Commit 47b04690 authored by Oswaldo Ferreira's avatar Oswaldo Ferreira

Update for 10.1.6

[ci skip]
parent 16855c8b
......@@ -474,6 +474,20 @@ entry.
- Add Gitaly metrics to the performance bar.
## 10.1.6 (2018-01-11)
### Security (8 changes, 1 of them is from the community)
- Fix writable shared deploy keys.
- Filter out sensitive fields from the project services API. (Robert Schilling)
- Fix RCE via project import mechanism.
- Prevent OAuth login POST requests when a provider has been disabled.
- Prevent a SQL injection in the MilestonesFinder.
- Check user authorization for source and target projects when creating a merge request.
- Fix path traversal in gitlab-ci.yml cache:key.
- Fix XSS vulnerability in pipeline job trace.
## 10.1.5 (2017-12-07)
### Security (5 changes)
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment