GitLab steht Mittwoch, den 08. Juli, zwischen 09:00 und 13:00 Uhr aufgrund von Wartungsarbeiten nicht zur Verfügung.

Update CHANGELOG.md for 11.8.1

[ci skip]
parent ea9734fa
......@@ -2,6 +2,33 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 11.8.1 (2019-02-28)
### Security (21 changes)
- Stop linking to unrecognized package sources. !55518
- Don't allow non-members to see private related MRs.
- Do not display impersonated sessions under active sessions and remove ability to revoke session.
- Display only information visible to current user on the Milestone page.
- Show only merge requests visible to user on milestone detail page.
- Disable issue boards API when issues are disabled.
- Don't show new issue link after move when a user does not have permissions.
- Fix git clone revealing private repo's presence.
- Fix blind SSRF in Prometheus integration by checking URL before querying.
- Check snippet attached file to be moved is within designated directory.
- Check if desired milestone for an issue is available.
- Fix arbitrary file read via diffs during import.
- Display the correct number of MRs a user has access to.
- Forbid creating discussions for users with restricted access.
- Do not disclose milestone titles for unauthorized users.
- Validate session key when authorizing with GCP to create a cluster.
- Block local URLs for Kubernetes integration.
- Limit mermaid rendering to 5K characters.
- Remove the possibility to share a project with a group that a user is not a member of.
- Fix leaking private repository information in API.
- Prevent releases links API to leak tag existance.
## 11.8.0 (2019-02-22)
### Security (7 changes, 1 of them is from the community)
......
---
title: Remove the possibility to share a project with a group that a user is not a member
of
merge_request:
author:
type: security
---
title: Check if desired milestone for an issue is available
merge_request:
author:
type: security
---
title: Do not display impersonated sessions under active sessions and remove ability
to revoke session
merge_request:
author:
type: security
---
title: Display only information visible to current user on the Milestone page
merge_request:
author:
type: security
---
title: Show only merge requests visible to user on milestone detail page
merge_request:
author:
type: security
---
title: Disable issue boards API when issues are disabled
merge_request:
author:
type: security
---
title: Don't show new issue link after move when a user does not have permissions
merge_request:
author:
type: security
---
title: Fix git clone revealing private repo's presence
merge_request:
author:
type: security
---
title: Fix blind SSRF in Prometheus integration by checking URL before querying
merge_request:
author:
type: security
---
title: Check snippet attached file to be moved is within designated directory
merge_request:
author:
type: security
---
title: Don't allow non-members to see private related MRs.
merge_request:
author:
type: security
---
title: Fix arbitrary file read via diffs during import
merge_request:
author:
type: security
---
title: Display the correct number of MRs a user has access to
merge_request:
author:
type: security
---
title: Forbid creating discussions for users with restricted access
merge_request:
author:
type: security
---
title: Do not disclose milestone titles for unauthorized users
merge_request:
author:
type: security
---
title: Validate session key when authorizing with GCP to create a cluster
merge_request:
author:
type: security
---
title: Block local URLs for Kubernetes integration
merge_request:
author:
type: security
---
title: Limit mermaid rendering to 5K characters
merge_request:
author:
type: security
---
title: Stop linking to unrecognized package sources
merge_request: 55518
author:
type: security
---
title: Fix leaking private repository information in API
merge_request:
author:
type: security
---
title: Prevent releases links API to leak tag existance
merge_request:
author:
type: security
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment