Commit ce010e24 authored by Stan Hu's avatar Stan Hu

Merge remote-tracking branch 'dev/master'

parents bd50198b 5bcb6f29
......@@ -203,6 +203,13 @@ Please view this file on the master branch, on stable branches it's out of date.
- Add border for epic edit button.
## 10.2.8 (2018-02-07)
### Security (1 change)
- Restrict LDAP API to admins only.
## 10.2.7 (2018-01-18)
- No changes.
......
......@@ -435,6 +435,16 @@ entry.
- Clean up schema of the "merge_requests" table.
## 10.2.8 (2018-02-07)
### Security (4 changes)
- Fix namespace access issue for GitHub, BitBucket, and GitLab.com project importers.
- Fix stored XSS in code blocks that ignore highlighting.
- Fix wilcard protected tags protecting all branches.
- Restrict Todo API mark_as_done endpoint to the user's todos only.
## 10.2.7 (2018-01-18)
- No changes.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment