[ci skip]

[11.2] Security kubeclient ssrf

See merge request gitlab/gitlabhq!2576

[ci skip]

Robert Speicher authored 6 years ago and Thiago Presa committed 6 years ago

[11.2] Fix Token lookup for Git over HTTP and registry authentication

See merge request gitlab/gitlabhq!2579

[ci skip]

Jan Provaznik authored 6 years ago and Thiago Presa committed 6 years ago

[11.2] Escape issue title while template rendering to prevent XSS

See merge request gitlab/gitlabhq!2558

Jan Provaznik authored 6 years ago and Thiago Presa committed 6 years ago

[11.2] Redact unsubscribe links in issuable texts

See merge request gitlab/gitlabhq!2567

Jan Provaznik authored 6 years ago and Thiago Presa committed 6 years ago

: [11.2] Resolve "Sensitive information is stored in browser history"

See merge request gitlab/gitlabhq!2560

Jan Provaznik authored 6 years ago and Thiago Presa committed 6 years ago

[11.2] JUnit test reports endpoint exposes full stack trace in production mode

See merge request gitlab/gitlabhq!2554

Jan Provaznik authored 6 years ago and Thiago Presa committed 6 years ago

[11.2] Persist only SHA digest of PersonalAccessToken#token

See merge request gitlab/gitlabhq!2553

[11.2] Fix XSS in MR source branch name

See merge request gitlab/gitlabhq!2546

[11.2] Prevent SSRF attacks in HipChat integration

See merge request gitlab/gitlabhq!2549

[ci skip]

[11.2] Confidential issue/private snippet titles can be read by unauthenticated user through GFM markdown API

See merge request gitlab/gitlabhq!2534

[11-2] Fix leaking private project namespace

See merge request gitlab/gitlabhq!2541

[11.2] Filter user sensitive data from discussions JSON

See merge request gitlab/gitlabhq!2538

[ci skip]

[11.2] Stored XSS in Gitlab Merge Request from imported repository

See merge request gitlab/gitlabhq!2501

[11.2] Fix XSS vulnerability sourced from package.json's homepage

See merge request gitlab/gitlabhq!2509

[11.2] Redact events shown in the events API

See merge request gitlab/gitlabhq!2519

Include the Gitaly security release upstream

See merge request gitlab/gitlabhq!2513

Block loopback addresses in UrlBlocker (11.2 port)

See merge request gitlab/gitlabhq!2522

Merge branch 'security-11-2-6881-project-group-approvers-leaks-private-group-info-ce' into 'security-11-2'

[11.2] Project group approvers leaks private group info

See merge request gitlab/gitlabhq!2489

[11.2] - Do not persist errors from Kubernetes calls

See merge request gitlab/gitlabhq!2504

[11.2] Fix XSS on Issue details page.

See merge request gitlab/gitlabhq!2471

[11.2] Fix syntax highlight taking too long

See merge request gitlab/gitlabhq!2484

[ci skip]

Jose Ivan Vargas Lopez authored 6 years ago and Jose Ivan Vargas Lopez committed 6 years ago

[11.2] Include rich_text in diff cache keys

See merge request gitlab/gitlabhq!2483

[ci skip]

Jose Ivan Vargas Lopez authored 6 years ago and Jose Ivan Vargas Lopez committed 6 years ago

[11.2] Resolve "Orphaned upload files are accessible via project exports"

See merge request gitlab/gitlabhq!2464

Jose Ivan Vargas Lopez authored 6 years ago and Jose Ivan Vargas Lopez committed 6 years ago

[11.2] Missing CSRF in System Hooks resend action

See merge request gitlab/gitlabhq!2476

Jose Ivan Vargas Lopez authored 6 years ago and Jose Ivan Vargas Lopez committed 6 years ago

[11.2] Removes <br> sent from backend on tooltips in jobs

See merge request gitlab/gitlabhq!2458

Jose Ivan Vargas Lopez authored 6 years ago and Jose Ivan Vargas Lopez committed 6 years ago

[11.2] Port of Fixed persistent XSS rendering/escaping of diff location lines to 11.2

See merge request gitlab/gitlabhq!2473