diff options
author | DJ Mountney <david@twkie.net> | 2017-04-05 17:57:30 -0700 |
---|---|---|
committer | DJ Mountney <david@twkie.net> | 2017-04-05 17:57:30 -0700 |
commit | 9df1f13eec338d5721aee2cb0c1f90a5dab91e3f (patch) | |
tree | e0a6d081782855a25de60053683064a6e75c2d84 | |
parent | 1c5009926dd17b12c5936f9d40e790fbba3aca12 (diff) | |
download | gitlab-ce-9df1f13eec338d5721aee2cb0c1f90a5dab91e3f.tar.gz |
Update CHANGELOG.md for 8.17.5
[ci skip]
-rw-r--r-- | CHANGELOG.md | 8 | ||||
-rw-r--r-- | changelogs/unreleased/29364-private-projects-mr-fix.yml | 4 | ||||
-rw-r--r-- | changelogs/unreleased/30125-markdown-security.yml | 4 | ||||
-rw-r--r-- | changelogs/unreleased/file-import-export-path-disclosure.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/open-redirect-continue-params.yml | 4 | ||||
-rw-r--r-- | changelogs/unreleased/open-redirect-host-field.yml | 4 |
6 files changed, 8 insertions, 21 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 27d887e8f59..266c8a40c11 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,14 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 8.17.5 (2017-04-05) + +- Don’t show source project name when user does not have access. +- Remove the class attribute from the whitelist for HTML generated from Markdown. +- Fix path disclosure in project import/export. +- Fix for open redirect vulnerability using continue[to] in URL when requesting project import status. +- Fix for open redirect vulnerabilities in todos, issues, and MR controllers. + ## 8.17.4 (2017-03-19) - Only show public emails in atom feeds. diff --git a/changelogs/unreleased/29364-private-projects-mr-fix.yml b/changelogs/unreleased/29364-private-projects-mr-fix.yml deleted file mode 100644 index ab93d6f337b..00000000000 --- a/changelogs/unreleased/29364-private-projects-mr-fix.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: Don’t show source project name when user does not have access -merge_request: -author: diff --git a/changelogs/unreleased/30125-markdown-security.yml b/changelogs/unreleased/30125-markdown-security.yml deleted file mode 100644 index b766caf7d08..00000000000 --- a/changelogs/unreleased/30125-markdown-security.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: Remove the class attribute from the whitelist for HTML generated from Markdown. -merge_request: -author: diff --git a/changelogs/unreleased/file-import-export-path-disclosure.yml b/changelogs/unreleased/file-import-export-path-disclosure.yml deleted file mode 100644 index 1a297d07187..00000000000 --- a/changelogs/unreleased/file-import-export-path-disclosure.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix path disclosure in project import/export -merge_request: -author: - diff --git a/changelogs/unreleased/open-redirect-continue-params.yml b/changelogs/unreleased/open-redirect-continue-params.yml deleted file mode 100644 index def3bc7d929..00000000000 --- a/changelogs/unreleased/open-redirect-continue-params.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: Fix for open redirect vulnerability using continue[to] in URL when requesting project import status. -merge_request: -author: diff --git a/changelogs/unreleased/open-redirect-host-field.yml b/changelogs/unreleased/open-redirect-host-field.yml deleted file mode 100644 index bed4b47cf04..00000000000 --- a/changelogs/unreleased/open-redirect-host-field.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: Fix for open redirect vulnerabilities in todos, issues, and MR controllers. -merge_request: -author: |