From a674e131ee35b5e11d0c6eee6c00372b7d232d6d Mon Sep 17 00:00:00 2001 From: Luke Bennett <lukeeeebennettplus@gmail.com> Date: Mon, 5 Feb 2018 13:47:45 +0000 Subject: [PATCH] Update CHANGELOG.md for 10.3.7 [ci skip] --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3794ebc7d25..11998bb2bb2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -207,6 +207,16 @@ entry. - Use a background migration for issues.closed_at. +## 10.3.7 (2018-02-05) + +### Security (4 changes) + +- Fix namespace access issue for GitHub, BitBucket, and GitLab.com project importers. +- Fix stored XSS in code blocks that ignore highlighting. +- Fix wilcard protected tags protecting all branches. +- Restrict Todo API mark_as_done endpoint to the user's todos only. + + ## 10.3.6 (2018-01-22) ### Fixed (17 changes, 2 of them are from the community) -- 2.30.9