Add security fixes to CHANGELOG-EE.md

b011ffe8 · Michael Kozono · 00fc016b · b011ffe8
Commit b011ffe8 authored Nov 09, 2017 by Michael Kozono
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 1 deletion

CHANGELOG-EE.md CHANGELOG-EE.md +8 -1

No files found.
--- a/CHANGELOG-EE.md
+++ b/CHANGELOG-EE.md
 Please view this file on the master branch, on stable branches it's out of date.

+## 10.1.2 (2017-11-08)
+
+- [SECURITY] Fix vulnerability that could allow any user of a Geo instance to clone any repository on the secondary instance.
+- [SECURITY] Geo JSON web tokens now expire after two minutes to reduce risk of compromise.
+- [SECURITY] Add X-Content-Type-Options header in API responses to make it more difficult to find other vulnerabilities.
+- [SECURITY] Properly translate IP addresses written in decimal, octal, or other formats in SSRF protections in project imports.
+- [FIXED] Fix TRIGGER checks for MySQL.
+
 ## 10.1.1 (2017-10-31)

- No changes.
 - [FIXED] Fix LDAP group sync for nested groups e.g. when base has uppercase or extraneous spaces. !3217
 - [FIXED] Geo: read-only safeguards was not working on Secondary node. !3227
 - [FIXED] fix height of rebase and approve buttons.