diff options
author | Robert Speicher <rspeicher@gmail.com> | 2016-04-27 13:12:19 -0400 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2016-04-27 13:12:19 -0400 |
commit | d2d36d5e1c80b095b1768dca6b1443e43ba850a4 (patch) | |
tree | 7ecd44f6dc1e07c75d0aca0ae4079ea654a7c3b9 | |
parent | f50306a7b15035bf73ba45c2f0d754de5e33631b (diff) | |
download | gitlab-ce-d2d36d5e1c80b095b1768dca6b1443e43ba850a4.tar.gz |
Update CHANGELOG for 8.7.1 security patches
[ci skip]
-rw-r--r-- | CHANGELOG | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG index abdbcbea88f..d1607e1e906 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -3,6 +3,17 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.8.0 (unreleased) v 8.7.1 (unreleased) + - Prevent privilege escalation via "impersonate" feature + - Prevent privilege escalation via notes API + - Prevent privilege escalation via project webhook API + - Prevent XSS via Git branch and tag names + - Prevent XSS via custom issue tracker URL + - Prevent XSS via `window.opener` + - Prevent XSS via label drop-down + - Prevent information disclosure via milestone API + - Prevent information disclosure via snippet API + - Prevent information disclosure via project labels + - Prevent information disclosure via new merge request page - Use the `can?` helper instead of `current_user.can?` - Fix .gitlab-ci.yml parsing issue when hidde job is a template without script definition. !3849 - Fix license detection to detect all license files, not only known licenses. !3878 |