summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Release Tools Bot <robert+release-tools@gitlab.com>2019-02-28 12:57:35 +0000
committerGitLab Release Tools Bot <robert+release-tools@gitlab.com>2019-02-28 12:57:35 +0000
commit75da2f5eeab819be52de9bfdbbc5dc99ece786ef (patch)
treec78dcb0181548ec2cda781bcf60d935797181dae
parenta94c885203ef4ce8ec7ccea8ad0a1339252d2588 (diff)
downloadgitlab-ce-75da2f5eeab819be52de9bfdbbc5dc99ece786ef.tar.gz
Update CHANGELOG.md for 11.7.6
[ci skip]
Diffstat
-rw-r--r--CHANGELOG.md28
-rw-r--r--changelogs/unreleased/2802-security-add-public-internal-groups-as-members-to-your-project-idor.yml6
-rw-r--r--changelogs/unreleased/51971-milestones-visibility.yml5
-rw-r--r--changelogs/unreleased/57227-absolute-uri-missing-hierarchical-segment.yml5
-rw-r--r--changelogs/unreleased/57534_filter_impersonated_sessions.yml6
-rw-r--r--changelogs/unreleased/security-2774-milestones-detail.yml5
-rw-r--r--changelogs/unreleased/security-2797-milestone-mrs.yml5
-rw-r--r--changelogs/unreleased/security-2798-fix-boards-policy.yml5
-rw-r--r--changelogs/unreleased/security-2799-emails.yml5
-rw-r--r--changelogs/unreleased/security-50334.yml5
-rw-r--r--changelogs/unreleased/security-55468-check-validity-before-querying.yml5
-rw-r--r--changelogs/unreleased/security-56348.yml5
-rw-r--r--changelogs/unreleased/security-commit-private-related-mr.yml5
-rw-r--r--changelogs/unreleased/security-fj-diff-import-file-read-fix.yml5
-rw-r--r--changelogs/unreleased/security-id-fix-mr-visibility.yml5
-rw-r--r--changelogs/unreleased/security-id-restricted-access-to-private-repo.yml5
-rw-r--r--changelogs/unreleased/security-issue_54789_2.yml5
-rw-r--r--changelogs/unreleased/security-kubernetes-google-login-csrf.yml5
-rw-r--r--changelogs/unreleased/security-kubernetes-local-ssrf.yml5
-rw-r--r--changelogs/unreleased/security-mermaid.yml5
-rw-r--r--changelogs/unreleased/security-osw-stop-linking-to-packages.yml5
-rw-r--r--changelogs/unreleased/security-protect-private-repo-information.yml5
-rw-r--r--changelogs/unreleased/security-tags-oracle.yml5
23 files changed, 28 insertions, 112 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8890a829325..72534f659bb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,34 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 11.7.6 (2019-02-28)
+
+### Security (22 changes)
+
+- Stop linking to unrecognized package sources. !55518
+- Don't allow non-members to see private related MRs.
+- Fix potential Addressable::URI::InvalidURIError.
+- Do not display impersonated sessions under active sessions and remove ability to revoke session.
+- Display only information visible to current user on the Milestone page.
+- Show only merge requests visible to user on milestone detail page.
+- Disable issue boards API when issues are disabled.
+- Don't show new issue link after move when a user does not have permissions.
+- Fix git clone revealing private repo's presence.
+- Fix blind SSRF in Prometheus integration by checking URL before querying.
+- Check snippet attached file to be moved is within designated directory.
+- Check if desired milestone for an issue is available.
+- Fix arbitrary file read via diffs during import.
+- Display the correct number of MRs a user has access to.
+- Forbid creating discussions for users with restricted access.
+- Do not disclose milestone titles for unauthorized users.
+- Validate session key when authorizing with GCP to create a cluster.
+- Block local URLs for Kubernetes integration.
+- Limit mermaid rendering to 5K characters.
+- Remove the possibility to share a project with a group that a user is not a member of.
+- Fix leaking private repository information in API.
+- Prevent releases links API to leak tag existance.
+
+
## 11.7.5 (2019-02-06)
### Fixed (8 changes)
diff --git a/changelogs/unreleased/2802-security-add-public-internal-groups-as-members-to-your-project-idor.yml b/changelogs/unreleased/2802-security-add-public-internal-groups-as-members-to-your-project-idor.yml
deleted file mode 100644
index 27ad151cd06..00000000000
--- a/changelogs/unreleased/2802-security-add-public-internal-groups-as-members-to-your-project-idor.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-title: Remove the possibility to share a project with a group that a user is not a member
- of
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/51971-milestones-visibility.yml b/changelogs/unreleased/51971-milestones-visibility.yml
deleted file mode 100644
index 818f0071e6c..00000000000
--- a/changelogs/unreleased/51971-milestones-visibility.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Check if desired milestone for an issue is available
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/57227-absolute-uri-missing-hierarchical-segment.yml b/changelogs/unreleased/57227-absolute-uri-missing-hierarchical-segment.yml
deleted file mode 100644
index 3dcb3e9eb4b..00000000000
--- a/changelogs/unreleased/57227-absolute-uri-missing-hierarchical-segment.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix potential Addressable::URI::InvalidURIError
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/57534_filter_impersonated_sessions.yml b/changelogs/unreleased/57534_filter_impersonated_sessions.yml
deleted file mode 100644
index 80aea0ab1bc..00000000000
--- a/changelogs/unreleased/57534_filter_impersonated_sessions.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-title: Do not display impersonated sessions under active sessions and remove ability
- to revoke session
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-2774-milestones-detail.yml b/changelogs/unreleased/security-2774-milestones-detail.yml
deleted file mode 100644
index faf56fee01e..00000000000
--- a/changelogs/unreleased/security-2774-milestones-detail.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Display only information visible to current user on the Milestone page
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-2797-milestone-mrs.yml b/changelogs/unreleased/security-2797-milestone-mrs.yml
deleted file mode 100644
index 5bb104ec403..00000000000
--- a/changelogs/unreleased/security-2797-milestone-mrs.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Show only merge requests visible to user on milestone detail page
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-2798-fix-boards-policy.yml b/changelogs/unreleased/security-2798-fix-boards-policy.yml
deleted file mode 100644
index 10e8ac3a787..00000000000
--- a/changelogs/unreleased/security-2798-fix-boards-policy.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Disable issue boards API when issues are disabled
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-2799-emails.yml b/changelogs/unreleased/security-2799-emails.yml
deleted file mode 100644
index dbf1207810e..00000000000
--- a/changelogs/unreleased/security-2799-emails.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Don't show new issue link after move when a user does not have permissions
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-50334.yml b/changelogs/unreleased/security-50334.yml
deleted file mode 100644
index 828ef82b517..00000000000
--- a/changelogs/unreleased/security-50334.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix git clone revealing private repo's presence
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-55468-check-validity-before-querying.yml b/changelogs/unreleased/security-55468-check-validity-before-querying.yml
deleted file mode 100644
index 8bb11a97f52..00000000000
--- a/changelogs/unreleased/security-55468-check-validity-before-querying.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix blind SSRF in Prometheus integration by checking URL before querying
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-56348.yml b/changelogs/unreleased/security-56348.yml
deleted file mode 100644
index a289e4e9077..00000000000
--- a/changelogs/unreleased/security-56348.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Check snippet attached file to be moved is within designated directory
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-commit-private-related-mr.yml b/changelogs/unreleased/security-commit-private-related-mr.yml
deleted file mode 100644
index c4de200b0d8..00000000000
--- a/changelogs/unreleased/security-commit-private-related-mr.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Don't allow non-members to see private related MRs.
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fj-diff-import-file-read-fix.yml b/changelogs/unreleased/security-fj-diff-import-file-read-fix.yml
deleted file mode 100644
index e98d4e89712..00000000000
--- a/changelogs/unreleased/security-fj-diff-import-file-read-fix.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix arbitrary file read via diffs during import
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-id-fix-mr-visibility.yml b/changelogs/unreleased/security-id-fix-mr-visibility.yml
deleted file mode 100644
index 8f41d191acc..00000000000
--- a/changelogs/unreleased/security-id-fix-mr-visibility.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Display the correct number of MRs a user has access to
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-id-restricted-access-to-private-repo.yml b/changelogs/unreleased/security-id-restricted-access-to-private-repo.yml
deleted file mode 100644
index 7d7478d297b..00000000000
--- a/changelogs/unreleased/security-id-restricted-access-to-private-repo.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Forbid creating discussions for users with restricted access
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-issue_54789_2.yml b/changelogs/unreleased/security-issue_54789_2.yml
deleted file mode 100644
index 8ecb72a2ae3..00000000000
--- a/changelogs/unreleased/security-issue_54789_2.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Do not disclose milestone titles for unauthorized users
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-kubernetes-google-login-csrf.yml b/changelogs/unreleased/security-kubernetes-google-login-csrf.yml
deleted file mode 100644
index 2f87100a8dd..00000000000
--- a/changelogs/unreleased/security-kubernetes-google-login-csrf.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Validate session key when authorizing with GCP to create a cluster
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-kubernetes-local-ssrf.yml b/changelogs/unreleased/security-kubernetes-local-ssrf.yml
deleted file mode 100644
index 7a2ad092339..00000000000
--- a/changelogs/unreleased/security-kubernetes-local-ssrf.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Block local URLs for Kubernetes integration
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-mermaid.yml b/changelogs/unreleased/security-mermaid.yml
deleted file mode 100644
index ec42b5a1615..00000000000
--- a/changelogs/unreleased/security-mermaid.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Limit mermaid rendering to 5K characters
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-osw-stop-linking-to-packages.yml b/changelogs/unreleased/security-osw-stop-linking-to-packages.yml
deleted file mode 100644
index 078f06140fe..00000000000
--- a/changelogs/unreleased/security-osw-stop-linking-to-packages.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Stop linking to unrecognized package sources
-merge_request: 55518
-author:
-type: security
diff --git a/changelogs/unreleased/security-protect-private-repo-information.yml b/changelogs/unreleased/security-protect-private-repo-information.yml
deleted file mode 100644
index 8b1a528206d..00000000000
--- a/changelogs/unreleased/security-protect-private-repo-information.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix leaking private repository information in API
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-tags-oracle.yml b/changelogs/unreleased/security-tags-oracle.yml
deleted file mode 100644
index eb8ad6f646c..00000000000
--- a/changelogs/unreleased/security-tags-oracle.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent releases links API to leak tag existance
-merge_request:
-author:
-type: security
View Lorry Controller Status