diff options
author | Alessio Caiazza <acaiazza@gitlab.com> | 2018-06-21 17:35:38 +0200 |
---|---|---|
committer | Alessio Caiazza <acaiazza@gitlab.com> | 2018-06-21 17:35:38 +0200 |
commit | 9b121f2d88a705feae1921f2135538aa113bb5f6 (patch) | |
tree | 077163b1259ad44455b094fc87510289e1fae98e | |
parent | 293ab280ec1c5017c947df1530ecb5d16aa39add (diff) | |
download | gitlab-ce-9b121f2d88a705feae1921f2135538aa113bb5f6.tar.gz |
Update CHANGELOG.md for 10.8.5
[ci skip]
6 files changed, 11 insertions, 25 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 487ee3f2b93..3d34ce51641 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 10.8.5 (2018-06-21) + +### Security (5 changes) + +- Fix XSS vulnerability for table of content generation. +- Update sanitize gem to 4.6.5 to fix HTML injection vulnerability. +- HTML escape branch name in project graphs page. +- HTML escape the name of the user in ProjectsHelper#link_to_member. +- Don't show events from internal projects for anonymous users in public feed. + + ## 10.8.4 (2018-06-06) - No changes. diff --git a/changelogs/unreleased/security-2682-fix-xss-for-markdown-toc.yml b/changelogs/unreleased/security-2682-fix-xss-for-markdown-toc.yml deleted file mode 100644 index f595678c3c2..00000000000 --- a/changelogs/unreleased/security-2682-fix-xss-for-markdown-toc.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix XSS vulnerability for table of content generation -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fj-bumping-sanitize-gem.yml b/changelogs/unreleased/security-fj-bumping-sanitize-gem.yml deleted file mode 100644 index bec1033425d..00000000000 --- a/changelogs/unreleased/security-fj-bumping-sanitize-gem.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Update sanitize gem to 4.6.5 to fix HTML injection vulnerability -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-html_escape_branch_name.yml b/changelogs/unreleased/security-html_escape_branch_name.yml deleted file mode 100644 index 02d1065348f..00000000000 --- a/changelogs/unreleased/security-html_escape_branch_name.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: HTML escape branch name in project graphs page -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-html_escape_usernames.yml b/changelogs/unreleased/security-html_escape_usernames.yml deleted file mode 100644 index 7e69e4ae266..00000000000 --- a/changelogs/unreleased/security-html_escape_usernames.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: HTML escape the name of the user in ProjectsHelper#link_to_member -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-rd-do-not-show-internal-info-in-public-feed.yml b/changelogs/unreleased/security-rd-do-not-show-internal-info-in-public-feed.yml deleted file mode 100644 index ff78c162dff..00000000000 --- a/changelogs/unreleased/security-rd-do-not-show-internal-info-in-public-feed.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Don't show events from internal projects for anonymous users in public feed -merge_request: -author: -type: security |