Commit 874d0069 authored by Jose Ivan Vargas's avatar Jose Ivan Vargas

Update CHANGELOG.md for 9.5.4

[ci skip]
parent 841c52c8
...@@ -2,6 +2,16 @@ ...@@ -2,6 +2,16 @@
documentation](doc/development/changelog.md) for instructions on adding your own documentation](doc/development/changelog.md) for instructions on adding your own
entry. entry.
## 9.5.4 (2017-09-06)
- [SECURITY] Upgrade mail and nokogiri gems due to security issues. !13662 (Markus Koller)
- [SECURITY] Prevent a persistent XSS in the commit author block.
- Fix XSS issue in go-get handling.
- Resolve CSRF token leakage via pathname manipulation on environments page.
- Fixes race condition in project uploads.
- Disallow arbitrary properties in `th` and `td` `style` attributes.
- Disallow the `name` attribute on all user-provided markup.
## 9.5.3 (2017-09-03) ## 9.5.3 (2017-09-03)
- [SECURITY] Filter additional secrets from Rails logs. - [SECURITY] Filter additional secrets from Rails logs.
......
---
title: Resolve CSRF token leakage via pathname manipulation on environments page
merge_request:
author:
---
title: Fix XSS issue in go-get handling
merge_request:
author:
---
title: Prevent a persistent XSS in the commit author block
merge_request:
author:
type: security
---
title: Upgrade mail and nokogiri gems due to security issues
merge_request: 13662
author: Markus Koller
type: security
---
title: Fixes race condition in project uploads
merge_request:
author:
---
title: Disallow arbitrary properties in `th` and `td` `style` attributes
merge_request:
author:
---
title: Disallow the `name` attribute on all user-provided markup
merge_request:
author:
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment