diff options
| author | Winnie Hellmann <winnie@gitlab.com> | 2017-12-13 14:14:06 +0100 |
|---|---|---|
| committer | Winnie Hellmann <winnie@gitlab.com> | 2017-12-13 14:29:38 +0100 |
| commit | d8322ba4528e998d397077e7c49c494374e46260 (patch) | |
| tree | 3d22d0dd6f5e76f347eba57a0ad80ce947f33df3 | |
| parent | 716962be5985437e9ccb8f10e092ec7bdbbdcca6 (diff) | |
| download | gitlab-ce-winh-10-0-changelog-entries-docs.tar.gz | |
Add changelog entries for 10.0.7winh-10-0-changelog-entries-docs
| -rw-r--r-- | CHANGELOG.md | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index c8a362631da..4f93c13d72d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 10.0.7 (2017-12-07) + +### Security (5 changes) + +- Fix e-mail address disclosure through member search fields +- Prevent creating issues through API when user does not have permissions +- Prevent an information disclosure in the Groups API +- Fix user without access to private Wiki being able to see it on the project page +- Fix Cross-Site Scripting (XSS) vulnerability while editing a comment + + ## 10.0.6 (2017-11-08) - [SECURITY] Add X-Content-Type-Options header in API responses to make it more difficult to find other vulnerabilities. |