diff options
author | Alessio Caiazza <acaiazza@gitlab.com> | 2018-06-21 18:11:05 +0200 |
---|---|---|
committer | Alessio Caiazza <acaiazza@gitlab.com> | 2018-06-21 18:11:05 +0200 |
commit | a19d0d4114b1e1a9b7ecb46a7945ee895ac7193f (patch) | |
tree | 1e354fd88454ea104572d9723d4426f1892e7edf | |
parent | eec34137ec594da1291c68d9a4367d39f151a061 (diff) | |
download | gitlab-ce-a19d0d4114b1e1a9b7ecb46a7945ee895ac7193f.tar.gz |
Update CHANGELOG.md for 10.7.6
[ci skip]
8 files changed, 16 insertions, 35 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 78b351bde4a..f0300f4dd22 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,22 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 10.7.6 (2018-06-21) + +### Security (6 changes) + +- Fix XSS vulnerability for table of content generation. +- Update sanitize gem to 4.6.5 to fix HTML injection vulnerability. +- HTML escape branch name in project graphs page. +- HTML escape the name of the user in ProjectsHelper#link_to_member. +- Don't show events from internal projects for anonymous users in public feed. +- XSS fix to use safe_params instead of params in url_for helpers. + +### Other (1 change) + +- Replacing gollum libraries for gitlab custom libs. !18343 + + ## 10.7.5 (2018-05-28) ### Security (3 changes) diff --git a/changelogs/unreleased/fj-change-gollum-gems-to-custom-ones.yml b/changelogs/unreleased/fj-change-gollum-gems-to-custom-ones.yml deleted file mode 100644 index 53883e8d907..00000000000 --- a/changelogs/unreleased/fj-change-gollum-gems-to-custom-ones.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Replacing gollum libraries for gitlab custom libs -merge_request: 18343 -author: -type: other diff --git a/changelogs/unreleased/security-2682-fix-xss-for-markdown-toc.yml b/changelogs/unreleased/security-2682-fix-xss-for-markdown-toc.yml deleted file mode 100644 index f595678c3c2..00000000000 --- a/changelogs/unreleased/security-2682-fix-xss-for-markdown-toc.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix XSS vulnerability for table of content generation -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fj-bumping-sanitize-gem.yml b/changelogs/unreleased/security-fj-bumping-sanitize-gem.yml deleted file mode 100644 index bec1033425d..00000000000 --- a/changelogs/unreleased/security-fj-bumping-sanitize-gem.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Update sanitize gem to 4.6.5 to fix HTML injection vulnerability -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-html_escape_branch_name.yml b/changelogs/unreleased/security-html_escape_branch_name.yml deleted file mode 100644 index 02d1065348f..00000000000 --- a/changelogs/unreleased/security-html_escape_branch_name.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: HTML escape branch name in project graphs page -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-html_escape_usernames.yml b/changelogs/unreleased/security-html_escape_usernames.yml deleted file mode 100644 index 7e69e4ae266..00000000000 --- a/changelogs/unreleased/security-html_escape_usernames.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: HTML escape the name of the user in ProjectsHelper#link_to_member -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-rd-do-not-show-internal-info-in-public-feed.yml b/changelogs/unreleased/security-rd-do-not-show-internal-info-in-public-feed.yml deleted file mode 100644 index ff78c162dff..00000000000 --- a/changelogs/unreleased/security-rd-do-not-show-internal-info-in-public-feed.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Don't show events from internal projects for anonymous users in public feed -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-xss-fix.yml b/changelogs/unreleased/security-xss-fix.yml deleted file mode 100644 index 4db87636579..00000000000 --- a/changelogs/unreleased/security-xss-fix.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: XSS fix to use safe_params instead of params in url_for helpers -merge_request: -author: -type: security |