diff options
author | DJ Mountney <david@twkie.net> | 2017-04-05 17:31:18 -0700 |
---|---|---|
committer | DJ Mountney <david@twkie.net> | 2017-04-05 17:31:18 -0700 |
commit | ca1a0a557fd4eea9bfa5a31b9ff9614be75c7434 (patch) | |
tree | 705a37ce33c952fe6fea37c70bbc575b36d1f5a7 | |
parent | c22e9d8b818d7fec96710a7deb47a84cbbbf41f0 (diff) | |
download | gitlab-ce-ca1a0a557fd4eea9bfa5a31b9ff9614be75c7434.tar.gz |
Update CHANGELOG.md for 9.0.4
[ci skip]
-rw-r--r-- | CHANGELOG.md | 8 | ||||
-rw-r--r-- | changelogs/unreleased/29364-private-projects-mr-fix.yml | 4 | ||||
-rw-r--r-- | changelogs/unreleased/30125-markdown-security.yml | 4 | ||||
-rw-r--r-- | changelogs/unreleased/file-import-export-path-disclosure.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/open-redirect-continue-params.yml | 4 | ||||
-rw-r--r-- | changelogs/unreleased/open-redirect-host-field.yml | 4 |
6 files changed, 8 insertions, 21 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 66de3993cb9..111a7d4f51c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,14 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 9.0.4 (2017-04-05) + +- Don’t show source project name when user does not have access. +- Remove the class attribute from the whitelist for HTML generated from Markdown. +- Fix path disclosure in project import/export. +- Fix for open redirect vulnerability using continue[to] in URL when requesting project import status. +- Fix for open redirect vulnerabilities in todos, issues, and MR controllers. + ## 9.0.3 (2017-04-05) - Fix name colision when importing GitHub pull requests from forked repositories. !9719 diff --git a/changelogs/unreleased/29364-private-projects-mr-fix.yml b/changelogs/unreleased/29364-private-projects-mr-fix.yml deleted file mode 100644 index ab93d6f337b..00000000000 --- a/changelogs/unreleased/29364-private-projects-mr-fix.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: Don’t show source project name when user does not have access -merge_request: -author: diff --git a/changelogs/unreleased/30125-markdown-security.yml b/changelogs/unreleased/30125-markdown-security.yml deleted file mode 100644 index b766caf7d08..00000000000 --- a/changelogs/unreleased/30125-markdown-security.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: Remove the class attribute from the whitelist for HTML generated from Markdown. -merge_request: -author: diff --git a/changelogs/unreleased/file-import-export-path-disclosure.yml b/changelogs/unreleased/file-import-export-path-disclosure.yml deleted file mode 100644 index 1a297d07187..00000000000 --- a/changelogs/unreleased/file-import-export-path-disclosure.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix path disclosure in project import/export -merge_request: -author: - diff --git a/changelogs/unreleased/open-redirect-continue-params.yml b/changelogs/unreleased/open-redirect-continue-params.yml deleted file mode 100644 index def3bc7d929..00000000000 --- a/changelogs/unreleased/open-redirect-continue-params.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: Fix for open redirect vulnerability using continue[to] in URL when requesting project import status. -merge_request: -author: diff --git a/changelogs/unreleased/open-redirect-host-field.yml b/changelogs/unreleased/open-redirect-host-field.yml deleted file mode 100644 index bed4b47cf04..00000000000 --- a/changelogs/unreleased/open-redirect-host-field.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: Fix for open redirect vulnerabilities in todos, issues, and MR controllers. -merge_request: -author: |