770
- Don't process MR refs for guests in the notes. !2771
- Fixed XSS content in KaTex links.
- Verify that LFS upload requests are genuine.
- Extract GitLab Pages using RubyZip.
- Prevent awarding emojis to notes whose parent is not visible to user.
- Prevent unauthorized replies when discussion is locked or confidential.
- Disable git v2 protocol temporarily.
- Fix showing ci status for guest users when public pipline are not set.
- Fix contributed projects info still visible when user enable private profile.
- Disallows unauthorized users from accessing the pipelines section.
- Add more LFS validations to prevent forgery.
- Use common error for unauthenticated users when creating issues.
- Fix slow regex in project reference pattern.
- Fix private user email being visible in push (and tag push) webhooks.
- Fix wiki access rights when external wiki is enabled.
- Fix path disclosure on project import error.
- Restrict project import visibility based on its group.
- Expose CI/CD trigger token only to the trigger owner.
- Notify only users who can access the project on project move.
- Alias GitHub and BitBucket OAuth2 callback URLs.
## 11.5.7 (2019-01-15)
 
### Security (1 change)
changelogs/unreleased/11-5-security-stored-xss-via-katex.yml 0 → 100644
+ 5
0
View file @ 33e143ea
---
title: Fixed XSS content in KaTex links
merge_request:
author:
type: security
changelogs/unreleased/extract-pages-with-rubyzip.yml 0 → 100644
+ 5
0
View file @ 33e143ea
---
title: Extract GitLab Pages using RubyZip
merge_request:
author:
type: security
changelogs/unreleased/security-11-5-test-permissions.yml 0 → 100644
+ 5
0
View file @ 33e143ea
---
title: Disallows unauthorized users from accessing the pipelines section.
merge_request:
author:
type: security
changelogs/unreleased/security-2767-verify-lfs-finalize-from-workhorse.yml 0 → 100644
+ 5
0
View file @ 33e143ea
---
title: Verify that LFS upload requests are genuine
merge_request:
author:
type: security
changelogs/unreleased/security-2769-idn-homograph-attack.yml 0 → 100644
+ 5
0
View file @ 33e143ea
---
title: Make potentially malicious links more visible in the UI and scrub RTLO chars from links
merge_request: 2770
author:
type: security
changelogs/unreleased/security-2776-fix-add-reaction-permissions.yml 0 → 100644
+ 5
0
View file @ 33e143ea
---
title: Prevent awarding emojis to notes whose parent is not visible to user
merge_request:
author:
type: security
changelogs/unreleased/security-2779-fix-email-comment-permissions-check.yml 0 → 100644
+ 5
0
View file @ 33e143ea
---
title: Prevent unauthorized replies when discussion is locked or confidential
merge_request:
author:
type: security
changelogs/unreleased/security-2780-disable-git-v2-protocol.yml 0 → 100644
+ 5
0
View file @ 33e143ea
---
title: Disable git v2 protocol temporarily
merge_request:
author:
type: security
changelogs/unreleased/security-commit-status-shown-for-guest-user.yml 0 → 100644
+ 5
0
View file @ 33e143ea
---
title: Fix showing ci status for guest users when public pipline are not set
merge_request:
author:
type: security
changelogs/unreleased/security-contributed-projects.yml 0 → 100644
+ 5
0
View file @ 33e143ea
---
title: Fix contributed projects info still visible when user enable private profile
merge_request:
author:
type: security
changelogs/unreleased/security-do-not-process-mr-ref-for-guests.yml 0 → 100644
+ 5
0
View file @ 33e143ea
---
title: Don't process MR refs for guests in the notes
merge_request: 2771
author:
type: security
changelogs/unreleased/security-fix-lfs-import-project-ssrf-forgery.yml 0 → 100644
+ 5
0
View file @ 33e143ea
---
title: Add more LFS validations to prevent forgery
merge_request:
author:
type: security
changelogs/unreleased/security-fix-new-issues-login-message.yml 0 → 100644
+ 5
0
View file @ 33e143ea
---
title: Use common error for unauthenticated users when creating issues
merge_request:
author:
type: security
changelogs/unreleased/security-fix-regex-dos.yml 0 → 100644
+ 5
0
View file @ 33e143ea
---
title: Fix slow regex in project reference pattern
merge_request:
author:
type: security
changelogs/unreleased/security-fix-user-email-tag-push-leak.yml 0 → 100644
+ 5
0
View file @ 33e143ea
---
title: Fix private user email being visible in push (and tag push) webhooks
merge_request:
author:
type: security
changelogs/unreleased/security-fix-wiki-access-rights-with-external-wiki-enabled.yml 0 → 100644
+ 5
0
View file @ 33e143ea
---
title: Fix wiki access rights when external wiki is enabled
merge_request:
author:
type: security
changelogs/unreleased/security-import-path-logging.yml 0 → 100644
+ 5
0
View file @ 33e143ea
---
title: Fix path disclosure on project import error
merge_request:
author:
type: security
changelogs/unreleased/security-import-project-visibility.yml 0 → 100644
+ 5
0
View file @ 33e143ea
---
title: Restrict project import visibility based on its group
merge_request:
author:
type: security
changelogs/unreleased/security-pipeline-trigger-tokens-exposure.yml 0 → 100644
+ 5
0
View file @ 33e143ea
---
title: Expose CI/CD trigger token only to the trigger owner
merge_request:
author:
type: security
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment