diff options
author | Lin Jen-Shin <godfat@godfat.org> | 2017-05-05 10:16:44 +0000 |
---|---|---|
committer | Lin Jen-Shin <godfat@godfat.org> | 2017-05-05 10:16:44 +0000 |
commit | 4f72e7c60268e8189d380754b7615fc399da568e (patch) | |
tree | 2b60ed6f8c2ecb338075d8db1e89661bb9f00819 | |
parent | 6fbc96bf0e6b5b462970a0946fa6ff07599afdbf (diff) | |
download | gitlab-ce-4f72e7c60268e8189d380754b7615fc399da568e.tar.gz |
Update CHANGELOG.md for 9.0.7
[ci skip]
10 files changed, 12 insertions, 36 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 113af7184c7..406507aede0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,18 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 9.0.7 (2017-05-05) + +- Enforce project features when searching blobs and wikis. +- Fixed branches dropdown rendering branch names as HTML. +- Make Asciidoc & other markup go through pipeline to prevent XSS. +- Validate URLs in markdown using URI to detect the host correctly. +- Fix for XSS in project import view caused by Hamlit filter usage. +- Sanitize submodule URLs before linking to them in the file tree view. +- Refactor snippets finder & dont return internal snippets for external users. +- Fix snippets visibility for show action - external users can not see internal snippets. +- Do not show private groups on subgroups page if user doesn't have access to. + ## 9.0.6 (2017-04-21) - Bugfix: POST /projects/:id/hooks and PUT /projects/:id/hook/:hook_id no longer ignore the the job_events param in the V4 API. !10586 diff --git a/changelogs/unreleased/31157-respect-project-features-in-wiki-search.yml b/changelogs/unreleased/31157-respect-project-features-in-wiki-search.yml deleted file mode 100644 index 721bb435a2e..00000000000 --- a/changelogs/unreleased/31157-respect-project-features-in-wiki-search.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: Enforce project features when searching blobs and wikis -merge_request: -author: diff --git a/changelogs/unreleased/branch-name-escape.yml b/changelogs/unreleased/branch-name-escape.yml deleted file mode 100644 index bf46235fd79..00000000000 --- a/changelogs/unreleased/branch-name-escape.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: Fixed branches dropdown rendering branch names as HTML -merge_request: -author: diff --git a/changelogs/unreleased/bvl-markup-pipeline.yml b/changelogs/unreleased/bvl-markup-pipeline.yml deleted file mode 100644 index d73bad03340..00000000000 --- a/changelogs/unreleased/bvl-markup-pipeline.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: Make Asciidoc & other markup go through pipeline to prevent XSS -merge_request: -author: diff --git a/changelogs/unreleased/bvl-validate-urls-in-markdown-using-uri.yml b/changelogs/unreleased/bvl-validate-urls-in-markdown-using-uri.yml deleted file mode 100644 index 03c4e531d73..00000000000 --- a/changelogs/unreleased/bvl-validate-urls-in-markdown-using-uri.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: Validate URLs in markdown using URI to detect the host correctly -merge_request: -author: diff --git a/changelogs/unreleased/hamlit-xss-fix.yml b/changelogs/unreleased/hamlit-xss-fix.yml deleted file mode 100644 index ba4713846e9..00000000000 --- a/changelogs/unreleased/hamlit-xss-fix.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: Fix for XSS in project import view caused by Hamlit filter usage. -merge_request: -author: diff --git a/changelogs/unreleased/rs-sanitize-submodule-urls.yml b/changelogs/unreleased/rs-sanitize-submodule-urls.yml deleted file mode 100644 index 463b3695687..00000000000 --- a/changelogs/unreleased/rs-sanitize-submodule-urls.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: Sanitize submodule URLs before linking to them in the file tree view -merge_request: -author: diff --git a/changelogs/unreleased/snippets-finder-visibility.yml b/changelogs/unreleased/snippets-finder-visibility.yml deleted file mode 100644 index fde2262cc8d..00000000000 --- a/changelogs/unreleased/snippets-finder-visibility.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: Refactor snippets finder & dont return internal snippets for external users -merge_request: -author: diff --git a/changelogs/unreleased/snippets_visibility.yml b/changelogs/unreleased/snippets_visibility.yml deleted file mode 100644 index 4c10c6882ab..00000000000 --- a/changelogs/unreleased/snippets_visibility.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: Fix snippets visibility for show action - external users can not see internal snippets -merge_request: -author: diff --git a/changelogs/unreleased/tc-fix-private-subgroups-shown.yml b/changelogs/unreleased/tc-fix-private-subgroups-shown.yml deleted file mode 100644 index 82e03921854..00000000000 --- a/changelogs/unreleased/tc-fix-private-subgroups-shown.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: "Do not show private groups on subgroups page if user doesn't have access to" -merge_request: -author: |