diff options
| author | Stan Hu <stanhu@gmail.com> | 2018-02-07 13:42:12 -0800 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2018-02-07 13:42:12 -0800 |
| commit | 463957f5ccaf15c8675ba88facdf75f3c9a0fa4e (patch) | |
| tree | 3b999834f72cc791f71f318291aead65cb7d17ba | |
| parent | 071b0ef35ce8e97cbdceb379e3e70a1722badca1 (diff) | |
| parent | e98e229bd2434b92863193e958c354ac30d8e5ba (diff) | |
| download | gitlab-ce-463957f5ccaf15c8675ba88facdf75f3c9a0fa4e.tar.gz | |
Merge remote-tracking branch 'dev/master'
| -rw-r--r-- | CHANGELOG.md | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 11998bb2bb2..9ad603fdc75 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -435,6 +435,16 @@ entry. - Clean up schema of the "merge_requests" table. +## 10.2.8 (2018-02-07) + +### Security (4 changes) + +- Fix namespace access issue for GitHub, BitBucket, and GitLab.com project importers. +- Fix stored XSS in code blocks that ignore highlighting. +- Fix wilcard protected tags protecting all branches. +- Restrict Todo API mark_as_done endpoint to the user's todos only. + + ## 10.2.7 (2018-01-18) - No changes. |