diff options
author | Michael Kozono <mkozono@gmail.com> | 2017-12-08 14:05:17 -0800 |
---|---|---|
committer | Michael Kozono <mkozono@gmail.com> | 2017-12-08 14:05:17 -0800 |
commit | 0f811675706ad79129eb8251983de073e190f55a (patch) | |
tree | 8c4a4db2c403084f5d0e203d6c295eb021640a55 | |
parent | f4fbe61a9e073d8e49b0e8104961b2556ce3ac05 (diff) | |
download | gitlab-ce-0f811675706ad79129eb8251983de073e190f55a.tar.gz |
Manually add 10.2.4 changelog entries
-rw-r--r-- | CHANGELOG.md | 11 | ||||
-rw-r--r-- | changelogs/unreleased/bvl-email-disclosure.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/issue_30663.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/rs-security-group-api.yml | 5 |
4 files changed, 11 insertions, 15 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 6088a1b3515..78f8e457c70 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 10.2.4 (2017-12-08) + +### Security (4 changes) + +- Fix e-mail address disclosure through member search fields +- Prevent creating issues through API when user does not have permissions +- Prevent an information disclosure in the Groups API +- Fix user without access to private Wiki being able to see it on the project page +- Fix Cross-Site Scripting (XSS) vulnerability while editing a comment + + ## 10.2.3 (2017-11-30) ### Fixed (7 changes) diff --git a/changelogs/unreleased/bvl-email-disclosure.yml b/changelogs/unreleased/bvl-email-disclosure.yml deleted file mode 100644 index d6cd8709d9f..00000000000 --- a/changelogs/unreleased/bvl-email-disclosure.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Don't match partial email adresses -merge_request: 2227 -author: -type: security diff --git a/changelogs/unreleased/issue_30663.yml b/changelogs/unreleased/issue_30663.yml deleted file mode 100644 index b20ed6a82e7..00000000000 --- a/changelogs/unreleased/issue_30663.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent creating issues through API when user does not have permissions -merge_request: -author: -type: security diff --git a/changelogs/unreleased/rs-security-group-api.yml b/changelogs/unreleased/rs-security-group-api.yml deleted file mode 100644 index 34a39ddd6dc..00000000000 --- a/changelogs/unreleased/rs-security-group-api.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent an information disclosure in the Groups API -merge_request: -author: -type: security |