diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-05-30 12:51:02 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-05-30 12:51:02 +0000 |
commit | 3c8b8ce843d97d6c1e61da3f6fd58aefe9f77cec (patch) | |
tree | c7afcfe633266a9418ba0fd8066944b95ca564de | |
parent | c8f8098daaeccb6c11c32ddb080826a671e3b665 (diff) | |
download | gitlab-ce-3c8b8ce843d97d6c1e61da3f6fd58aefe9f77cec.tar.gz |
Update CHANGELOG.md for 11.9.12
[ci skip]
13 files changed, 18 insertions, 60 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 30b649937d0..74393c6b1e5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,24 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 11.9.12 (2019-05-30) + +### Security (12 changes, 1 of them is from the community) + +- Protect Gitlab::HTTP against DNS rebinding attack. +- Fix project visibility level validation. (Peter Marko) +- Update Knative version. +- Add DNS rebinding protection settings. +- Prevent XSS injection in note imports. +- Prevent invalid branch for merge request. +- Filter relative links in wiki for XSS. +- Fix confidential issue label disclosure on milestone view. +- Fix url redaction for issue links. +- Resolve: Milestones leaked via search API. +- Prevent bypass of restriction disabling web password sign in. +- Hide confidential issue title on unsubscribe for anonymous users. + + ## 11.9.11 (2019-04-30) ### Security (1 change) diff --git a/changelogs/unreleased/dm-http-hostname-override.yml b/changelogs/unreleased/dm-http-hostname-override.yml deleted file mode 100644 index f84f36a0010..00000000000 --- a/changelogs/unreleased/dm-http-hostname-override.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Protect Gitlab::HTTP against DNS rebinding attack -merge_request: -author: -type: security diff --git a/changelogs/unreleased/fix-project-visibility-level-validation.yml b/changelogs/unreleased/fix-project-visibility-level-validation.yml deleted file mode 100644 index c58d3fc7311..00000000000 --- a/changelogs/unreleased/fix-project-visibility-level-validation.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix project visibility level validation -merge_request: -author: Peter Marko -type: security diff --git a/changelogs/unreleased/knative-0-5.yml b/changelogs/unreleased/knative-0-5.yml deleted file mode 100644 index 00690bfb2e5..00000000000 --- a/changelogs/unreleased/knative-0-5.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Update Knative version -merge_request: -author: -type: security diff --git a/changelogs/unreleased/osw-disable-dns-rebind-protection-settings-11-11.yml b/changelogs/unreleased/osw-disable-dns-rebind-protection-settings-11-11.yml deleted file mode 100644 index fc9a8bb8025..00000000000 --- a/changelogs/unreleased/osw-disable-dns-rebind-protection-settings-11-11.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add DNS rebinding protection settings -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-58856-persistent-xss-in-note-objects.yml b/changelogs/unreleased/security-58856-persistent-xss-in-note-objects.yml deleted file mode 100644 index d9ad5af256a..00000000000 --- a/changelogs/unreleased/security-58856-persistent-xss-in-note-objects.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent XSS injection in note imports -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-60039.yml b/changelogs/unreleased/security-60039.yml deleted file mode 100644 index 5edbf32ec97..00000000000 --- a/changelogs/unreleased/security-60039.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent invalid branch for merge request -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-60143-address-xss-issue-in-wiki-links.yml b/changelogs/unreleased/security-60143-address-xss-issue-in-wiki-links.yml deleted file mode 100644 index 5b79258af54..00000000000 --- a/changelogs/unreleased/security-60143-address-xss-issue-in-wiki-links.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Filter relative links in wiki for XSS -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fix-confidential-issue-label-visibility-master.yml b/changelogs/unreleased/security-fix-confidential-issue-label-visibility-master.yml deleted file mode 100644 index adfd8e1298f..00000000000 --- a/changelogs/unreleased/security-fix-confidential-issue-label-visibility-master.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix confidential issue label disclosure on milestone view -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fix-project-existence-disclosure-master.yml b/changelogs/unreleased/security-fix-project-existence-disclosure-master.yml deleted file mode 100644 index 084439c71d9..00000000000 --- a/changelogs/unreleased/security-fix-project-existence-disclosure-master.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix url redaction for issue links -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fix_milestones_search_api_leak.yml b/changelogs/unreleased/security-fix_milestones_search_api_leak.yml deleted file mode 100644 index 5691550b602..00000000000 --- a/changelogs/unreleased/security-fix_milestones_search_api_leak.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: 'Resolve: Milestones leaked via search API' -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-jej-prevent-web-sign-in-bypass.yml b/changelogs/unreleased/security-jej-prevent-web-sign-in-bypass.yml deleted file mode 100644 index 02773fa1d7c..00000000000 --- a/changelogs/unreleased/security-jej-prevent-web-sign-in-bypass.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent bypass of restriction disabling web password sign in -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-unsubscribing-from-issue.yml b/changelogs/unreleased/security-unsubscribing-from-issue.yml deleted file mode 100644 index 3a33a457c69..00000000000 --- a/changelogs/unreleased/security-unsubscribing-from-issue.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Hide confidential issue title on unsubscribe for anonymous users -merge_request: -author: -type: security |