diff options
| author | Robert Speicher <rspeicher@gmail.com> | 2019-03-28 15:19:39 +0100 |
|---|---|---|
| committer | Robert Speicher <rspeicher@gmail.com> | 2019-03-28 15:19:39 +0100 |
| commit | 085863254f2a65555ef75c3f89277c6273fa9abe (patch) | |
| tree | 5cac6607cd172a4f6b92a3fdb92390aee2578d58 | |
| parent | be9e4975b4bdd5d7fc1ec653ad2428c7756267d2 (diff) | |
| download | gitlab-ce-085863254f2a65555ef75c3f89277c6273fa9abe.tar.gz | |
Revert "Update CHANGELOG.md for 11.7.9"
This reverts commit 136cc1324f2142b6e35db673d8ab1683c2da8d8d.
8 files changed, 36 insertions, 10 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 12e8af16110..9100cfea315 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,16 +4,7 @@ entry. ## 11.7.9 (2019-03-27) -### Security (7 changes) - -- Disallow guest users from accessing Releases. -- Fix PDF.js vulnerability. -- Hide "related branches" when user does not have permission. -- Fix XSS in resolve conflicts form. -- Added rake task for removing EXIF data from existing uploads. -- Disallow updating namespace when updating a project. -- Use UntrustedRegexp for matching refs policy. - +- Unreleased due to QA failure. ## 11.7.8 (2019-03-26) diff --git a/changelogs/unreleased/disallow-guests-to-access-releases.yml b/changelogs/unreleased/disallow-guests-to-access-releases.yml new file mode 100644 index 00000000000..f2d518108d2 --- /dev/null +++ b/changelogs/unreleased/disallow-guests-to-access-releases.yml @@ -0,0 +1,5 @@ +--- +title: Disallow guest users from accessing Releases +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-55503-fix-pdf-js-vulnerability.yml b/changelogs/unreleased/security-55503-fix-pdf-js-vulnerability.yml new file mode 100644 index 00000000000..e5d0cd4fee1 --- /dev/null +++ b/changelogs/unreleased/security-55503-fix-pdf-js-vulnerability.yml @@ -0,0 +1,5 @@ +--- +title: Fix PDF.js vulnerability +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-56224.yml b/changelogs/unreleased/security-56224.yml new file mode 100644 index 00000000000..a4e274e6ca5 --- /dev/null +++ b/changelogs/unreleased/security-56224.yml @@ -0,0 +1,5 @@ +--- +title: Hide "related branches" when user does not have permission +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-56927-xss-resolve-conflicts-branch-name.yml b/changelogs/unreleased/security-56927-xss-resolve-conflicts-branch-name.yml new file mode 100644 index 00000000000..f92d2c0dcb1 --- /dev/null +++ b/changelogs/unreleased/security-56927-xss-resolve-conflicts-branch-name.yml @@ -0,0 +1,5 @@ +--- +title: Fix XSS in resolve conflicts form +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-exif-migration.yml b/changelogs/unreleased/security-exif-migration.yml new file mode 100644 index 00000000000..cc529099df5 --- /dev/null +++ b/changelogs/unreleased/security-exif-migration.yml @@ -0,0 +1,5 @@ +--- +title: Added rake task for removing EXIF data from existing uploads. +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-mass-assignment-on-project-update.yml b/changelogs/unreleased/security-mass-assignment-on-project-update.yml new file mode 100644 index 00000000000..93561cd91b3 --- /dev/null +++ b/changelogs/unreleased/security-mass-assignment-on-project-update.yml @@ -0,0 +1,5 @@ +--- +title: Disallow updating namespace when updating a project +merge_request: +author: +type: security diff --git a/changelogs/unreleased/use-untrusted-regexp.yml b/changelogs/unreleased/use-untrusted-regexp.yml new file mode 100644 index 00000000000..dd7f1bcaca1 --- /dev/null +++ b/changelogs/unreleased/use-untrusted-regexp.yml @@ -0,0 +1,5 @@ +--- +title: Use UntrustedRegexp for matching refs policy +merge_request: +author: +type: security |