diff options
| author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2018-09-26 16:14:06 +0000 |
|---|---|---|
| committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2018-09-26 16:14:06 +0000 |
| commit | 28c5f36f03e439de68fb13608065416066b37990 (patch) | |
| tree | da6262a4b7fa0dcb2502960a4318ae2030a5b364 | |
| parent | d3951d6944f83bd542538b0c14c9271bd0789b67 (diff) | |
| download | gitlab-ce-28c5f36f03e439de68fb13608065416066b37990.tar.gz | |
Update CHANGELOG.md for 11.3.1
[ci skip]
7 files changed, 12 insertions, 30 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 2c884ac8f2e..f28fc433e5c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,18 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 11.3.1 (2018-09-26) + +### Security (6 changes) + +- Redact confidential events in the API. +- Set timeout for syntax highlighting. +- Sanitize JSON data properly to fix XSS on Issue details page. +- Fix stored XSS in merge requests from imported repository. +- Fix xss vulnerability sourced from package.json. +- Block loopback addresses in UrlBlocker. + + ## 11.3.0 (2018-09-22) ### Security (5 changes, 1 of them is from the community) diff --git a/changelogs/unreleased/fix-events-finder-incomplete.yml b/changelogs/unreleased/fix-events-finder-incomplete.yml deleted file mode 100644 index f3a4e421d33..00000000000 --- a/changelogs/unreleased/fix-events-finder-incomplete.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Redact confidential events in the API -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-2697-code-highlight-timeout.yml b/changelogs/unreleased/security-2697-code-highlight-timeout.yml deleted file mode 100644 index 66ad9ff822b..00000000000 --- a/changelogs/unreleased/security-2697-code-highlight-timeout.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Set timeout for syntax highlighting -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-acet-issue-details.yml b/changelogs/unreleased/security-acet-issue-details.yml deleted file mode 100644 index 64147a9d6e8..00000000000 --- a/changelogs/unreleased/security-acet-issue-details.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Sanitize JSON data properly to fix XSS on Issue details page -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fj-stored-xss-in-repository-imports.yml b/changelogs/unreleased/security-fj-stored-xss-in-repository-imports.yml deleted file mode 100644 index 7520aa624c7..00000000000 --- a/changelogs/unreleased/security-fj-stored-xss-in-repository-imports.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix stored XSS in merge requests from imported repository -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-package-json-xss.yml b/changelogs/unreleased/security-package-json-xss.yml deleted file mode 100644 index 6ab4854e44f..00000000000 --- a/changelogs/unreleased/security-package-json-xss.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix xss vulnerability sourced from package.json -merge_request: -author: -type: security diff --git a/changelogs/unreleased/sh-block-other-localhost.yml b/changelogs/unreleased/sh-block-other-localhost.yml deleted file mode 100644 index a6a41f0bd81..00000000000 --- a/changelogs/unreleased/sh-block-other-localhost.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Block loopback addresses in UrlBlocker -merge_request: -author: -type: security |