Commit 86f56441 authored by Robert Speicher's avatar Robert Speicher

Update CHANGELOG for 8.6.8

[ci skip]
parent 13a4f9fc
Please view this file on the master branch, on stable branches it's out of date.
v 8.6.8
- Fix a window.opener bug that could lead to XSS and open redirects
- Prevent privilege escalation via "impersonate" feature
- Prevent privilege escalation via notes API
- Prevent privilege escalation via project webhook API
- Prevent XSS via Git branch and tag names
- Prevent XSS via custom issue tracker URL
- Fix vulnerability that leaks private labels and milestones
- Prevent XSS with in label dropdown
- Prevent privilege escalation via "impersonate" feature
- Prevent users from deleting Webhooks via API they do not own
- Prevent XSS via `window.opener`
- Prevent XSS via label drop-down
- Prevent information disclosure via milestone API
- Prevent information disclosure via snippet API
- Prevent information disclosure via project labels
- Prevent information disclosure via new merge request page
v 8.6.7
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment