Skip to content

G
gitlab-ce
Commit 9afc6928 authored by GitLab Release Tools Bot's avatar GitLab Release Tools Bot
1 Browse files
Options

Update CHANGELOG.md for 11.11.6 

[ci skip]
parent 5bdb9976
Show whitespace changes
Inline Side-by-side
Showing with 15 additions and 45 deletions
CHANGELOG.md
View file @ 9afc6928
...@@ -2,6 +2,21 @@ ...@@ -2,6 +2,21 @@
documentation](doc/development/changelog.md) for instructions on adding your own documentation](doc/development/changelog.md) for instructions on adding your own
entry. entry.
## 11.11.6
### Security (9 changes)
- Restrict slash commands to users who can log in.
- Patch XSS issue in wiki links.
- Filter merge request params on the new merge request page.
- Fix Server Side Request Forgery mitigation bypass.
- Show badges if pipelines are public otherwise default to project permissions.
- Do not allow localhost url redirection in GitHub Integration.
- Do not show moved issue id for users that cannot read issue.
- Use source project as permissions reference for MergeRequestsController#pipelines.
- Drop feature to take ownership of trigger token.
## 11.11.5 (2019-06-27) ## 11.11.5 (2019-06-27)
- No changes. - No changes.
......
changelogs/unreleased/security-2873-blocked-user-slash-command-bypass-master.yml deleted 100644 → 0
View file @ 5bdb9976
---
title: Restrict slash commands to users who can log in
merge_request:
author:
type: security
changelogs/unreleased/security-60143-patch-additional-xss-vector-in-wikis.yml deleted 100644 → 0
View file @ 5bdb9976
---
title: Patch XSS issue in wiki links
merge_request:
author:
type: security
changelogs/unreleased/security-bvl-filter-mr-params.yml deleted 100644 → 0
View file @ 5bdb9976
---
title: Filter merge request params on the new merge request page
merge_request:
author:
type: security
changelogs/unreleased/security-dns-ssrf-bypass.yml deleted 100644 → 0
View file @ 5bdb9976
---
title: Fix Server Side Request Forgery mitigation bypass
merge_request:
author:
type: security
changelogs/unreleased/security-fix-badges-leaked-to-unauthorized-users.yml deleted 100644 → 0
View file @ 5bdb9976
---
title: Show badges if pipelines are public otherwise default to project permissions.
erge_request:
author:
type: security
changelogs/unreleased/security-github-ssrf-redirect.yml deleted 100644 → 0
View file @ 5bdb9976
---
title: Do not allow localhost url redirection in GitHub Integration
merge_request:
author:
type: security
changelogs/unreleased/security-hide_moved_issue_id.yml deleted 100644 → 0
View file @ 5bdb9976
---
title: Do not show moved issue id for users that cannot read issue
merge_request:
author:
type: security
changelogs/unreleased/security-mr-pipeline-permissions.yml deleted 100644 → 0
View file @ 5bdb9976
---
title: Use source project as permissions reference for MergeRequestsController#pipelines
merge_request:
author:
type: security
changelogs/unreleased/security-remove-take-trigger-ownership-feature.yml deleted 100644 → 0
View file @ 5bdb9976
---
title: Drop feature to take ownership of trigger token.
merge_request:
author:
type: security
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7